[pve-storage.git] / PVE / Storage / CephTools.pm

package PVE::Storage::CephTools;

use strict;
use warnings;
use Net::IP;
use PVE::Tools qw(run_command);

my $parse_ceph_file = sub {
    my ($filename) = @_;

    my $cfg = {};

    return $cfg if ! -f $filename;

    my $content = PVE::Tools::file_get_contents($filename);
    my @lines = split /\n/, $content;

    my $section;

    foreach my $line (@lines) {
	$line =~ s/[;#].*$//;
	$line =~ s/^\s+//;
	$line =~ s/\s+$//;
	next if !$line;

	$section = $1 if $line =~ m/^\[(\S+)\]$/;
	if (!$section) {
	    warn "no section - skip: $line\n";
	    next;
	}

	if ($line =~ m/^(.*?\S)\s*=\s*(\S.*)$/) {
	    $cfg->{$section}->{$1} = $2;
	}

    }

    return $cfg;
};

my $ceph_get_key = sub {
    my ($keyfile, $username) = @_;

    my $key = $parse_ceph_file->($keyfile);
    my $secret = $key->{"client.$username"}->{key};

    return $secret;
};

sub get_monaddr_list {
    my ($configfile) = shift;

    my $server;

    if (!defined($configfile)) {
	warn "No ceph config specified\n";
	return;
    }

    my $config = $parse_ceph_file->($configfile);
    @$server = sort map { $config->{$_}->{'mon addr'} } grep {/mon/} %{$config};

    return join(',', @$server);
};

sub hostlist {
    my ($list_text, $separator) = @_;

    my @monhostlist = PVE::Tools::split_list($list_text);
    return join($separator, map {
	my ($host, $port) = PVE::Tools::parse_host_and_port($_);
	$port = defined($port) ? ":$port" : '';
	$host = "[$host]" if Net::IP::ip_is_ipv6($host);
	"${host}${port}"
    } @monhostlist);
}

my $ceph_check_keyfile = sub {
    my ($filename, $type) = @_;

    return if ! -f $filename;

    my $content = PVE::Tools::file_get_contents($filename);
    eval {
	die if !$content;

	if ($type eq 'rbd') {
	    die if $content !~ /\s*\[\S+\]\s*key\s*=\s*\S+==\s*$/m;
	} elsif ($type eq 'cephfs') {
	    die if $content !~ /\S+==\s*$/;
	}
    };
    die "Not a proper $type authentication file: $filename\n" if $@;

    return undef;
};

sub ceph_connect_option {
    my ($scfg, $storeid, %options) = @_;

    my $cmd_option = {};
    my $ceph_storeid_conf = "/etc/pve/priv/ceph/${storeid}.conf";
    my $pveceph_config = '/etc/pve/ceph.conf';
    my $keyfile = "/etc/pve/priv/ceph/${storeid}.keyring";
    $keyfile = "/etc/pve/priv/ceph/${storeid}.secret" if ($scfg->{type} eq 'cephfs');
    my $pveceph_managed = !defined($scfg->{monhost});

    $cmd_option->{ceph_conf} = $pveceph_config if $pveceph_managed;

    $ceph_check_keyfile->($keyfile, $scfg->{type});

    if (-e $ceph_storeid_conf) {
	if ($pveceph_managed) {
	    warn "ignoring custom ceph config for storage '$storeid', 'monhost' is not set (assuming pveceph managed cluster)!\n";
	} else {
	    $cmd_option->{ceph_conf} = $ceph_storeid_conf;
	}
    }

    $cmd_option->{keyring} = $keyfile if (-e $keyfile);
    $cmd_option->{auth_supported} = (defined $cmd_option->{keyring}) ? 'cephx' : 'none';
    $cmd_option->{userid} =  $scfg->{username} ? $scfg->{username} : 'admin';
    $cmd_option->{mon_host} = hostlist($scfg->{monhost}, ',') if (defined($scfg->{monhost}));

    if (%options) {
	foreach my $k (keys %options) {
	    $cmd_option->{$k} = $options{$k};
	}
    }

    return $cmd_option;

}

sub ceph_create_keyfile {
    my ($type, $storeid) = @_;

    my $extension = 'keyring';
    $extension = 'secret' if ($type eq 'cephfs');

    my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";

    die "ceph authx keyring file for storage '$storeid' already exists!\n"
	if -e $ceph_storage_keyring;

    if (-e $ceph_admin_keyring) {
	eval {
	    if ($type eq 'rbd') {
		mkdir '/etc/pve/priv/ceph';
		PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
	    } elsif ($type eq 'cephfs') {
		my $secret = $ceph_get_key->($ceph_admin_keyring, 'admin');
		mkdir '/etc/pve/priv/ceph';
		PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400);
	   }
	};
	if (my $err = $@) {
	   unlink $ceph_storage_keyring;
	   die "failed to copy ceph authx $extension for storage '$storeid': $err\n";
	}
    } else {
	warn "$ceph_admin_keyring not found, authentication is disabled.\n";
    }
}

sub ceph_remove_keyfile {
    my ($type, $storeid) = @_;

    my $extension = 'keyring';
    $extension = 'secret' if ($type eq 'cephfs');
    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";

    if (-f $ceph_storage_keyring) {
	unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
    }
}

1;
Commit	Line	Data
9b7ba1db AA	1	package PVE::Storage::CephTools;
	2
	3	use strict;
	4	use warnings;
	5	use Net::IP;
	6	use PVE::Tools qw(run_command);
	7
e34ce144 AA	8	my $parse_ceph_file = sub {
	9	my ($filename) = @_;
	10
	11	my $cfg = {};
	12
	13	return $cfg if ! -f $filename;
	14
	15	my $content = PVE::Tools::file_get_contents($filename);
	16	my @lines = split /\n/, $content;
	17
	18	my $section;
	19
	20	foreach my $line (@lines) {
	21	$line =~ s/[;#].*$//;
	22	$line =~ s/^\s+//;
	23	$line =~ s/\s+$//;
	24	next if !$line;
	25
	26	$section = $1 if $line =~ m/^\[(\S+)\]$/;
	27	if (!$section) {
	28	warn "no section - skip: $line\n";
	29	next;
	30	}
	31
	32	if ($line =~ m/^(.?\S)\s=\s(\S.)$/) {
	33	$cfg->{$section}->{$1} = $2;
	34	}
	35
	36	}
	37
	38	return $cfg;
	39	};
	40
	41	my $ceph_get_key = sub {
	42	my ($keyfile, $username) = @_;
	43
	44	my $key = $parse_ceph_file->($keyfile);
	45	my $secret = $key->{"client.$username"}->{key};
	46
	47	return $secret;
	48	};
	49
	50	sub get_monaddr_list {
	51	my ($configfile) = shift;
	52
	53	my $server;
	54
	55	if (!defined($configfile)) {
	56	warn "No ceph config specified\n";
	57	return;
	58	}
	59
	60	my $config = $parse_ceph_file->($configfile);
	61	@$server = sort map { $config->{$_}->{'mon addr'} } grep {/mon/} %{$config};
	62
	63	return join(',', @$server);
	64	};
	65
9b7ba1db AA	66	sub hostlist {
	67	my ($list_text, $separator) = @_;
	68
	69	my @monhostlist = PVE::Tools::split_list($list_text);
	70	return join($separator, map {
	71	my ($host, $port) = PVE::Tools::parse_host_and_port($_);
	72	$port = defined($port) ? ":$port" : '';
	73	$host = "[$host]" if Net::IP::ip_is_ipv6($host);
	74	"${host}${port}"
	75	} @monhostlist);
	76	}
	77
5527c824 TL	78	my $ceph_check_keyfile = sub {
	79	my ($filename, $type) = @_;
	80
	81	return if ! -f $filename;
	82
	83	my $content = PVE::Tools::file_get_contents($filename);
	84	eval {
	85	die if !$content;
	86
	87	if ($type eq 'rbd') {
	88	die if $content !~ /\s\[\S+\]\skey\s=\s\S+==\s*$/m;
	89	} elsif ($type eq 'cephfs') {
	90	die if $content !~ /\S+==\s*$/;
	91	}
	92	};
	93	die "Not a proper $type authentication file: $filename\n" if $@;
	94
	95	return undef;
	96	};
	97
9b7ba1db AA	98	sub ceph_connect_option {
	99	my ($scfg, $storeid, %options) = @_;
	100
	101	my $cmd_option = {};
	102	my $ceph_storeid_conf = "/etc/pve/priv/ceph/${storeid}.conf";
	103	my $pveceph_config = '/etc/pve/ceph.conf';
	104	my $keyfile = "/etc/pve/priv/ceph/${storeid}.keyring";
	105	$keyfile = "/etc/pve/priv/ceph/${storeid}.secret" if ($scfg->{type} eq 'cephfs');
	106	my $pveceph_managed = !defined($scfg->{monhost});
	107
	108	$cmd_option->{ceph_conf} = $pveceph_config if $pveceph_managed;
	109
5527c824	110	$ceph_check_keyfile->($keyfile, $scfg->{type});
3e479172	111
9b7ba1db AA	112	if (-e $ceph_storeid_conf) {
	113	if ($pveceph_managed) {
	114	warn "ignoring custom ceph config for storage '$storeid', 'monhost' is not set (assuming pveceph managed cluster)!\n";
	115	} else {
	116	$cmd_option->{ceph_conf} = $ceph_storeid_conf;
	117	}
	118	}
	119
	120	$cmd_option->{keyring} = $keyfile if (-e $keyfile);
	121	$cmd_option->{auth_supported} = (defined $cmd_option->{keyring}) ? 'cephx' : 'none';
	122	$cmd_option->{userid} = $scfg->{username} ? $scfg->{username} : 'admin';
	123	$cmd_option->{mon_host} = hostlist($scfg->{monhost}, ',') if (defined($scfg->{monhost}));
	124
	125	if (%options) {
	126	foreach my $k (keys %options) {
	127	$cmd_option->{$k} = $options{$k};
	128	}
	129	}
	130
	131	return $cmd_option;
	132
	133	}
	134
e34ce144 AA	135	sub ceph_create_keyfile {
	136	my ($type, $storeid) = @_;
	137
	138	my $extension = 'keyring';
	139	$extension = 'secret' if ($type eq 'cephfs');
	140
	141	my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
	142	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
	143
	144	die "ceph authx keyring file for storage '$storeid' already exists!\n"
	145	if -e $ceph_storage_keyring;
	146
	147	if (-e $ceph_admin_keyring) {
	148	eval {
	149	if ($type eq 'rbd') {
	150	mkdir '/etc/pve/priv/ceph';
	151	PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
	152	} elsif ($type eq 'cephfs') {
	153	my $secret = $ceph_get_key->($ceph_admin_keyring, 'admin');
	154	mkdir '/etc/pve/priv/ceph';
	155	PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400);
	156	}
	157	};
	158	if (my $err = $@) {
	159	unlink $ceph_storage_keyring;
	160	die "failed to copy ceph authx $extension for storage '$storeid': $err\n";
	161	}
	162	} else {
	163	warn "$ceph_admin_keyring not found, authentication is disabled.\n";
	164	}
	165	}
	166
	167	sub ceph_remove_keyfile {
	168	my ($type, $storeid) = @_;
	169
	170	my $extension = 'keyring';
	171	$extension = 'secret' if ($type eq 'cephfs');
	172	my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
	173
	174	if (-f $ceph_storage_keyring) {
	175	unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
	176	}
	177	}
	178
9b7ba1db	179	1;