return &$api_storage_config($cfg, $param->{storage});
}});
-my $sensitive_params = [qw(password encryption-key master-pubkey)];
+my $sensitive_params = [qw(password encryption-key master-pubkey keyring)];
__PACKAGE__->register_method ({
name => 'create',
}
};
+ my $keyring_map = {
+ name => 'keyring',
+ desc => 'file containing the keyring to authenticate in the Ceph cluster',
+ func => sub {
+ my ($value) = @_;
+ return PVE::Tools::file_get_contents($value);
+ },
+ };
my $mapping = {
'cifsscan' => [ $password_map ],
'cifs' => [ $password_map ],
'pbs' => [ $password_map ],
- 'create' => [ $password_map, $enc_key_map, $master_key_map ],
- 'update' => [ $password_map, $enc_key_map, $master_key_map ],
+ 'create' => [ $password_map, $enc_key_map, $master_key_map, $keyring_map ],
+ 'update' => [ $password_map, $enc_key_map, $master_key_map, $keyring_map ],
};
return $mapping->{$name};
}
fuse => { optional => 1 },
bwlimit => { optional => 1 },
maxfiles => { optional => 1 },
+ keyring => { optional => 1 },
'prune-backups' => { optional => 1 },
};
}
sub on_add_hook {
my ($class, $storeid, $scfg, %param) = @_;
- return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
+ my $secret = $param{keyring} if defined $param{keyring} // undef;
+ PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $secret);
- PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid);
+ return;
+}
+
+sub on_update_hook {
+ my ($class, $storeid, $scfg, %param) = @_;
+
+ if (exists($param{keyring})) {
+ if (defined($param{keyring})) {
+ PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
+ } else {
+ PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
+ }
+ }
return;
}
sub on_delete_hook {
my ($class, $storeid, $scfg) = @_;
-
- return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
-
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
-
return;
}
description => "Always access rbd through krbd kernel module.",
type => 'boolean',
},
+ keyring => {
+ description => "Client keyring contents (for external clusters).",
+ type => 'string',
+ },
};
}
username => { optional => 1 },
content => { optional => 1 },
krbd => { optional => 1 },
+ keyring => { optional => 1 },
bwlimit => { optional => 1 },
};
}
sub on_add_hook {
my ($class, $storeid, $scfg, %param) = @_;
- return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
+ my $secret = $param{keyring} if defined $param{keyring} // undef;
+ PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $secret);
- PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid);
+ return;
+}
+
+sub on_update_hook {
+ my ($class, $storeid, $scfg, %param) = @_;
+
+ if (exists($param{keyring})) {
+ if (defined($param{keyring})) {
+ PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
+ } else {
+ PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
+ }
+ }
return;
}
sub on_delete_hook {
my ($class, $storeid, $scfg) = @_;
-
- return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
-
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
-
return;
}