|
14 | 14 | if TYPE_CHECKING: |
15 | 15 | from .module import CephadmOrchestrator |
16 | 16 |
|
17 | | -LAST_MIGRATION = 6 |
| 17 | +LAST_MIGRATION = 7 |
18 | 18 |
|
19 | 19 | logger = logging.getLogger(__name__) |
20 | 20 |
|
@@ -105,6 +105,10 @@ def migrate(self, startup: bool = False) -> None: |
105 | 105 | if self.migrate_5_6(): |
106 | 106 | self.set(6) |
107 | 107 |
|
| 108 | + if self.mgr.migration_current == 6: |
| 109 | + if self.migrate_6_7(): |
| 110 | + self.set(7) |
| 111 | + |
108 | 112 | def migrate_0_1(self) -> bool: |
109 | 113 | """ |
110 | 114 | Migration 0 -> 1 |
@@ -410,6 +414,60 @@ def migrate_5_6(self) -> bool: |
410 | 414 | self.rgw_migration_queue = [] |
411 | 415 | return True |
412 | 416 |
|
| 417 | + def migrate_6_7(self) -> bool: |
| 418 | + # start by placing certs/keys from rgw, iscsi, and ingress specs into cert store |
| 419 | + for spec in self.mgr.spec_store.all_specs.values(): |
| 420 | + if spec.service_type in ['rgw', 'ingress', 'iscsi']: |
| 421 | + logger.info(f'Migrating certs/keys for {spec.service_name()} spec to cert store') |
| 422 | + self.mgr.spec_store._save_certs_and_keys(spec) |
| 423 | + |
| 424 | + # Migrate service discovery and agent endpoint certs |
| 425 | + # These constants were taken from where these certs were |
| 426 | + # originally generated and should be the location they |
| 427 | + # were store at prior to the cert store |
| 428 | + KV_STORE_AGENT_ROOT_CERT = 'cephadm_agent/root/cert' |
| 429 | + KV_STORE_AGENT_ROOT_KEY = 'cephadm_agent/root/key' |
| 430 | + KV_STORE_SD_ROOT_CERT = 'service_discovery/root/cert' |
| 431 | + KV_STORE_SD_ROOT_KEY = 'service_discovery/root/key' |
| 432 | + |
| 433 | + agent_endpoint_cert = self.mgr.get_store(KV_STORE_AGENT_ROOT_CERT) |
| 434 | + if agent_endpoint_cert: |
| 435 | + logger.info('Migrating agent root cert to cert store') |
| 436 | + self.mgr.cert_key_store.save_cert('agent_endpoint_root_cert', agent_endpoint_cert) |
| 437 | + agent_endpoint_key = self.mgr.get_store(KV_STORE_AGENT_ROOT_KEY) |
| 438 | + if agent_endpoint_key: |
| 439 | + logger.info('Migrating agent root key to cert store') |
| 440 | + self.mgr.cert_key_store.save_key('agent_endpoint_key', agent_endpoint_key) |
| 441 | + service_discovery_cert = self.mgr.get_store(KV_STORE_SD_ROOT_CERT) |
| 442 | + if service_discovery_cert: |
| 443 | + logger.info('Migrating service discovery cert to cert store') |
| 444 | + self.mgr.cert_key_store.save_cert('service_discovery_root_cert', service_discovery_cert) |
| 445 | + service_discovery_key = self.mgr.get_store(KV_STORE_SD_ROOT_KEY) |
| 446 | + if service_discovery_key: |
| 447 | + logger.info('Migrating service discovery key to cert store') |
| 448 | + self.mgr.cert_key_store.save_key('service_discovery_key', service_discovery_key) |
| 449 | + |
| 450 | + # grafana certs are stored based on the host they are placed on |
| 451 | + for grafana_daemon in self.mgr.cache.get_daemons_by_type('grafana'): |
| 452 | + logger.info(f'Checking for cert/key for {grafana_daemon.name()}') |
| 453 | + hostname = grafana_daemon.hostname |
| 454 | + assert hostname is not None # for mypy |
| 455 | + grafana_cert_path = f'{hostname}/grafana_crt' |
| 456 | + grafana_key_path = f'{hostname}/grafana_key' |
| 457 | + grafana_cert = self.mgr.get_store(grafana_cert_path) |
| 458 | + if grafana_cert: |
| 459 | + logger.info(f'Migrating {grafana_daemon.name()} cert to cert store') |
| 460 | + self.mgr.cert_key_store.save_cert('grafana_cert', grafana_cert, host=hostname) |
| 461 | + grafana_key = self.mgr.get_store(grafana_key_path) |
| 462 | + if grafana_key: |
| 463 | + logger.info(f'Migrating {grafana_daemon.name()} key to cert store') |
| 464 | + self.mgr.cert_key_store.save_key('grafana_key', grafana_key, host=hostname) |
| 465 | + |
| 466 | + # NOTE: prometheus, alertmanager, and node-exporter certs were not stored |
| 467 | + # and appeared to just be generated at daemon deploy time if secure_monitoring_stack |
| 468 | + # was set to true. Therefore we have nothing to migrate for those daemons |
| 469 | + return True |
| 470 | + |
413 | 471 |
|
414 | 472 | def queue_migrate_rgw_spec(mgr: "CephadmOrchestrator", spec_dict: Dict[Any, Any]) -> None: |
415 | 473 | """ |
|
0 commit comments