mgr/nfs: Update cluster create command to accept kmip relates params and update export command

Signed-off-by: Shweta Bhosale <[email protected]>
(cherry picked from commit 61a56ec)

Conflicts:
	src/pybind/mgr/nfs/cluster.py
	src/pybind/mgr/nfs/ganesha_conf.py
	src/pybind/mgr/nfs/module.py

Resolves: rhbz#2373703

Author: ShwetaBhosale1

src/cephadm/cephadmlib/daemons/nfs.py

@@ -172,10 +172,23 @@ def create_daemon_dirs(self, data_dir, uid, gid):
 
         # create the ganesha conf dir
         config_dir = os.path.join(data_dir, 'etc/ganesha')
+        kmip_dir = os.path.join(data_dir, 'etc/ganesha/kmip')
         makedirs(config_dir, uid, gid, 0o755)
-
+        makedirs(kmip_dir, uid, gid, 0o755)
+
+        config_files = {
+            fname: content
+            for fname, content in self.files.items()
+            if fname.endswith('.conf')
+        }
+        kmip_files = {
+            fname: content
+            for fname, content in self.files.items()
+            if fname.startswith('kmip')
+        }
         # populate files from the config-json
-        populate_files(config_dir, self.files, uid, gid)
+        populate_files(config_dir, config_files, uid, gid)
+        populate_files(kmip_dir, kmip_files, uid, gid)
 
         # write the RGW keyring
         if self.rgw:

src/pybind/mgr/cephadm/services/nfs.py

@@ -183,7 +183,7 @@ def get_cephadm_config() -> Dict[str, Any]:
                     'kmip_key',
                     'kmip_ca_cert',
                 ]:
-                    config['files'][kmip_cert_key_field] = getattr(spec, kmip_cert_key_field)
+                    config['files'][f'{kmip_cert_key_field}.pem'] = getattr(spec, kmip_cert_key_field)
             config.update(
                 self.get_config_and_keyring(
                     daemon_type, daemon_id,

src/pybind/mgr/nfs/cluster.py

@@ -73,7 +73,11 @@ def _call_orch_apply_nfs(
             virtual_ip: Optional[str] = None,
             ingress_mode: Optional[IngressType] = None,
             port: Optional[int] = None,
-            enable_virtual_server: bool = False
+            enable_virtual_server: bool = False,
+            kmip_cert: Optional[str] = None,
+            kmip_key: Optional[str] = None,
+            kmip_ca_cert: Optional[str] = None,
+            kmip_host_list: Optional[List[str]] = None
     ) -> None:
         if not port:
             port = 2049   # default nfs port
@@ -101,14 +105,17 @@ def _call_orch_apply_nfs(
                 keepalive_only = True
                 ganesha_port = port
                 frontend_port = None
-
             spec = NFSServiceSpec(service_type='nfs', service_id=cluster_id,
                                   placement=pspec,
                                   # use non-default port so we don't conflict with ingress
                                   port=ganesha_port,
                                   virtual_ip=virtual_ip_for_ganesha,
                                   enable_haproxy_protocol=enable_haproxy_protocol,
-                                  enable_virtual_server=enable_virtual_server)
+                                  enable_virtual_server=enable_virtual_server,
+                                  kmip_cert=kmip_cert,
+                                  kmip_key=kmip_key,
+                                  kmip_ca_cert=kmip_ca_cert,
+                                  kmip_host_list=kmip_host_list)
             completion = self.mgr.apply_nfs(spec)
             orchestrator.raise_if_exception(completion)
             ispec = IngressSpec(service_type='ingress',
@@ -126,7 +133,12 @@ def _call_orch_apply_nfs(
             # standalone nfs
             spec = NFSServiceSpec(service_type='nfs', service_id=cluster_id,
                                   placement=PlacementSpec.from_string(placement),
-                                  port=port, enable_virtual_server=enable_virtual_server)
+                                  port=port,
+                                  enable_virtual_server=enable_virtual_server,
+                                  kmip_cert=kmip_cert,
+                                  kmip_key=kmip_key,
+                                  kmip_ca_cert=kmip_ca_cert,
+                                  kmip_host_list=kmip_host_list)
             completion = self.mgr.apply_nfs(spec)
             orchestrator.raise_if_exception(completion)
         log.debug("Successfully deployed nfs daemons with cluster id %s and placement %s",
@@ -150,7 +162,11 @@ def create_nfs_cluster(
             ingress: Optional[bool] = None,
             ingress_mode: Optional[IngressType] = None,
             port: Optional[int] = None,
-            enable_virtual_server: bool = False
+            enable_virtual_server: bool = False,
+            kmip_cert: Optional[str] = None,
+            kmip_key: Optional[str] = None,
+            kmip_ca_cert: Optional[str] = None,
+            kmip_host_list: Optional[List[str]] = None
     ) -> None:
         try:
             if virtual_ip:
@@ -180,6 +196,10 @@ def create_nfs_cluster(
                     virtual_ip,
                     ingress_mode,
                     port,
+                    kmip_cert,
+                    kmip_key,
+                    kmip_ca_cert,
+                    kmip_host_list,
                     enable_virtual_server
                 )
                 return

src/pybind/mgr/nfs/export.py

@@ -698,7 +698,8 @@ def create_cephfs_export(self,
                              clients: list = [],
                              sectype: Optional[List[str]] = None,
                              cmount_path: Optional[str] = "/",
-                             earmark_resolver: Optional[CephFSEarmarkResolver] = None
+                             earmark_resolver: Optional[CephFSEarmarkResolver] = None,
+                             kmip_key_id: Optional[str] = None
                              ) -> Dict[str, Any]:
 
         validate_cephfs_path(self.mgr, fs_name, path)
@@ -723,6 +724,7 @@ def create_cephfs_export(self,
                     },
                     "clients": clients,
                     "sectype": sectype,
+                    "kmip_key_id": kmip_key_id
                 },
                 earmark_resolver
             )
@@ -748,7 +750,8 @@ def create_rgw_export(self,
                           bucket: Optional[str] = None,
                           user_id: Optional[str] = None,
                           clients: list = [],
-                          sectype: Optional[List[str]] = None) -> Dict[str, Any]:
+                          sectype: Optional[List[str]] = None,
+                          kmip_key_id: Optional[str] = None) -> Dict[str, Any]:
         pseudo_path = normalize_path(pseudo_path)
 
         if not bucket and not user_id:
@@ -769,6 +772,7 @@ def create_rgw_export(self,
                     },
                     "clients": clients,
                     "sectype": sectype,
+                    "kmip_key_id": kmip_key_id
                 }
             )
             log.debug("creating rgw export %s", export)

src/pybind/mgr/nfs/ganesha_conf.py

@@ -356,7 +356,8 @@ def __init__(
             fsal: FSAL,
             clients: Optional[List[Client]] = None,
             sectype: Optional[List[str]] = None,
-            qos_block: Optional[QOS] = None) -> None:
+            qos_block: Optional[QOS] = None,
+            kmip_key_id: Optional[str] = None) -> None:
         self.export_id = export_id
         self.path = path
         self.fsal = fsal
@@ -371,6 +372,7 @@ def __init__(
         self.clients: List[Client] = clients or []
         self.sectype = sectype
         self.qos_block = qos_block
+        self.kmip_key_id = kmip_key_id
 
     @classmethod
     def from_export_block(cls, export_block: RawBlock, cluster_id: str) -> 'Export':
@@ -417,11 +419,17 @@ def from_export_block(cls, export_block: RawBlock, cluster_id: str) -> 'Export':
                    [Client.from_client_block(client)
                     for client in client_blocks],
                    sectype=sectype,
-                   qos_block=qos_block
+                   qos_block=qos_block,
+                   kmip_key_id=export_block.values.get('kmip_key_id')
                    )
 
     def to_export_block(self) -> RawBlock:
-        values = {
+        # if kmip_key_id is present, it should be first line of export block
+        values: Dict[str, Any] = {}
+        if self.kmip_key_id:
+            values['kmip_key_id'] = self.kmip_key_id
+
+        values.update({
             'export_id': self.export_id,
             'path': self.path,
             'pseudo': self.pseudo,
@@ -431,7 +439,7 @@ def to_export_block(self) -> RawBlock:
             'security_label': self.security_label,
             'protocols': self.protocols,
             'transports': self.transports,
-        }
+        })
         if self.sectype:
             values['SecType'] = self.sectype
         result = RawBlock("EXPORT", values=values)
@@ -463,7 +471,8 @@ def from_dict(cls, export_id: int, ex_dict: Dict[str, Any]) -> 'Export':
                    FSAL.from_dict(ex_dict.get('fsal', {})),
                    [Client.from_dict(client) for client in ex_dict.get('clients', [])],
                    sectype=ex_dict.get("sectype"),
-                   qos_block=qos_block
+                   qos_block=qos_block,
+                   kmip_key_id=ex_dict.get('kmip_key_id')
                    )
 
     def to_dict(self) -> Dict[str, Any]:
@@ -484,6 +493,8 @@ def to_dict(self) -> Dict[str, Any]:
             values['sectype'] = self.sectype
         if self.qos_block:
             values['qos_block'] = self.qos_block.to_dict()
+        if self.kmip_key_id:
+            values['kmip_key_id'] = self.kmip_key_id
         return values
 
     def validate(self, mgr: 'Module') -> None:
@@ -535,14 +546,15 @@ def __eq__(self, other: Any) -> bool:
 
 def _format_block_body(block: RawBlock, depth: int = 0) -> str:
     conf_str = ""
-    for blo in block.blocks:
-        conf_str += format_block(blo, depth)
-
     for key, val in block.values.items():
         if val is not None:
             conf_str += _indentation(depth)
             fval = _format_val(block.block_name, key, val)
             conf_str += '{} = {};\n'.format(key, fval)
+
+    for blo in block.blocks:
+        conf_str += format_block(blo, depth)
+
     return conf_str
 
 

src/pybind/mgr/nfs/module.py

@@ -41,7 +41,8 @@ def _cmd_nfs_export_create_cephfs(
             squash: str = 'none',
             sectype: Optional[List[str]] = None,
             cmount_path: Optional[str] = "/",
-            skip_notify_nfs_server: bool = False
+            skip_notify_nfs_server: bool = False,
+            kmip_key_id: Optional[str] = None
     ) -> Dict[str, Any]:
         """Create a CephFS export"""
         self.export_mgr.skip_notify_nfs_server = skip_notify_nfs_server
@@ -57,7 +58,8 @@ def _cmd_nfs_export_create_cephfs(
             addr=client_addr,
             sectype=sectype,
             cmount_path=cmount_path,
-            earmark_resolver=earmark_resolver
+            earmark_resolver=earmark_resolver,
+            kmip_key_id=kmip_key_id
         )
 
     @CLICommand('nfs export create rgw', perm='rw')
@@ -72,7 +74,8 @@ def _cmd_nfs_export_create_rgw(
             client_addr: Optional[List[str]] = None,
             squash: str = 'none',
             sectype: Optional[List[str]] = None,
-            skip_notify_nfs_server: bool = False
+            skip_notify_nfs_server: bool = False,
+            kmip_key_id: Optional[str] = None
     ) -> Dict[str, Any]:
         """Create an RGW export"""
         self.export_mgr.skip_notify_nfs_server = skip_notify_nfs_server
@@ -86,6 +89,7 @@ def _cmd_nfs_export_create_rgw(
             squash=squash,
             addr=client_addr,
             sectype=sectype,
+            kmip_key_id=kmip_key_id
         )
 
     @CLICommand('nfs export rm', perm='rw')
@@ -148,12 +152,19 @@ def _cmd_nfs_cluster_create(self,
                                 virtual_ip: Optional[str] = None,
                                 ingress_mode: Optional[IngressType] = None,
                                 port: Optional[int] = None,
-                                enable_virtual_server: bool = False) -> None:
+                                enable_virtual_server: bool = False,
+                                kmip_cert: Optional[str] = None,
+                                kmip_key: Optional[str] = None,
+                                kmip_ca_cert: Optional[str] = None,
+                                kmip_host_list: Optional[List[str]] = None,
+                                ) -> None:
         """Create an NFS Cluster"""
         return self.nfs.create_nfs_cluster(cluster_id=cluster_id, placement=placement,
                                            virtual_ip=virtual_ip, ingress=ingress,
                                            ingress_mode=ingress_mode, port=port,
-                                           enable_virtual_server=enable_virtual_server)
+                                           enable_virtual_server=enable_virtual_server,
+                                           kmip_cert=kmip_cert, kmip_key=kmip_key,
+                                           kmip_ca_cert=kmip_ca_cert, kmip_host_list=kmip_host_list)
 
     @CLICommand('nfs cluster rm', perm='rw')
     @object_format.EmptyResponder()