ceph_key: rework container support

Previously, we were doing a 'docker exec' inside a mon container, this
worked but this wasn't ideal since it required a mon to be up to
generate keys. We must be able to generate a key without a running mon,
e.g, when we create the initial key or simply when you want to generate
a key from any node that is not a mon.
Now, just like the ceph_volume module we use a 'docker run' command with
the right binary as an entrypoint to perform the choosen action, this is
more elegant and also only requires an env variable to be set in the
playbook: CEPH_CONTAINER_IMAGE.

Signed-off-by: Sébastien Han <seb@redhat.com>
pull/3367/head
Sébastien Han 2018-11-16 10:46:10 +01:00 committed by mergify[bot]
parent a9b337ba66
commit bc6e652a1c
2 changed files with 247 additions and 126 deletions

View File

@ -74,12 +74,6 @@ options:
- keyring's secret value - keyring's secret value
required: false required: false
default: None default: None
containerized:
description:
- Wether or not this is a containerized cluster. The value is
assigned or not depending on how the playbook runs.
required: false
default: None
import_key: import_key:
description: description:
- Wether or not to import the created keyring into Ceph. - Wether or not to import the created keyring into Ceph.
@ -208,6 +202,36 @@ def fatal(message, module):
raise(Exception(message)) raise(Exception(message))
def container_exec(binary, container_image):
'''
Build the docker CLI to run a command inside a container
'''
command_exec = ['docker',
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
os.path.join('--entrypoint=' + binary),
container_image]
return command_exec
def is_containerized():
'''
Check if we are running on a containerized cluster
'''
if 'CEPH_CONTAINER_IMAGE' in os.environ:
container_image = os.getenv('CEPH_CONTAINER_IMAGE')
else:
container_image = None
return container_image
def generate_secret(): def generate_secret():
''' '''
Generate a CephX secret Generate a CephX secret
@ -237,15 +261,20 @@ def generate_caps(cmd, _type, caps):
return cmd return cmd
def generate_ceph_cmd(cluster, args, user, user_key, containerized=None): def generate_ceph_cmd(cluster, args, user, user_key, container_image=None):
''' '''
Generate 'ceph' command line to execute Generate 'ceph' command line to execute
''' '''
cmd = [] if container_image:
binary = 'ceph'
cmd = container_exec(
binary, container_image)
else:
binary = ['ceph']
cmd = binary
base_cmd = [ base_cmd = [
'ceph',
'-n', '-n',
user, user,
'-k', '-k',
@ -257,19 +286,23 @@ def generate_ceph_cmd(cluster, args, user, user_key, containerized=None):
cmd.extend(base_cmd + args) cmd.extend(base_cmd + args)
if containerized:
cmd = containerized.split() + cmd
return cmd return cmd
def generate_ceph_authtool_cmd(cluster, name, secret, caps, auid, dest, containerized=None): # noqa E501 def generate_ceph_authtool_cmd(cluster, name, secret, caps, dest, container_image=None): # noqa E501
''' '''
Generate 'ceph-authtool' command line to execute Generate 'ceph-authtool' command line to execute
''' '''
cmd = [ if container_image:
'ceph-authtool', binary = 'ceph-authtool'
cmd = container_exec(
binary, container_image)
else:
binary = ['ceph-authtool']
cmd = binary
base_cmd = [
'--create-keyring', '--create-keyring',
dest, dest,
'--name', '--name',
@ -278,18 +311,17 @@ def generate_ceph_authtool_cmd(cluster, name, secret, caps, auid, dest, containe
secret, secret,
] ]
cmd.extend(base_cmd)
if auid: if auid:
cmd.extend(['--set-uid', auid]) cmd.extend(['--set-uid', auid])
cmd = generate_caps(cmd, "ceph-authtool", caps) cmd = generate_caps(cmd, "ceph-authtool", caps)
if containerized:
cmd = containerized.split() + cmd
return cmd return cmd
def create_key(module, result, cluster, name, secret, caps, import_key, auid, dest, containerized=None): # noqa E501 def create_key(module, result, cluster, name, secret, caps, import_key, dest, container_image=None): # noqa E501
''' '''
Create a CephX key Create a CephX key
''' '''
@ -305,7 +337,7 @@ def create_key(module, result, cluster, name, secret, caps, import_key, auid, de
secret = generate_secret() secret = generate_secret()
cmd_list.append(generate_ceph_authtool_cmd( cmd_list.append(generate_ceph_authtool_cmd(
cluster, name, secret, caps, auid, dest, containerized)) cluster, name, secret, caps, auid, dest, container_image))
if import_key: if import_key:
user = "client.admin" user = "client.admin"
@ -313,12 +345,12 @@ def create_key(module, result, cluster, name, secret, caps, import_key, auid, de
user_key = os.path.join( user_key = os.path.join(
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
cmd_list.append(generate_ceph_cmd( cmd_list.append(generate_ceph_cmd(
cluster, args, user, user_key, containerized)) cluster, args, user, user_key, container_image))
return cmd_list return cmd_list
def update_key(cluster, name, caps, containerized=None): def update_key(cluster, name, caps, container_image=None):
''' '''
Update a CephX key's capabilities Update a CephX key's capabilities
''' '''
@ -335,12 +367,12 @@ def update_key(cluster, name, caps, containerized=None):
user_key = os.path.join( user_key = os.path.join(
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
cmd_list.append(generate_ceph_cmd( cmd_list.append(generate_ceph_cmd(
cluster, args, user, user_key, containerized)) cluster, args, user, user_key, container_image))
return cmd_list return cmd_list
def delete_key(cluster, name, containerized=None): def delete_key(cluster, name, container_image=None):
''' '''
Delete a CephX key Delete a CephX key
''' '''
@ -356,12 +388,12 @@ def delete_key(cluster, name, containerized=None):
user_key = os.path.join( user_key = os.path.join(
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
cmd_list.append(generate_ceph_cmd( cmd_list.append(generate_ceph_cmd(
cluster, args, user, user_key, containerized)) cluster, args, user, user_key, container_image))
return cmd_list return cmd_list
def get_key(cluster, name, dest, containerized=None): def get_key(cluster, name, dest, container_image=None):
''' '''
Get a CephX key (write on the filesystem) Get a CephX key (write on the filesystem)
''' '''
@ -379,12 +411,12 @@ def get_key(cluster, name, dest, containerized=None):
user_key = os.path.join( user_key = os.path.join(
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
cmd_list.append(generate_ceph_cmd( cmd_list.append(generate_ceph_cmd(
cluster, args, user, user_key, containerized)) cluster, args, user, user_key, container_image))
return cmd_list return cmd_list
def info_key(cluster, name, user, user_key, output_format, containerized=None): def info_key(cluster, name, user, user_key, output_format, container_image=None): # noqa E501
''' '''
Get information about a CephX key Get information about a CephX key
''' '''
@ -399,12 +431,12 @@ def info_key(cluster, name, user, user_key, output_format, containerized=None):
] ]
cmd_list.append(generate_ceph_cmd( cmd_list.append(generate_ceph_cmd(
cluster, args, user, user_key, containerized)) cluster, args, user, user_key, container_image))
return cmd_list return cmd_list
def list_keys(cluster, user, user_key, containerized=None): def list_keys(cluster, user, user_key, container_image=None):
''' '''
List all CephX keys List all CephX keys
''' '''
@ -418,7 +450,7 @@ def list_keys(cluster, user, user_key, containerized=None):
] ]
cmd_list.append(generate_ceph_cmd( cmd_list.append(generate_ceph_cmd(
cluster, args, user, user_key, containerized)) cluster, args, user, user_key, container_image))
return cmd_list return cmd_list
@ -491,7 +523,6 @@ def run_module():
cluster=dict(type='str', required=False, default='ceph'), cluster=dict(type='str', required=False, default='ceph'),
name=dict(type='str', required=False), name=dict(type='str', required=False),
state=dict(type='str', required=True), state=dict(type='str', required=True),
containerized=dict(type='str', required=False, default=None),
caps=dict(type='dict', required=False, default=None), caps=dict(type='dict', required=False, default=None),
secret=dict(type='str', required=False, default=None), secret=dict(type='str', required=False, default=None),
import_key=dict(type='bool', required=False, default=True), import_key=dict(type='bool', required=False, default=True),
@ -509,7 +540,6 @@ def run_module():
state = module.params['state'] state = module.params['state']
name = module.params.get('name') name = module.params.get('name')
cluster = module.params.get('cluster') cluster = module.params.get('cluster')
containerized = module.params.get('containerized')
caps = module.params.get('caps') caps = module.params.get('caps')
secret = module.params.get('secret') secret = module.params.get('secret')
import_key = module.params.get('import_key') import_key = module.params.get('import_key')
@ -531,6 +561,9 @@ def run_module():
startd = datetime.datetime.now() startd = datetime.datetime.now()
# will return either the image name or None
container_image = is_containerized()
# Test if the key exists, if it does we skip its creation # Test if the key exists, if it does we skip its creation
# We only want to run this check when a key needs to be added # We only want to run this check when a key needs to be added
# There is no guarantee that any cluster is running and we don't need one # There is no guarantee that any cluster is running and we don't need one
@ -540,7 +573,7 @@ def run_module():
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
output_format = "json" output_format = "json"
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, info_key(cluster, name, user, user_key, output_format, containerized)) # noqa E501 module, info_key(cluster, name, user, user_key, output_format, container_image)) # noqa E501
if state == "present": if state == "present":
if not caps: if not caps:
@ -561,14 +594,14 @@ def run_module():
if rc == 0 and not secret: if rc == 0 and not secret:
# If the key exists in Ceph we must fetch it on the system # If the key exists in Ceph we must fetch it on the system
# because nothing tells us it exists on the fs or not # because nothing tells us it exists on the fs or not
rc, cmd, out, err = exec_commands(module, get_key(cluster, name, file_path, containerized)) # noqa E501 rc, cmd, out, err = exec_commands(module, get_key(cluster, name, file_path, container_image)) # noqa E501
result["stdout"] = "skipped, since {0} already exists, we only fetched the key at {1}. If you want to update a key use 'state: update'".format( # noqa E501 result["stdout"] = "skipped, since {0} already exists, we only fetched the key at {1}. If you want to update a key use 'state: update'".format( # noqa E501
name, file_path) name, file_path)
result['rc'] = rc result['rc'] = rc
module.exit_json(**result) module.exit_json(**result)
rc, cmd, out, err = exec_commands(module, create_key( rc, cmd, out, err = exec_commands(module, create_key(
module, result, cluster, name, secret, caps, import_key, auid, file_path, containerized)) # noqa E501 module, result, cluster, name, secret, caps, import_key, auid, file_path, container_image)) # noqa E501
file_args = module.load_file_common_arguments(module.params) file_args = module.load_file_common_arguments(module.params)
file_args['path'] = file_path file_args['path'] = file_path
@ -583,13 +616,13 @@ def run_module():
module.exit_json(**result) module.exit_json(**result)
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, update_key(cluster, name, caps, containerized)) module, update_key(cluster, name, caps, container_image))
# After the update we don't need to overwrite the key on the filesystem # After the update we don't need to overwrite the key on the filesystem
# since the secret has not changed # since the secret has not changed
elif state == "absent": elif state == "absent":
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, delete_key(cluster, name, containerized)) module, delete_key(cluster, name, container_image))
elif state == "info": elif state == "info":
if rc != 0: if rc != 0:
@ -602,14 +635,14 @@ def run_module():
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
output_format = "json" output_format = "json"
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, info_key(cluster, name, user, user_key, output_format, containerized)) # noqa E501 module, info_key(cluster, name, user, user_key, output_format, container_image)) # noqa E501
elif state == "list": elif state == "list":
user = "client.admin" user = "client.admin"
user_key = os.path.join( user_key = os.path.join(
"/etc/ceph/" + cluster + ".client.admin.keyring") "/etc/ceph/" + cluster + ".client.admin.keyring")
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, list_keys(cluster, user, user_key, containerized)) module, list_keys(cluster, user, user_key, container_image))
elif state == "fetch_initial_keys": elif state == "fetch_initial_keys":
hostname = socket.gethostname() hostname = socket.gethostname()
@ -617,7 +650,7 @@ def run_module():
user_key = os.path.join( user_key = os.path.join(
"/var/lib/ceph/mon/" + cluster + "-" + hostname + "/keyring") "/var/lib/ceph/mon/" + cluster + "-" + hostname + "/keyring")
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, list_keys(cluster, user, user_key, containerized)) module, list_keys(cluster, user, user_key, container_image))
if rc != 0: if rc != 0:
result["stdout"] = "failed to retrieve ceph keys".format(name) result["stdout"] = "failed to retrieve ceph keys".format(name)
result['rc'] = 0 result['rc'] = 0
@ -628,8 +661,12 @@ def run_module():
fatal("Failed to find some of the initial entities", module) fatal("Failed to find some of the initial entities", module)
# get ceph's group and user id # get ceph's group and user id
ceph_uid = pwd.getpwnam('ceph').pw_uid if container_image:
ceph_grp = grp.getgrnam('ceph').gr_gid ceph_uid = os.getenv('CEPH_UID')
ceph_grp = os.getenv('CEPH_UID')
else:
ceph_uid = pwd.getpwnam('ceph').pw_uid
ceph_grp = grp.getgrnam('ceph').gr_gid
output_format = "plain" output_format = "plain"
for entity in entities: for entity in entities:
@ -647,7 +684,7 @@ def run_module():
] ]
info_cmd = info_key(cluster, entity, user, info_cmd = info_key(cluster, entity, user,
user_key, output_format, containerized) user_key, output_format, container_image)
# we use info_cmd[0] because info_cmd is an array made of an array # we use info_cmd[0] because info_cmd is an array made of an array
info_cmd[0].extend(extra_args) info_cmd[0].extend(extra_args)
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(

View File

@ -1,7 +1,6 @@
import json import json
import os import os
from . import ceph_key from . import ceph_key
from ansible.compat.tests.mock import MagicMock
class TestCephKeyModule(object): class TestCephKeyModule(object):
@ -72,13 +71,16 @@ class TestCephKeyModule(object):
fake_args = ['arg'] fake_args = ['arg']
fake_user = "fake-user" fake_user = "fake-user"
fake_key = "/tmp/my-key" fake_key = "/tmp/my-key"
fake_containerized = "docker exec -ti ceph-mon" fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [ expected_command_list = ['docker',
'docker', 'run',
'exec', '--rm',
'-ti', '--net=host', # noqa E501
'ceph-mon', '-v', '/etc/ceph:/etc/ceph:z',
'ceph', '-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', '-n',
"fake-user", "fake-user",
'-k', '-k',
@ -86,10 +88,9 @@ class TestCephKeyModule(object):
'--cluster', '--cluster',
fake_cluster, fake_cluster,
'auth', 'auth',
'arg' 'arg']
]
result = ceph_key.generate_ceph_cmd( result = ceph_key.generate_ceph_cmd(
fake_cluster, fake_args, fake_user, fake_key, fake_containerized) fake_cluster, fake_args, fake_user, fake_key, fake_container_image)
assert result == expected_command_list assert result == expected_command_list
def test_generate_ceph_authtool_cmd_non_container_no_auid(self): def test_generate_ceph_authtool_cmd_non_container_no_auid(self):
@ -160,7 +161,6 @@ class TestCephKeyModule(object):
fake_cluster = "fake" fake_cluster = "fake"
fake_name = "client.fake" fake_name = "client.fake"
fake_secret = "super-secret" fake_secret = "super-secret"
fake_containerized = "docker exec -ti ceph-mon"
fake_caps = { fake_caps = {
'mon': 'allow *', 'mon': 'allow *',
'osd': 'allow rwx', 'osd': 'allow rwx',
@ -169,32 +169,35 @@ class TestCephKeyModule(object):
fake_auid = None fake_auid = None
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
expected_command_list = [ fake_container_image = "docker.io/ceph/daemon:latest-luminous"
'docker', expected_command_list = ['docker',
'exec', 'run',
'-ti', '--rm',
'ceph-mon', '--net=host',
'ceph-authtool', '-v', '/etc/ceph:/etc/ceph:z',
'--create-keyring', '-v', '/var/lib/ceph/:/var/lib/ceph/:z',
fake_file_destination, '-v', '/var/log/ceph/:/var/log/ceph/:z',
'--name', '--entrypoint=ceph-authtool',
fake_name, 'docker.io/ceph/daemon:latest-luminous',
'--add-key', '--create-keyring',
fake_secret, fake_file_destination,
'--cap', '--name',
'mon', fake_name,
'allow *', '--add-key',
'--cap', fake_secret,
'osd', '--cap',
'allow rwx' 'mon',
] 'allow *',
'--cap',
'osd',
'allow rwx']
result = ceph_key.generate_ceph_authtool_cmd( result = ceph_key.generate_ceph_authtool_cmd(
fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination, fake_containerized) # noqa E501 fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination, fake_containerized) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_create_key_non_container(self): def test_create_key_non_container(self):
fake_module = "fake" fake_module = "fake"
fake_result = "fake" fake_result = " fake"
fake_cluster = "fake" fake_cluster = "fake"
fake_name = "client.fake" fake_name = "client.fake"
fake_secret = "super-secret" fake_secret = "super-secret"
@ -223,7 +226,6 @@ class TestCephKeyModule(object):
fake_cluster = "fake" fake_cluster = "fake"
fake_name = "client.fake" fake_name = "client.fake"
fake_secret = "super-secret" fake_secret = "super-secret"
fake_containerized = "docker exec -ti ceph-mon"
fake_caps = { fake_caps = {
'mon': 'allow *', 'mon': 'allow *',
'osd': 'allow rwx', 'osd': 'allow rwx',
@ -233,11 +235,36 @@ class TestCephKeyModule(object):
fake_auid = None fake_auid = None
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [ expected_command_list = [
['docker', 'exec', '-ti', 'ceph-mon', 'ceph-authtool', '--create-keyring', fake_file_destination, # noqa E501 ['docker', # noqa E128
'--name', fake_name, '--add-key', fake_secret, '--cap', 'mon', 'allow *', '--cap', 'osd', 'allow rwx'], # noqa E501 'run',
['docker', 'exec', '-ti', 'ceph-mon', 'ceph', '-n', 'client.admin', '-k', '/etc/ceph/fake.client.admin.keyring', '--cluster', # noqa E501 '--rm',
fake_cluster, 'auth', 'import', '-i', fake_file_destination], '--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph-authtool',
'docker.io/ceph/daemon:latest-luminous',
'--create-keyring', fake_file_destination,
'--name', fake_name,
'--add-key', fake_secret,
'--cap', 'mon', 'allow *',
'--cap', 'osd', 'allow rwx'],
['docker',
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', 'client.admin',
'-k', '/etc/ceph/fake.client.admin.keyring',
'--cluster', fake_cluster,
'auth', 'import',
'-i', fake_file_destination]
] ]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501 result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501
fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501 fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501
@ -284,7 +311,6 @@ class TestCephKeyModule(object):
fake_cluster = "fake" fake_cluster = "fake"
fake_name = "client.fake" fake_name = "client.fake"
fake_secret = "super-secret" fake_secret = "super-secret"
fake_containerized = "docker exec -ti ceph-mon"
fake_caps = { fake_caps = {
'mon': 'allow *', 'mon': 'allow *',
'osd': 'allow rwx', 'osd': 'allow rwx',
@ -295,25 +321,28 @@ class TestCephKeyModule(object):
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_auid = None fake_auid = None
# create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501 # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
expected_command_list = [[ fake_container_image = "docker.io/ceph/daemon:latest-luminous"
'docker', expected_command_list = [['docker', # noqa E128
'exec', 'run',
'-ti', '--rm',
'ceph-mon', '--net=host',
'ceph-authtool', '-v', '/etc/ceph:/etc/ceph:z',
'--create-keyring', '-v', '/var/lib/ceph/:/var/lib/ceph/:z',
fake_file_destination, '-v', '/var/log/ceph/:/var/log/ceph/:z',
'--name', '--entrypoint=ceph-authtool',
fake_name, 'docker.io/ceph/daemon:latest-luminous',
'--add-key', '--create-keyring',
fake_secret, fake_file_destination,
'--cap', '--name',
'mon', fake_name,
'allow *', '--add-key',
'--cap', fake_secret,
'osd', '--cap',
'allow rwx', ] 'mon',
] 'allow *',
'--cap',
'osd',
'allow rwx']]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501 result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501
fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501 fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501
assert result == expected_command_list assert result == expected_command_list
@ -335,17 +364,29 @@ class TestCephKeyModule(object):
def test_update_key_container(self): def test_update_key_container(self):
fake_cluster = "fake" fake_cluster = "fake"
fake_name = "client.fake" fake_name = "client.fake"
fake_containerized = "docker exec -ti ceph-mon"
fake_caps = { fake_caps = {
'mon': 'allow *', 'mon': 'allow *',
'osd': 'allow rwx', 'osd': 'allow rwx',
} }
expected_command_list = [ fake_container_image = "docker.io/ceph/daemon:latest-luminous"
['docker', 'exec', '-ti', 'ceph-mon', 'ceph', '-n', 'client.admin', '-k', '/etc/ceph/fake.client.admin.keyring', '--cluster', fake_cluster, # noqa E501 expected_command_list = [['docker', # noqa E128
'auth', 'caps', fake_name, 'mon', 'allow *', 'osd', 'allow rwx'], # noqa E501 'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', 'client.admin',
'-k', '/etc/ceph/fake.client.admin.keyring',
'--cluster', fake_cluster,
'auth',
'caps', fake_name,
'mon', 'allow *', 'osd', 'allow rwx']
] ]
result = ceph_key.update_key( result = ceph_key.update_key(
fake_cluster, fake_name, fake_caps, fake_containerized) fake_cluster, fake_name, fake_caps, fake_container_image)
assert result == expected_command_list assert result == expected_command_list
def test_delete_key_non_container(self): def test_delete_key_non_container(self):
@ -361,13 +402,23 @@ class TestCephKeyModule(object):
def test_delete_key_container(self): def test_delete_key_container(self):
fake_cluster = "fake" fake_cluster = "fake"
fake_name = "client.fake" fake_name = "client.fake"
fake_containerized = "docker exec -ti ceph-mon" fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [ expected_command_list = [['docker', # noqa E128
['docker', 'exec', '-ti', 'ceph-mon', 'ceph', '-n', 'client.admin', '-k', '/etc/ceph/fake.client.admin.keyring', # noqa E501 'run',
'--cluster', fake_cluster, 'auth', 'del', fake_name], '--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', 'client.admin',
'-k', '/etc/ceph/fake.client.admin.keyring',
'--cluster', fake_cluster,
'auth', 'del', fake_name]
] ]
result = ceph_key.delete_key( result = ceph_key.delete_key(
fake_cluster, fake_name, fake_containerized) fake_cluster, fake_name, fake_container_image)
assert result == expected_command_list assert result == expected_command_list
def test_info_key_non_container(self): def test_info_key_non_container(self):
@ -389,14 +440,25 @@ class TestCephKeyModule(object):
fake_name = "client.fake" fake_name = "client.fake"
fake_user = "fake-user" fake_user = "fake-user"
fake_key = "/tmp/my-key" fake_key = "/tmp/my-key"
fake_containerized = "docker exec -ti ceph-mon"
fake_output_format = "json" fake_output_format = "json"
expected_command_list = [ fake_container_image = "docker.io/ceph/daemon:latest-luminous"
['docker', 'exec', '-ti', 'ceph-mon', 'ceph', '-n', "fake-user", '-k', "/tmp/my-key", '--cluster', # noqa E501 expected_command_list = [['docker', # noqa E128
fake_cluster, 'auth', 'get', fake_name, '-f', 'json'], 'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "fake-user",
'-k', "/tmp/my-key",
'--cluster', fake_cluster,
'auth', 'get', fake_name,
'-f', 'json']
] ]
result = ceph_key.info_key( result = ceph_key.info_key(
fake_cluster, fake_name, fake_user, fake_key, fake_output_format, fake_containerized) # noqa E501 fake_cluster, fake_name, fake_user, fake_key, fake_output_format, fake_container_image) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_list_key_non_container(self): def test_list_key_non_container(self):
@ -454,27 +516,49 @@ class TestCephKeyModule(object):
def test_list_key_container_with_mon_key(self): def test_list_key_container_with_mon_key(self):
fake_hostname = "mon01" fake_hostname = "mon01"
fake_cluster = "fake" fake_cluster = "fake"
fake_containerized = "docker exec -ti ceph-mon"
fake_user = "mon." fake_user = "mon."
fake_key = os.path.join("/var/lib/ceph/mon/" + fake_cluster + "-" + fake_hostname + "/keyring") # noqa E501 fake_key = os.path.join("/var/lib/ceph/mon/" + fake_cluster + "-" + fake_hostname + "/keyring") # noqa E501
expected_command_list = [ fake_container_image = "docker.io/ceph/daemon:latest-luminous"
['docker', 'exec', '-ti', 'ceph-mon','ceph', '-n', "mon.", '-k', "/var/lib/ceph/mon/fake-mon01/keyring", # noqa E501 expected_command_list = [['docker', # noqa E128
'--cluster', fake_cluster, 'auth', 'ls', '-f', 'json'], 'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "mon.",
'-k', "/var/lib/ceph/mon/fake-mon01/keyring", # noqa E501
'--cluster', fake_cluster,
'auth', 'ls',
'-f', 'json'],
] ]
result = ceph_key.list_keys(fake_cluster, fake_user, fake_key, fake_containerized) # noqa E501 result = ceph_key.list_keys(fake_cluster, fake_user, fake_key, fake_container_image) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_list_key_container(self): def test_list_key_container(self):
fake_cluster = "fake" fake_cluster = "fake"
fake_containerized = "docker exec -ti ceph-mon"
fake_user = "fake-user" fake_user = "fake-user"
fake_key = "/tmp/my-key" fake_key = "/tmp/my-key"
expected_command_list = [ fake_container_image = "docker.io/ceph/daemon:latest-luminous"
['docker', 'exec', '-ti', 'ceph-mon', 'ceph', '-n', "fake-user", '-k', "/tmp/my-key", '--cluster', # noqa E501 expected_command_list = [['docker', # noqa E128
fake_cluster, 'auth', 'ls', '-f', 'json'], 'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "fake-user",
'-k', "/tmp/my-key",
'--cluster', fake_cluster,
'auth', 'ls',
'-f', 'json'],
] ]
result = ceph_key.list_keys( result = ceph_key.list_keys(
fake_cluster, fake_user, fake_key, fake_containerized) fake_cluster, fake_user, fake_key, fake_container_image)
assert result == expected_command_list assert result == expected_command_list
def test_lookup_ceph_initial_entities(self): def test_lookup_ceph_initial_entities(self):