Merge pull request #19276 from tchaikov/wip-volume-key

ceph-volume: do not use --key during mkfs Reviewed-by: Alfredo Deza <adeza@redhat.com>
2025-02-23 02:57:21 +00:00 · 2017-12-07 23:31:10 +08:00 · 2017-12-07 23:31:10 +08:00 · 4bc6269f15
commit 4bc6269f15
parent 09f88ce543 6df444cf33
3 changed files with 25 additions and 7 deletions
--- a/src/ceph-volume/ceph_volume/process.py
+++ b/src/ceph-volume/ceph_volume/process.py
@ -99,22 +99,18 @@ def run(command, **kw):
    """
    stop_on_error = kw.pop('stop_on_error', True)
    command_msg = obfuscate(command, kw.pop('obfuscate', None))
-    stdin = kw.pop('stdin', None)
    logger.info(command_msg)
    terminal.write(command_msg)
    terminal_logging = kw.pop('terminal_logging', True)

    process = subprocess.Popen(
        command,
-        stdin=subprocess.PIPE,
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
        close_fds=True,
        **kw
    )

-    if stdin:
-        process.communicate(stdin)
    while True:
        reads, _, _ = select(
            [process.stdout.fileno(), process.stderr.fileno()],
--- a/src/ceph-volume/ceph_volume/util/prepare.py
+++ b/src/ceph-volume/ceph_volume/util/prepare.py
@ -205,7 +205,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):
    ]

    if keyring is not None:
-        base_command.extend(['--key', keyring])
+        base_command.extend(['--keyfile', '-'])

    if wal:
        base_command.extend(
@ -221,7 +221,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):

    command = base_command + supplementary_command

-    process.run(command, obfuscate='--key')
+    process.call(command, stdin=keyring)


 def osd_mkfs_filestore(osd_id, fsid):
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@ -1859,11 +1859,33 @@ int OSD::write_meta(CephContext *cct, ObjectStore *store, uuid_d& cluster_fsid,
    return r;

  string key = cct->_conf->get_val<string>("key");
-  lderr(cct) << "key " << key << dendl;
  if (key.size()) {
    r = store->write_meta("osd_key", key);
    if (r < 0)
      return r;
+  } else {
+    string keyfile = cct->_conf->get_val<string>("keyfile");
+    if (!keyfile.empty()) {
+      bufferlist keybl;
+      string err;
+      if (keyfile == "-") {
+	static_assert(1024 * 1024 >
+		      (sizeof(CryptoKey) - sizeof(bufferptr) +
+		       sizeof(__u16) + 16 /* AES_KEY_LEN */ + 3 - 1) / 3. * 4.,
+		      "1MB should be enough for a base64 encoded CryptoKey");
+	r = keybl.read_fd(STDIN_FILENO, 1024 * 1024);
+      } else {
+	r = keybl.read_file(keyfile.c_str(), &err);
+      }
+      if (r < 0) {
+	derr << __func__ << " failed to read keyfile " << keyfile << ": "
+	     << err << ": " << cpp_strerror(r) << dendl;
+	return r;
+      }
+      r = store->write_meta("osd_key", keybl.to_str());
+      if (r < 0)
+	return r;
+    }
  }

  r = store->write_meta("ready", "ready");