PVE/CephConfig.pm

   1 package PVE::CephConfig;
   2
   3 use strict;
   4 use warnings;
   5 use Net::IP;
   6 use PVE::Tools qw(run_command);
   7 use PVE::Cluster qw(cfs_register_file);
   8
   9 cfs_register_file('ceph.conf',
  10                   \&parse_ceph_config,
  11                   \&write_ceph_config);
  12
  13 sub parse_ceph_config {
  14     my ($filename, $raw) = @_;
  15
  16     my $cfg = {};
  17     return $cfg if !defined($raw);
  18
  19     my @lines = split /\n/, $raw;
  20
  21     my $section;
  22
  23     foreach my $line (@lines) {
  24         $line =~ s/[;#].*$//;
  25         $line =~ s/^\s+//;
  26         $line =~ s/\s+$//;
  27         next if !$line;
  28
  29         $section = $1 if $line =~ m/^\[(\S+)\]$/;
  30         if (!$section) {
  31             warn "no section - skip: $line\n";
  32             next;
  33         }
  34
  35         if ($line =~ m/^(.*?\S)\s*=\s*(\S.*)$/) {
  36             my ($key, $val) = ($1, $2);
  37             # ceph treats ' ', '_' and '-' in keys the same, so lets do too
  38             $key =~ s/[-\ ]/_/g;
  39             $cfg->{$section}->{$key} = $val;
  40         }
  41
  42     }
  43
  44     return $cfg;
  45 }
  46
  47 my $parse_ceph_file = sub {
  48     my ($filename) = @_;
  49
  50     my $cfg = {};
  51
  52     return $cfg if ! -f $filename;
  53
  54     my $content = PVE::Tools::file_get_contents($filename);
  55
  56     return parse_ceph_config($filename, $content);
  57 };
  58
  59 sub write_ceph_config {
  60     my ($filename, $cfg) = @_;
  61
  62     my $out = '';
  63
  64     my $cond_write_sec = sub {
  65         my $re = shift;
  66
  67         foreach my $section (keys %$cfg) {
  68             next if $section !~ m/^$re$/;
  69             $out .= "[$section]\n";
  70             foreach my $key (sort keys %{$cfg->{$section}}) {
  71                 $out .= "\t $key = $cfg->{$section}->{$key}\n";
  72             }
  73             $out .= "\n";
  74         }
  75     };
  76
  77     &$cond_write_sec('global');
  78     &$cond_write_sec('client');
  79
  80     &$cond_write_sec('mds');
  81     &$cond_write_sec('mon');
  82     &$cond_write_sec('osd');
  83     &$cond_write_sec('mgr');
  84
  85     &$cond_write_sec('mds\..*');
  86     &$cond_write_sec('mon\..*');
  87     &$cond_write_sec('osd\..*');
  88     &$cond_write_sec('mgr\..*');
  89
  90     return $out;
  91 }
  92
  93 my $ceph_get_key = sub {
  94     my ($keyfile, $username) = @_;
  95
  96     my $key = $parse_ceph_file->($keyfile);
  97     my $secret = $key->{"client.$username"}->{key};
  98
  99     return $secret;
 100 };
 101
 102 sub get_monaddr_list {
 103     my ($configfile) = shift;
 104
 105     if (!defined($configfile)) {
 106         warn "No ceph config specified\n";
 107         return;
 108     }
 109
 110     my $config = $parse_ceph_file->($configfile);
 111
 112     my @monids = grep { /mon\./ && defined($config->{$_}->{'mon addr'}) } %{$config};
 113
 114     return join(',', sort map { $config->{$_}->{'mon addr'} } @monids);
 115 };
 116
 117 sub hostlist {
 118     my ($list_text, $separator) = @_;
 119
 120     my @monhostlist = PVE::Tools::split_list($list_text);
 121     return join($separator, map {
 122         my ($host, $port) = PVE::Tools::parse_host_and_port($_);
 123         $port = defined($port) ? ":$port" : '';
 124         $host = "[$host]" if Net::IP::ip_is_ipv6($host);
 125         "${host}${port}"
 126     } @monhostlist);
 127 }
 128
 129 my $ceph_check_keyfile = sub {
 130     my ($filename, $type) = @_;
 131
 132     return if ! -f $filename;
 133
 134     my $content = PVE::Tools::file_get_contents($filename);
 135     eval {
 136         die if !$content;
 137
 138         if ($type eq 'rbd') {
 139             die if $content !~ /\s*\[\S+\]\s*key\s*=\s*\S+==\s*$/m;
 140         } elsif ($type eq 'cephfs') {
 141             die if $content !~ /\S+==\s*$/;
 142         }
 143     };
 144     die "Not a proper $type authentication file: $filename\n" if $@;
 145
 146     return undef;
 147 };
 148
 149 sub ceph_connect_option {
 150     my ($scfg, $storeid, %options) = @_;
 151
 152     my $cmd_option = {};
 153     my $ceph_storeid_conf = "/etc/pve/priv/ceph/${storeid}.conf";
 154     my $pveceph_config = '/etc/pve/ceph.conf';
 155     my $keyfile = "/etc/pve/priv/ceph/${storeid}.keyring";
 156     $keyfile = "/etc/pve/priv/ceph/${storeid}.secret" if ($scfg->{type} eq 'cephfs');
 157     my $pveceph_managed = !defined($scfg->{monhost});
 158
 159     $cmd_option->{ceph_conf} = $pveceph_config if $pveceph_managed;
 160
 161     $ceph_check_keyfile->($keyfile, $scfg->{type});
 162
 163     if (-e $ceph_storeid_conf) {
 164         if ($pveceph_managed) {
 165             warn "ignoring custom ceph config for storage '$storeid', 'monhost' is not set (assuming pveceph managed cluster)!\n";
 166         } else {
 167             $cmd_option->{ceph_conf} = $ceph_storeid_conf;
 168         }
 169     }
 170
 171     $cmd_option->{keyring} = $keyfile if (-e $keyfile);
 172     $cmd_option->{auth_supported} = (defined $cmd_option->{keyring}) ? 'cephx' : 'none';
 173     $cmd_option->{userid} =  $scfg->{username} ? $scfg->{username} : 'admin';
 174     $cmd_option->{mon_host} = hostlist($scfg->{monhost}, ',') if (defined($scfg->{monhost}));
 175
 176     if (%options) {
 177         foreach my $k (keys %options) {
 178             $cmd_option->{$k} = $options{$k};
 179         }
 180     }
 181
 182     return $cmd_option;
 183
 184 }
 185
 186 sub ceph_create_keyfile {
 187     my ($type, $storeid) = @_;
 188
 189     my $extension = 'keyring';
 190     $extension = 'secret' if ($type eq 'cephfs');
 191
 192     my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
 193     my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
 194
 195     die "ceph authx keyring file for storage '$storeid' already exists!\n"
 196         if -e $ceph_storage_keyring;
 197
 198     if (-e $ceph_admin_keyring) {
 199         eval {
 200             if ($type eq 'rbd') {
 201                 mkdir '/etc/pve/priv/ceph';
 202                 PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
 203             } elsif ($type eq 'cephfs') {
 204                 my $secret = $ceph_get_key->($ceph_admin_keyring, 'admin');
 205                 mkdir '/etc/pve/priv/ceph';
 206                 PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400);
 207            }
 208         };
 209         if (my $err = $@) {
 210            unlink $ceph_storage_keyring;
 211            die "failed to copy ceph authx $extension for storage '$storeid': $err\n";
 212         }
 213     } else {
 214         warn "$ceph_admin_keyring not found, authentication is disabled.\n";
 215     }
 216 }
 217
 218 sub ceph_remove_keyfile {
 219     my ($type, $storeid) = @_;
 220
 221     my $extension = 'keyring';
 222     $extension = 'secret' if ($type eq 'cephfs');
 223     my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
 224
 225     if (-f $ceph_storage_keyring) {
 226         unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
 227     }
 228 }
 229
 230 1;