diff --git a/pkg/cephfs/cephuser.go b/pkg/cephfs/cephuser.go index f642fd654..fb06d5bf3 100644 --- a/pkg/cephfs/cephuser.go +++ b/pkg/cephfs/cephuser.go @@ -17,12 +17,7 @@ limitations under the License. package cephfs import ( - "bytes" - "encoding/json" "fmt" - "os" - - "k8s.io/klog" ) const ( @@ -53,83 +48,47 @@ func getCephUserName(volID volumeID) string { return cephUserPrefix + string(volID) } -func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) { - entityName := cephEntityClientPrefix + getCephUserName(volID) - +func getSingleCephEntity(args ...string) (*cephEntity, error) { var ents []cephEntity - args := [...]string{ - "-m", volOptions.Monitors, - "auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id), - "get", entityName, - } - - out, err := execCommand("ceph", args[:]...) - if err != nil { - return nil, fmt.Errorf("cephfs: ceph failed with following error: %s\ncephfs: ceph output: %s", err, out) - } - - // Workaround for output from `ceph auth get` - // Contains non-json data: "exported keyring for ENTITY\n\n" - offset := bytes.Index(out, []byte("[{")) - - if err = json.NewDecoder(bytes.NewReader(out[offset:])).Decode(&ents); err != nil { - return nil, fmt.Errorf("failed to decode json: %v", err) + if err := execCommandJSON(&ents, "ceph", args...); err != nil { + return nil, err } if len(ents) != 1 { - return nil, fmt.Errorf("got unexpected number of entities for %s: expected 1, got %d", entityName, len(ents)) + return nil, fmt.Errorf("got unexpected number of entities: expected 1, got %d", len(ents)) } return &ents[0], nil } +func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) { + return getSingleCephEntity( + "-m", volOptions.Monitors, + "-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key, + "-c", cephConfigPath, + "-f", "json", + "auth", "get", cephEntityClientPrefix+getCephUserName(volID), + ) +} + func createCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) { - caps := cephEntityCaps{ - Mds: fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)), - Mon: "allow r", - Osd: fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)), - } - - var ents []cephEntity - args := [...]string{ + return getSingleCephEntity( "-m", volOptions.Monitors, - "auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id), - "get-or-create", cephEntityClientPrefix + getCephUserName(volID), - "mds", caps.Mds, - "mon", caps.Mon, - "osd", caps.Osd, - } - - if err := execCommandJSON(&ents, args[:]...); err != nil { - return nil, fmt.Errorf("error creating ceph user: %v", err) - } - - return &ents[0], nil + "-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key, + "-c", cephConfigPath, + "-f", "json", + "auth", "get-or-create", cephEntityClientPrefix+getCephUserName(volID), + "mds", fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)), + "mon", "allow r", + "osd", fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)), + ) } func deleteCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) error { - userID := getCephUserName(volID) - - args := [...]string{ + return execCommandErr("ceph", "-m", volOptions.Monitors, - "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id), - "auth", "rm", cephEntityClientPrefix + userID, - } - - var err error - if err = execCommandAndValidate("ceph", args[:]...); err != nil { - return err - } - - keyringPath := getCephKeyringPath(volID, adminCr.id) - if err = os.Remove(keyringPath); err != nil { - klog.Errorf("failed to remove keyring file %s with error %s", keyringPath, err) - } - - secretPath := getCephSecretPath(volID, adminCr.id) - if err = os.Remove(secretPath); err != nil { - klog.Errorf("failed to remove secret file %s with error %s", secretPath, err) - } - - return nil + "-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key, + "-c", cephConfigPath, + "auth", "rm", cephEntityClientPrefix+getCephUserName(volID), + ) } diff --git a/pkg/cephfs/volume.go b/pkg/cephfs/volume.go index e228892c8..683677b53 100644 --- a/pkg/cephfs/volume.go +++ b/pkg/cephfs/volume.go @@ -48,7 +48,7 @@ func getVolumeNamespace(volID volumeID) string { } func setVolumeAttribute(root, attrName, attrValue string) error { - return execCommandAndValidate("setfattr", "-n", attrName, "-v", attrValue, root) + return execCommandErr("setfattr", "-n", attrName, "-v", attrValue, root) } func createVolume(volOptions *volumeOptions, adminCr *credentials, volID volumeID, bytesQuota int64) error { @@ -124,7 +124,7 @@ func purgeVolume(volID volumeID, adminCr *credentials, volOptions *volumeOptions defer unmountAndRemove(cephRoot) if err := os.Rename(volRoot, volRootDeleting); err != nil { - return fmt.Errorf("coudln't mark volume %s for deletion: %v", volID, err) + return fmt.Errorf("couldn't mark volume %s for deletion: %v", volID, err) } if err := os.RemoveAll(volRootDeleting); err != nil { diff --git a/pkg/cephfs/volumemounter.go b/pkg/cephfs/volumemounter.go index 6a78f8266..3119a2474 100644 --- a/pkg/cephfs/volumemounter.go +++ b/pkg/cephfs/volumemounter.go @@ -106,19 +106,18 @@ func mountFuse(mountPoint string, cr *credentials, volOptions *volumeOptions, vo mountPoint, "-m", volOptions.Monitors, "-c", cephConfigPath, - "-n", cephEntityClientPrefix + cr.id, - "--keyring", getCephKeyringPath(volID, cr.id), + "-n", cephEntityClientPrefix + cr.id, "--key=" + cr.key, "-r", volOptions.RootPath, "-o", "nonempty", } - out, err := execCommand("ceph-fuse", args[:]...) + _, stderr, err := execCommand("ceph-fuse", args[:]...) if err != nil { - return fmt.Errorf("cephfs: ceph-fuse failed with following error: %s\ncephfs: ceph-fuse output: %s", err, out) + return err } - if !bytes.Contains(out, []byte("starting fuse")) { - return fmt.Errorf("cephfs: ceph-fuse failed:\ncephfs: ceph-fuse output: %s", out) + if !bytes.Contains(stderr, []byte("starting fuse")) { + return fmt.Errorf("ceph-fuse failed: %s", stderr) } return nil @@ -137,16 +136,15 @@ func (m *fuseMounter) name() string { return "Ceph FUSE driver" } type kernelMounter struct{} func mountKernel(mountPoint string, cr *credentials, volOptions *volumeOptions, volID volumeID) error { - if err := execCommandAndValidate("modprobe", "ceph"); err != nil { + if err := execCommandErr("modprobe", "ceph"); err != nil { return err } - return execCommandAndValidate("mount", + return execCommandErr("mount", "-t", "ceph", fmt.Sprintf("%s:%s", volOptions.Monitors, volOptions.RootPath), mountPoint, - "-o", - fmt.Sprintf("name=%s,secretfile=%s", cr.id, getCephSecretPath(volID, cr.id)), + "-o", fmt.Sprintf("name=%s,secret=%s", cr.id, cr.key), ) } @@ -161,12 +159,12 @@ func (m *kernelMounter) mount(mountPoint string, cr *credentials, volOptions *vo func (m *kernelMounter) name() string { return "Ceph kernel client" } func bindMount(from, to string, readOnly bool) error { - if err := execCommandAndValidate("mount", "--bind", from, to); err != nil { + if err := execCommandErr("mount", "--bind", from, to); err != nil { return fmt.Errorf("failed to bind-mount %s to %s: %v", from, to, err) } if readOnly { - if err := execCommandAndValidate("mount", "-o", "remount,ro,bind", to); err != nil { + if err := execCommandErr("mount", "-o", "remount,ro,bind", to); err != nil { return fmt.Errorf("failed read-only remount of %s: %v", to, err) } } @@ -175,7 +173,7 @@ func bindMount(from, to string, readOnly bool) error { } func unmountVolume(mountPoint string) error { - return execCommandAndValidate("umount", mountPoint) + return execCommandErr("umount", mountPoint) } func createMountPoint(root string) error {