Merge pull request ceph#60818 from gbregman/main

gbregman · web-flow · commit 87089a016d65 · 2024-11-25T14:09:43.000+02:00
Add key encryption support to nvmeof configuration
diff --git a/src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2 b/src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2
@@ -8,6 +8,7 @@ enable_auth = {{ spec.enable_auth }}
 state_update_notify = {{ spec.state_update_notify }}
 state_update_interval_sec = {{ spec.state_update_interval_sec }}
 enable_spdk_discovery_controller = {{ spec.enable_spdk_discovery_controller }}
+enable_key_encryption = {{ spec.enable_key_encryption }}
 enable_prometheus_exporter = {{ spec.enable_prometheus_exporter }}
 prometheus_exporter_ssl = False
 prometheus_port = 10008
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -398,6 +398,7 @@ def test_nvmeof_config(self, _get_name, _run_cephadm, cephadm_module: CephadmOrc
 state_update_notify = True
 state_update_interval_sec = 5
 enable_spdk_discovery_controller = False
+enable_key_encryption = True
 enable_prometheus_exporter = True
 prometheus_exporter_ssl = False
 prometheus_port = 10008
@@ -410,7 +411,7 @@ def test_nvmeof_config(self, _get_name, _run_cephadm, cephadm_module: CephadmOrc
 spdk_ping_interval_in_seconds = 2.0
 ping_spdk_under_lock = False
 enable_monitor_client = True
-max_hosts_per_namespace = 1
+max_hosts_per_namespace = 8
 max_namespaces_with_netmask = 1000
 max_subsystems = 128
 max_namespaces = 1024
diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
@@ -1334,6 +1334,7 @@ def __init__(self,
                  state_update_notify: Optional[bool] = True,
                  state_update_interval_sec: Optional[int] = 5,
                  enable_spdk_discovery_controller: Optional[bool] = False,
+                 enable_key_encryption: Optional[bool] = True,
                  omap_file_lock_duration: Optional[int] = 20,
                  omap_file_lock_retries: Optional[int] = 30,
                  omap_file_lock_retry_sleep_interval: Optional[float] = 1.0,
@@ -1344,7 +1345,7 @@ def __init__(self,
                  allowed_consecutive_spdk_ping_failures: Optional[int] = 1,
                  spdk_ping_interval_in_seconds: Optional[float] = 2.0,
                  ping_spdk_under_lock: Optional[bool] = False,
-                 max_hosts_per_namespace: Optional[int] = 1,
+                 max_hosts_per_namespace: Optional[int] = 8,
                  max_namespaces_with_netmask: Optional[int] = 1000,
                  max_subsystems: Optional[int] = 128,
                  max_namespaces: Optional[int] = 1024,
@@ -1419,6 +1420,8 @@ def __init__(self,
         self.state_update_interval_sec = state_update_interval_sec
         #: ``enable_spdk_discovery_controller`` SPDK or ceph-nvmeof discovery service
         self.enable_spdk_discovery_controller = enable_spdk_discovery_controller
+        #: ``enable_key_encryption`` encrypt DHCHAP and PSK keys before saving in OMAP
+        self.enable_key_encryption = enable_key_encryption
         #: ``enable_prometheus_exporter`` enables Prometheus exporter
         self.enable_prometheus_exporter = enable_prometheus_exporter
         #: ``verify_nqns`` enables verification of subsystem and host NQNs for validity
@@ -1639,25 +1642,25 @@ def validate(self) -> None:
         if (self.max_namespaces_with_netmask and self.max_namespaces_with_netmask < 0):
             raise SpecValidationError("Max namespaces with netmask can't be negative")
 
-        if type(self.max_subsystems) != int:
+        if not isinstance(self.max_subsystems, int):
             raise SpecValidationError("Max subsystems must be an integer")
 
         if self.max_subsystems <= 0:
             raise SpecValidationError("Max subsystems must be greater than zero")
 
-        if type(self.max_namespaces) != int:
+        if not isinstance(self.max_namespaces, int):
             raise SpecValidationError("Max namespaces must be an integer")
 
         if self.max_namespaces <= 0:
             raise SpecValidationError("Max namespaces must be greater than zero")
 
-        if type(self.max_namespaces_per_subsystem) != int:
+        if not isinstance(self.max_namespaces_per_subsystem, int):
             raise SpecValidationError("Max namespaces per subsystem must be an integer")
 
         if self.max_namespaces_per_subsystem <= 0:
             raise SpecValidationError("Max namespaces per subsystem must be greater than zero")
 
-        if type(self.max_hosts_per_subsystem) != int:
+        if not isinstance(self.max_hosts_per_subsystem, int):
             raise SpecValidationError("Max hosts per subsystem must be an integer")
 
         if self.max_hosts_per_subsystem <= 0:
