common/options: add ms_mon_client_mode

The server now has a list of *allowed* modes (no ordering) and the clients have a list of modes in order of preference. Since we want everything connecting to the mon to be secure by default (think: ceph auth set ...), we need a separate option to ensure we prefer secure mon connections from the CLI etc. Signed-off-by: Sage Weil <[email protected]>
allenk · Feb 20, 2019 · b9c294e · b9c294e
1 parent 2d53093
commit b9c294e
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/src/auth/AuthRegistry.cc b/src/auth/AuthRegistry.cc
@@ -103,6 +103,8 @@ void AuthRegistry::_refresh_config()
 		   &mon_cluster_modes);
   _parse_mode_list(cct->_conf.get_val<string>("ms_mon_service_mode"),
 		   &mon_service_modes);
+  _parse_mode_list(cct->_conf.get_val<string>("ms_mon_client_mode"),
+		   &mon_client_modes);
   _parse_mode_list(cct->_conf.get_val<string>("ms_cluster_mode"),
 		   &cluster_modes);
   _parse_mode_list(cct->_conf.get_val<string>("ms_service_mode"),
@@ -115,8 +117,9 @@ void AuthRegistry::_refresh_config()
 		<< " client_methods " << client_methods
 		<< dendl;
   ldout(cct,10) << __func__ << " mon_cluster_modes " << mon_cluster_modes
-		<< " mon_service_mdoes " << mon_service_modes
-		<< " cluster_modes " << cluster_modes
+		<< " mon_service_modes " << mon_service_modes
+		<< " mon_client_modes " << mon_client_modes
+		<< "; cluster_modes " << cluster_modes
 		<< " service_modes " << service_modes
 		<< " client_modes " << client_modes
 		<< dendl;
@@ -163,7 +166,13 @@ void AuthRegistry::get_supported_methods(
       *methods = client_methods;
     }
     if (modes) {
-      *modes = client_modes;
+      switch (peer_type) {
+      case CEPH_ENTITY_TYPE_MON:
+	*modes = mon_client_modes;
+	break;
+      default:
+	*modes = client_modes;
+      }
     }
     return;
   case CEPH_ENTITY_TYPE_MON:

diff --git a/src/auth/AuthRegistry.h b/src/auth/AuthRegistry.h
@@ -28,6 +28,7 @@ class AuthRegistry : public md_config_obs_t {
   // CEPH_CON_MODE_*
   std::vector<uint32_t> mon_cluster_modes;
   std::vector<uint32_t> mon_service_modes;
+  std::vector<uint32_t> mon_client_modes;
   std::vector<uint32_t> cluster_modes;
   std::vector<uint32_t> service_modes;
   std::vector<uint32_t> client_modes;

diff --git a/src/common/options.cc b/src/common/options.cc
@@ -844,6 +844,7 @@ std::vector<Option> get_global_options() {
     .set_default("crc secure")
     .set_description("Connection modes (crc, secure) for intra-mon connections in order of preference")
     .add_see_also("ms_mon_service_mode")
+    .add_see_also("ms_mon_client_mode")
     .add_see_also("ms_service_mode")
     .add_see_also("ms_cluster_mode")
     .add_see_also("ms_client_mode"),
@@ -853,6 +854,16 @@ std::vector<Option> get_global_options() {
     .set_description("Allowed connection modes (crc, secure) for connections to mons")
     .add_see_also("ms_service_mode")
     .add_see_also("ms_mon_cluster_mode")
+    .add_see_also("ms_mon_client_mode")
+    .add_see_also("ms_cluster_mode")
+    .add_see_also("ms_client_mode"),
+
+    Option("ms_mon_client_mode", Option::TYPE_STR, Option::LEVEL_BASIC)
+    .set_default("crc secure")
+    .set_description("Connection modes (crc, secure) for connections from clients to monitors in order of preference")
+    .add_see_also("ms_mon_service_mode")
+    .add_see_also("ms_mon_cluster_mode")
+    .add_see_also("ms_service_mode")
     .add_see_also("ms_cluster_mode")
     .add_see_also("ms_client_mode"),