Implement key rotation on Quincy

This patchset implements key rotation for Quincy. This needs to be
done before merging to master as this action requires coordination
between ceph-mon and ceph-osd, and these use quincy/edge to run the
test bundles.

Change-Id: I2a49b89c7438626f55347b4201803496557b28ec
func-test-pr: openstack-charmers/zaza-openstack-tests#1201

ceph-osd/.gitreview

@@ -2,3 +2,5 @@
 host=review.opendev.org
 port=29418
 project=openstack/charm-ceph-osd.git
+
+defaultbranch=stable/quincy.2

ceph-osd/hooks/ceph_hooks.py

@@ -83,6 +83,7 @@
     import_osd_upgrade_key,
     import_osd_removal_key,
     import_client_crash_key,
+    import_pending_key,
     get_host_ip,
     get_networks,
     assert_charm_supports_ipv6,
@@ -719,8 +720,23 @@ def get_bdev_enable_discard():
                           "bdev-enable-discard: %s") % bdev_enable_discard)
 
 
+def handle_pending_key(pending_key):
+    key_map = json.loads(pending_key)
+    for osd_id, key in key_map.items():
+        if not os.path.exists('/var/lib/ceph/osd/ceph-%s' % osd_id):
+            continue
+
+        import_pending_key(key, osd_id)
+        service_restart('ceph-osd@%s' % osd_id)
+
+
 @hooks.hook('mon-relation-changed')
 def mon_relation():
+    pending_key = relation_get('pending_key')
+    if pending_key:
+        handle_pending_key(pending_key)
+        return
+
     bootstrap_key = relation_get('osd_bootstrap_key')
     upgrade_key = relation_get('osd_upgrade_key')
     removal_key = relation_get('osd_disk_removal_key')

ceph-osd/hooks/utils.py

@@ -85,15 +85,17 @@ def is_osd_bootstrap_ready():
     return os.path.exists(_bootstrap_keyring)
 
 
-def _import_key(key, path, name):
-    if not os.path.exists(path):
+def _import_key(key, path, name, override=False):
+    exists = os.path.exists(path)
+    if not exists or override:
+        create = ['--create-keyring'] if not exists else []
         cmd = [
             'sudo',
             '-u',
             ceph.ceph_user(),
             'ceph-authtool',
-            path,
-            '--create-keyring',
+            path
+        ] + create + [
             '--name={}'.format(name),
             '--add-key={}'.format(key)
         ]
@@ -140,6 +142,19 @@ def import_client_crash_key(key):
     _import_key(key, _client_crash_keyring, 'client.crash')
 
 
+def import_pending_key(key, osd_id):
+    """
+    Import a pending key, used for key rotation.
+
+    :param key: The pending cephx key that will replace the current one.
+    :type key: str
+    :param osd_id: The OSD id whose key will be replaced.
+    :type osd_id: str
+    :raises: subprocess.CalledProcessError"""
+    _import_key(key, '/var/lib/ceph/osd/ceph-%s/keyring' % osd_id,
+                'osd.%s' % osd_id, override=True)
+
+
 def render_template(template_name, context, template_dir=TEMPLATES_DIR):
     """Render Jinja2 template.
 

ceph-osd/lib/charms_ceph/utils.py

@@ -3215,6 +3215,8 @@ def dirs_need_ownership_update(service):
     'wallaby': 'pacific',
     'xena': 'pacific',
     'yoga': 'quincy',
+    'zed': 'quincy',
+    'antelope': 'quincy',
 }
 
 

ceph-osd/osci.yaml

@@ -2,7 +2,6 @@
     templates:
       - charm-unit-jobs-py38
       - charm-unit-jobs-py310
-      - charm-xena-functional-jobs
       - charm-yoga-functional-jobs
     check:
       jobs:

ceph-osd/tests/tests.yaml

@@ -1,13 +1,9 @@
 charm_name: ceph-osd
 
 gate_bundles:
-  - focal-xena
   - focal-yoga
   - jammy-yoga
 
-smoke_bundles:
-  - focal-xena
-
 configure:
   - zaza.openstack.charm_tests.glance.setup.add_lts_image
 
@@ -16,3 +12,6 @@ tests:
   - zaza.openstack.charm_tests.ceph.tests.CephTest
   - zaza.openstack.charm_tests.ceph.osd.tests.SecurityTest
   - zaza.openstack.charm_tests.ceph.osd.tests.ServiceTest
+  # Upgrade charm, then test key rotation.
+  - zaza.charm_tests.lifecycle.tests.UpgradeCharmsToPath;ceph-osd
+  - zaza.openstack.charm_tests.ceph.tests.CephMonKeyRotationTests

ceph-osd/tox.ini

@@ -51,7 +51,7 @@ basepython = python3
 deps = -r{toxinidir}/build-requirements.txt
 commands =
     charmcraft clean
-    charmcraft -v build
+    charmcraft -v pack
     {toxinidir}/rename.sh
 
 [testenv:py36]