From d50e752ba2104edb0441e9e7527ba4be4e42b1e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Charlier?= <francois.charlier@enovance.com>
Date: Wed, 5 Feb 2014 18:12:02 +0100
Subject: [PATCH 1/3] Create keyring files for glance & cinder

---
 manifests/storage/rbd/pools.pp              | 30 +++++++++++++++++++++
 templates/storage/ceph/ceph-client.conf.erb |  6 +++++
 2 files changed, 36 insertions(+)
 create mode 100644 templates/storage/ceph/ceph-client.conf.erb

diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp
index 9bea2bdf..6bca7b81 100644
--- a/manifests/storage/rbd/pools.pp
+++ b/manifests/storage/rbd/pools.pp
@@ -54,6 +54,36 @@ class cloud::storage::rbd::pools(
         require => Exec['create_cinder_volumes_pool'];
       }
 
+      concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        ceph::key { 'glance':
+          secret       => $::ceph_keyring_glance,
+          keyring_path => '/etc/ceph/ceph.client.glance.keyring'
+        } ->
+        file { '/etc/ceph/ceph.client.glance.keyring':
+          owner => 'glance',
+          group => 'glance',
+          mode  => '0400'
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        ceph::key { 'cinder':
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => '/etc/ceph/ceph.client.cinder.keyring'
+        } ->
+        file { '/etc/ceph/ceph.client.cinder.keyring':
+          owner => 'cinder',
+          group => 'cinder',
+          mode  => '0400'
+        }
+      }
+
 #exec { "create cinder backup pool":
 #TODO: point PG num with a cluster variable + keyring
 #  command => "/usr/bin/ceph osd pool create ${::cinder_backup_pool} 128 128",
diff --git a/templates/storage/ceph/ceph-client.conf.erb b/templates/storage/ceph/ceph-client.conf.erb
new file mode 100644
index 00000000..85c007e3
--- /dev/null
+++ b/templates/storage/ceph/ceph-client.conf.erb
@@ -0,0 +1,6 @@
+<% @clients.each do |client| %>
+
+[client.<%= @client %>]
+    keyring = /etc/ceph/ceph.client.<%= @client %>.keyring
+
+<% end %>

From c7636efa1b3d275dd2a8af37e4c07cb02a19a363 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Charlier?= <francois.charlier@enovance.com>
Date: Wed, 5 Feb 2014 18:27:31 +0100
Subject: [PATCH 2/3] storage/rbd/pools: Use the $*_user variables for ceph
 client keys

---
 manifests/storage/rbd/pools.pp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp
index 6bca7b81..5ae419e5 100644
--- a/manifests/storage/rbd/pools.pp
+++ b/manifests/storage/rbd/pools.pp
@@ -61,9 +61,10 @@ class cloud::storage::rbd::pools(
       }
 
       if $::ceph_keyring_glance {
-        ceph::key { 'glance':
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        ceph::key { $glance_user:
           secret       => $::ceph_keyring_glance,
-          keyring_path => '/etc/ceph/ceph.client.glance.keyring'
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
         } ->
         file { '/etc/ceph/ceph.client.glance.keyring':
           owner => 'glance',
@@ -73,9 +74,10 @@ class cloud::storage::rbd::pools(
       }
 
       if $::ceph_keyring_cinder {
-        ceph::key { 'cinder':
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        ceph::key { $cinder_user:
           secret       => $::ceph_keyring_cinder,
-          keyring_path => '/etc/ceph/ceph.client.cinder.keyring'
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
         } ->
         file { '/etc/ceph/ceph.client.cinder.keyring':
           owner => 'cinder',

From 052600554d722641f20ca9e03d21aeff15830041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Charlier?= <francois.charlier@enovance.com>
Date: Tue, 11 Feb 2014 11:15:40 +0100
Subject: [PATCH 3/3] ceph: Export/Collect cephx client keys

---
 manifests/image.pp                          | 11 ++++++++++
 manifests/storage/rbd/pools.pp              | 23 +++++++++++++++++++++
 manifests/volume/storage.pp                 | 11 ++++++++++
 templates/storage/ceph/ceph-client.conf.erb |  2 ++
 4 files changed, 47 insertions(+)

diff --git a/manifests/image.pp b/manifests/image.pp
index 7b00d7db..0634a814 100644
--- a/manifests/image.pp
+++ b/manifests/image.pp
@@ -123,6 +123,17 @@ class cloud::image(
     rbd_store_pool => $rbd_store_pool
   }
 
+  Ceph::Key <<| title == $glance_user |>>
+  if defined(Ceph::Key[$glance_user]) {
+    file { '/etc/ceph/ceph.client.glance.keyring':
+      owner   => 'glance',
+      group   => 'glance',
+      mode    => '0400',
+      require => Ceph::Key[$glance_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
   class { 'glance::cache::cleaner': }
   class { 'glance::cache::pruner': }
 
diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp
index 5ae419e5..3767bc77 100644
--- a/manifests/storage/rbd/pools.pp
+++ b/manifests/storage/rbd/pools.pp
@@ -86,6 +86,29 @@ class cloud::storage::rbd::pools(
         }
       }
 
+      $clients = ['glance', 'cinder']
+      @@concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $glance_user:
+          secret       => $::ceph_keyring_glance,
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $cinder_user:
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+        }
+      }
+
 #exec { "create cinder backup pool":
 #TODO: point PG num with a cluster variable + keyring
 #  command => "/usr/bin/ceph osd pool create ${::cinder_backup_pool} 128 128",
diff --git a/manifests/volume/storage.pp b/manifests/volume/storage.pp
index 62d3f613..4ad936ae 100644
--- a/manifests/volume/storage.pp
+++ b/manifests/volume/storage.pp
@@ -34,4 +34,15 @@ class cloud::volume::storage(
     rbd_secret_uuid    => $cinder_rbd_secret_uuid
   }
 
+  Ceph::Key <<| title == $cinder_user |>>
+  if defined(Ceph::Key[$cinder_user]) {
+    file { '/etc/ceph/ceph.client.cinder.keyring':
+      owner   => 'cinder',
+      group   => 'cinder',
+      mode    => '0400',
+      require => Ceph::Key[$cinder_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
 }
diff --git a/templates/storage/ceph/ceph-client.conf.erb b/templates/storage/ceph/ceph-client.conf.erb
index 85c007e3..40c34408 100644
--- a/templates/storage/ceph/ceph-client.conf.erb
+++ b/templates/storage/ceph/ceph-client.conf.erb
@@ -1,6 +1,8 @@
+<% if @clients %>
 <% @clients.each do |client| %>
 
 [client.<%= @client %>]
     keyring = /etc/ceph/ceph.client.<%= @client %>.keyring
 
 <% end %>
+<% end %>