From a29ff731533b45ca65d6a82b90d90f376fa468af Mon Sep 17 00:00:00 2001
From: Cedric Lecomte <cedric.lecomte@enovance.com>
Date: Thu, 23 Apr 2015 08:36:57 -0400
Subject: [PATCH] Fix ceph keyring permissions

When ceph osd are not on same nodes than cinder a keyring permissions
problem appear. With this ordering the problem doesn't appear anymore
and all node get the right permissions for the ceph keyring file.

Change-Id: Ib8c5394f56f06192911669d84c172e74d388fafa
---
 manifests/compute/hypervisor.pp               | 22 +++++++++----------
 manifests/volume/backend/rbd.pp               | 14 +++++-------
 spec/classes/cloud_compute_hypervisor_spec.rb |  5 +++++
 spec/classes/cloud_volume_storage_spec.rb     |  5 +++++
 4 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp
index 4351593e..33579ca3 100644
--- a/manifests/compute/hypervisor.pp
+++ b/manifests/compute/hypervisor.pp
@@ -365,18 +365,16 @@ Host *
 
     # Configure Ceph keyring
     Ceph::Key <<| title == $cinder_rbd_user |>>
-    if defined(Ceph::Key[$cinder_rbd_user]) {
-      ensure_resource(
-        'file',
-        "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", {
-          owner   => 'root',
-          group   => 'cephkeyring',
-          mode    => '0440',
-          require => Ceph::Key[$cinder_rbd_user],
-          notify  => Service['nova-compute'],
-        }
-      )
-    }
+    ensure_resource(
+      'file',
+      "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", {
+        owner   => 'root',
+        group   => 'cephkeyring',
+        mode    => '0440',
+        require => Ceph::Key[$cinder_rbd_user],
+        notify  => Service['nova-compute'],
+      }
+    )
 
     Concat::Fragment <<| title == 'ceph-client-os' |>>
   } else {
diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp
index cf33d08b..c6115003 100644
--- a/manifests/volume/backend/rbd.pp
+++ b/manifests/volume/backend/rbd.pp
@@ -84,14 +84,12 @@ define cloud::volume::backend::rbd (
 
   # Configure Ceph keyring
   Ceph::Key <<| title == $rbd_user |>>
-  if defined(Ceph::Key[$rbd_user]) {
-    ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", {
-      owner   => 'root',
-      group   => 'cephkeyring',
-      mode    => '0440',
-      require => Ceph::Key[$rbd_user],
-      })
-  }
+  ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", {
+    owner => 'root',
+    group => 'cephkeyring',
+    mode => '0440',
+    require => Ceph::Key[$rbd_user],
+  })
 
   Concat::Fragment <<| title == 'ceph-client-os' |>>
 
diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb
index 83a2366b..c14270ca 100644
--- a/spec/classes/cloud_compute_hypervisor_spec.rb
+++ b/spec/classes/cloud_compute_hypervisor_spec.rb
@@ -384,6 +384,11 @@ describe 'cloud::compute::hypervisor' do
           :command => 'usermod -a -G cephkeyring nova',
           :unless  => 'groups nova | grep cephkeyring'
         )
+        is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({
+          'owner'  => 'root',
+          'group'  => 'cephkeyring',
+          'mode'   => '0440',
+        })
       end
 
       it 'configure libvirt driver' do
diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb
index fcea91db..c7b5f012 100644
--- a/spec/classes/cloud_volume_storage_spec.rb
+++ b/spec/classes/cloud_volume_storage_spec.rb
@@ -157,6 +157,11 @@ describe 'cloud::volume::storage' do
           :path    => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'],
           :unless  => 'groups cinder | grep cephkeyring'
         )
+        is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({
+          'owner'  => 'root',
+          'group'  => 'cephkeyring',
+          'mode'   => '0440',
+        })
       end
     end