4b47db95bf
This repository used to be a collection of several cookbooks, but this hasn't been true for a month, since a77b418b95df8f2b6f56d9a90e47dc62100cdf4d. Simplifies the file layout and makes this look more like your usual cookbook. Thanks to Guilhem Lettron <guilhem@lettron.fr>
107 lines
3.3 KiB
Ruby
107 lines
3.3 KiB
Ruby
# this recipe creates a monitor cluster
|
|
|
|
require 'json'
|
|
|
|
include_recipe "ceph::default"
|
|
include_recipe "ceph::conf"
|
|
|
|
if is_crowbar?
|
|
ipaddress = Chef::Recipe::Barclamp::Inventory.get_network_by_type(node, "admin").address
|
|
else
|
|
ipaddress = node['ipaddress']
|
|
end
|
|
|
|
service "ceph-mon-all-starter" do
|
|
provider Chef::Provider::Service::Upstart
|
|
action [:enable]
|
|
end
|
|
|
|
# TODO cluster name
|
|
cluster = 'ceph'
|
|
|
|
execute 'ceph-mon mkfs' do
|
|
command <<-EOH
|
|
set -e
|
|
# TODO chef creates doesn't seem to suppressing re-runs, do it manually
|
|
if [ -e '/var/lib/ceph/mon/ceph-#{node["hostname"]}/done' ]; then
|
|
echo 'ceph-mon mkfs already done, skipping'
|
|
exit 0
|
|
fi
|
|
KR='/var/lib/ceph/tmp/#{cluster}-#{node['hostname']}.mon.keyring'
|
|
# TODO don't put the key in "ps" output, stdout
|
|
ceph-authtool "$KR" --create-keyring --name=mon. --add-key='#{node["ceph"]["monitor-secret"]}' --cap mon 'allow *'
|
|
|
|
ceph-mon --mkfs -i #{node['hostname']} --keyring "$KR"
|
|
rm -f -- "$KR"
|
|
touch /var/lib/ceph/mon/ceph-#{node['hostname']}/done
|
|
EOH
|
|
# TODO built-in done-ness flag for ceph-mon?
|
|
creates '/var/lib/ceph/mon/ceph-#{node["hostname"]}/done'
|
|
notifies :start, "service[ceph-mon-all-starter]", :immediately
|
|
end
|
|
|
|
ruby_block "tell ceph-mon about its peers" do
|
|
block do
|
|
mon_addresses = get_mon_addresses()
|
|
mon_addresses.each do |addr|
|
|
system 'ceph', \
|
|
'--admin-daemon', "/var/run/ceph/ceph-mon.#{node['hostname']}.asok", \
|
|
'add_bootstrap_peer_hint', "#{addr}"
|
|
# ignore errors
|
|
end
|
|
end
|
|
end
|
|
|
|
ruby_block "create client.admin keyring" do
|
|
block do
|
|
if not ::File.exists?('/etc/ceph/ceph.client.admin.keyring') then
|
|
if not have_quorum? then
|
|
puts 'ceph-mon is not in quorum, skipping bootstrap-osd key generation for this run'
|
|
else
|
|
# TODO --set-uid=0
|
|
key = %x[
|
|
ceph \
|
|
--name mon. \
|
|
--keyring '/var/lib/ceph/mon/#{cluster}-#{node['hostname']}/keyring' \
|
|
auth get-or-create-key client.admin \
|
|
mon 'allow *' \
|
|
osd 'allow *' \
|
|
mds allow
|
|
]
|
|
raise 'adding or getting admin key failed' unless $?.exitstatus == 0
|
|
# TODO don't put the key in "ps" output, stdout
|
|
system 'ceph-authtool', \
|
|
'/etc/ceph/ceph.client.admin.keyring', \
|
|
'--create-keyring', \
|
|
'--name=client.admin', \
|
|
"--add-key=#{key}"
|
|
raise 'creating admin keyring failed' unless $?.exitstatus == 0
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
ruby_block "save osd bootstrap key in node attributes" do
|
|
block do
|
|
if node['ceph_bootstrap_osd_key'].nil? then
|
|
if not have_quorum? then
|
|
puts 'ceph-mon is not in quorum, skipping bootstrap-osd key generation for this run'
|
|
else
|
|
key = %x[
|
|
ceph \
|
|
--name mon. \
|
|
--keyring '/var/lib/ceph/mon/#{cluster}-#{node['hostname']}/keyring' \
|
|
auth get-or-create-key client.bootstrap-osd mon \
|
|
"allow command osd create ...; \
|
|
allow command osd crush set ...; \
|
|
allow command auth add * osd allow\\ * mon allow\\ rwx; \
|
|
allow command mon getmap"
|
|
]
|
|
raise 'adding or getting bootstrap-osd key failed' unless $?.exitstatus == 0
|
|
node.override['ceph_bootstrap_osd_key'] = key
|
|
node.save
|
|
end
|
|
end
|
|
end
|
|
end
|