Merge pull request ceph#61217 from gbregman/main

mgr/cephadm/nvmeof: Add key verification field to NVMeOF configuration

Author: gbregman

src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2

@@ -18,6 +18,7 @@ prometheus_exporter_ssl = False
 prometheus_port = {{ spec.prometheus_port }}
 prometheus_stats_interval = {{ spec.prometheus_stats_interval }}
 verify_nqns = {{ spec.verify_nqns }}
+verify_keys = {{ spec.verify_keys }}
 omap_file_lock_duration = {{ spec.omap_file_lock_duration }}
 omap_file_lock_retries = {{ spec.omap_file_lock_retries }}
 omap_file_lock_retry_sleep_interval = {{ spec.omap_file_lock_retry_sleep_interval }}

src/pybind/mgr/cephadm/tests/test_services.py

@@ -408,6 +408,7 @@ def test_nvmeof_config(self, _get_name, _run_cephadm, cephadm_module: CephadmOrc
 prometheus_port = 10008
 prometheus_stats_interval = 10
 verify_nqns = True
+verify_keys = True
 omap_file_lock_duration = 20
 omap_file_lock_retries = 30
 omap_file_lock_retry_sleep_interval = 1.0

src/python-common/ceph/deployment/service_spec.py

@@ -1351,6 +1351,7 @@ def __init__(self,
                  prometheus_stats_interval: Optional[int] = 10,
                  bdevs_per_cluster: Optional[int] = 32,
                  verify_nqns: Optional[bool] = True,
+                 verify_keys: Optional[bool] = True,
                  allowed_consecutive_spdk_ping_failures: Optional[int] = 1,
                  spdk_ping_interval_in_seconds: Optional[float] = 2.0,
                  ping_spdk_under_lock: Optional[bool] = False,
@@ -1450,6 +1451,8 @@ def __init__(self,
         self.prometheus_stats_interval = prometheus_stats_interval
         #: ``verify_nqns`` enables verification of subsystem and host NQNs for validity
         self.verify_nqns = verify_nqns
+        #: ``verify_keys`` enables verification of PSJ and DHCHAP keys in the gateway
+        self.verify_keys = verify_keys
         #: ``omap_file_lock_duration`` number of seconds before automatically unlock OMAP file lock
         self.omap_file_lock_duration = omap_file_lock_duration
         #: ``omap_file_lock_retries`` number of retries to lock OMAP file before giving up
@@ -1622,6 +1625,7 @@ def validate(self) -> None:
         verify_boolean(self.enable_key_encryption, "Enable key encryption")
         verify_boolean(self.enable_prometheus_exporter, "Enable Prometheus exporter")
         verify_boolean(self.verify_nqns, "Verify NQNs")
+        verify_boolean(self.verify_keys, "Verify Keys")
         verify_boolean(self.log_files_enabled, "Log files enabled")
         verify_boolean(self.log_files_rotation_enabled, "Log files rotation enabled")
         verify_boolean(self.verbose_log_messages, "Verbose log messages")