diff options
| author | Guillaume Abrioux <gabrioux@ibm.com> | 2024-08-08 21:12:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-08 21:12:38 +0200 |
| commit | 1924efd8db7d17cac43ddcffb902dc72e3f0f510 (patch) | |
| tree | aab73ae7a65fbf4148b7f97871efbe6f940bfb41 /src | |
| parent | Merge PR #58861 into main (diff) | |
| parent | qa/cephadm: use cephadm ceph-volume directly to zap devs (diff) | |
| download | ceph-1924efd8db7d17cac43ddcffb902dc72e3f0f510.tar.xz ceph-1924efd8db7d17cac43ddcffb902dc72e3f0f510.zip | |
Merge pull request #57037 from adk3798/cephadm-limit-shell-mounts
cephadm: limit mounts for shell and ceph-volume commands
Diffstat (limited to 'src')
| -rwxr-xr-x | src/cephadm/cephadm.py | 4 | ||||
| -rw-r--r-- | src/cephadm/cephadmlib/daemons/ceph.py | 21 | ||||
| -rw-r--r-- | src/cephadm/tests/test_cephadm.py | 1 |
3 files changed, 20 insertions, 6 deletions
diff --git a/src/cephadm/cephadm.py b/src/cephadm/cephadm.py index fc99d9c17a5..7450d0945ed 100755 --- a/src/cephadm/cephadm.py +++ b/src/cephadm/cephadm.py @@ -3172,7 +3172,7 @@ def command_shell(ctx): daemon_type = ctx.name daemon_id = None else: - daemon_type = 'osd' # get the most mounts + daemon_type = 'shell' # get limited set of mounts daemon_id = None if ctx.fsid and daemon_type in ceph_daemons(): @@ -3310,7 +3310,7 @@ def command_ceph_volume(ctx): lock.acquire() (uid, gid) = (0, 0) # ceph-volume runs as root - mounts = get_container_mounts_for_type(ctx, ctx.fsid, 'osd') + mounts = get_container_mounts_for_type(ctx, ctx.fsid, 'ceph-volume') tmp_config = None tmp_keyring = None diff --git a/src/cephadm/cephadmlib/daemons/ceph.py b/src/cephadm/cephadmlib/daemons/ceph.py index efb013c7e09..cf26e017164 100644 --- a/src/cephadm/cephadmlib/daemons/ceph.py +++ b/src/cephadm/cephadmlib/daemons/ceph.py @@ -424,12 +424,17 @@ def get_ceph_mounts_for_type( """ mounts = dict() - if daemon_type in ceph_daemons(): + if daemon_type in ceph_daemons() or daemon_type in [ + 'ceph-volume', + 'shell', + ]: if fsid: run_path = os.path.join('/var/run/ceph', fsid) if os.path.exists(run_path): mounts[run_path] = '/var/run/ceph:z' log_dir = os.path.join(ctx.log_dir, fsid) + if not os.path.exists(log_dir): + os.mkdir(log_dir) mounts[log_dir] = '/var/log/ceph:z' crash_dir = '/var/lib/ceph/%s/crash' % fsid if os.path.exists(crash_dir): @@ -438,14 +443,19 @@ def get_ceph_mounts_for_type( journald_sock_dir = '/run/systemd/journal' mounts[journald_sock_dir] = journald_sock_dir - if daemon_type in ['mon', 'osd', 'clusterless-ceph-volume']: + if daemon_type in [ + 'mon', + 'osd', + 'ceph-volume', + 'clusterless-ceph-volume', + ]: mounts['/dev'] = '/dev' # FIXME: narrow this down? mounts['/run/udev'] = '/run/udev' - if daemon_type in ['osd', 'clusterless-ceph-volume']: + if daemon_type in ['osd', 'ceph-volume', 'clusterless-ceph-volume']: mounts['/sys'] = '/sys' # for numa.cc, pick_address, cgroups, ... mounts['/run/lvm'] = '/run/lvm' mounts['/run/lock/lvm'] = '/run/lock/lvm' - if daemon_type == 'osd': + if daemon_type in ['osd', 'ceph-volume']: # selinux-policy in the container may not match the host. if HostFacts(ctx).selinux_enabled: cluster_dir = f'{ctx.data_dir}/{fsid}' @@ -458,7 +468,10 @@ def get_ceph_mounts_for_type( logger.error( f'Cluster direcotry {cluster_dir} does not exist.' ) + if daemon_type == 'osd': mounts['/'] = '/rootfs' + elif daemon_type == 'ceph-volume': + mounts['/'] = '/rootfs:rslave' try: if ( diff --git a/src/cephadm/tests/test_cephadm.py b/src/cephadm/tests/test_cephadm.py index 9e0345fe758..928982de70b 100644 --- a/src/cephadm/tests/test_cephadm.py +++ b/src/cephadm/tests/test_cephadm.py @@ -380,6 +380,7 @@ class TestCephAdm(object): _deploy_daemon = funkypatch.patch('cephadm.deploy_daemon') funkypatch.patch('cephadm.make_var_run') funkypatch.patch('cephadmlib.file_utils.make_run_dir') + funkypatch.patch('os.mkdir') _migrate_sysctl = funkypatch.patch('cephadm.migrate_sysctl_dir') funkypatch.patch( 'cephadm.check_unit', |