Merge pull request #212 from enovance/bug/154/fcleseb

Write CephX keys to files
2014-02-11 13:48:14 +01:00 · 2014-02-11 13:48:14 +01:00 · 6662cad9da
commit 6662cad9da
parent 6eadc31814 052600554d
4 changed files with 85 additions and 0 deletions
--- a/manifests/image.pp
+++ b/manifests/image.pp
@ -132,6 +132,17 @@ class cloud::image(
    rbd_store_pool => $rbd_store_pool
  }

+  Ceph::Key <<| title == $glance_user |>>
+  if defined(Ceph::Key[$glance_user]) {
+    file { '/etc/ceph/ceph.client.glance.keyring':
+      owner   => 'glance',
+      group   => 'glance',
+      mode    => '0400',
+      require => Ceph::Key[$glance_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
  class { 'glance::cache::cleaner': }
  class { 'glance::cache::pruner': }

--- a/manifests/storage/rbd/pools.pp
+++ b/manifests/storage/rbd/pools.pp
@ -54,6 +54,61 @@ class cloud::storage::rbd::pools(
        require => Exec['create_cinder_volumes_pool'];
      }

+      concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        ceph::key { $glance_user:
+          secret       => $::ceph_keyring_glance,
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+        } ->
+        file { '/etc/ceph/ceph.client.glance.keyring':
+          owner => 'glance',
+          group => 'glance',
+          mode  => '0400'
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        ceph::key { $cinder_user:
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+        } ->
+        file { '/etc/ceph/ceph.client.cinder.keyring':
+          owner => 'cinder',
+          group => 'cinder',
+          mode  => '0400'
+        }
+      }
+
+      $clients = ['glance', 'cinder']
+      @@concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $glance_user:
+          secret       => $::ceph_keyring_glance,
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $cinder_user:
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+        }
+      }
+
 #exec { "create cinder backup pool":
 #TODO: point PG num with a cluster variable + keyring
 #  command => "/usr/bin/ceph osd pool create ${::cinder_backup_pool} 128 128",
--- a/manifests/volume/storage.pp
+++ b/manifests/volume/storage.pp
@ -34,4 +34,15 @@ class cloud::volume::storage(
    rbd_secret_uuid    => $cinder_rbd_secret_uuid
  }

+  Ceph::Key <<| title == $cinder_user |>>
+  if defined(Ceph::Key[$cinder_user]) {
+    file { '/etc/ceph/ceph.client.cinder.keyring':
+      owner   => 'cinder',
+      group   => 'cinder',
+      mode    => '0400',
+      require => Ceph::Key[$cinder_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
 }
--- a/templates/storage/ceph/ceph-client.conf.erb
+++ b/templates/storage/ceph/ceph-client.conf.erb
@ -0,0 +1,8 @@
+<% if @clients %>
+<% @clients.each do |client| %>
+
+[client.<%= @client %>]
+    keyring = /etc/ceph/ceph.client.<%= @client %>.keyring
+
+<% end %>
+<% end %>