stackforge/puppet-openstack-cloud
Code Issues Proposed changes

Fix ceph keyring permissions

Browse Source 
When ceph osd are not on same nodes than cinder a keyring permissions
problem appear. With this ordering the problem doesn't appear anymore
and all node get the right permissions for the ceph keyring file.

Change-Id: Ib8c5394f56f06192911669d84c172e74d388fafa
This commit is contained in:
Cedric Lecomte 2015-04-23 08:36:57 -04:00 committed by Emilien Macchi
parent 5e07f511b4
commit a29ff73153
4 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
manifests/compute/hypervisor.pp
View File

@ -365,18 +365,16 @@ Host *
# Configure Ceph keyring # Configure Ceph keyring
Ceph::Key <<| title == $cinder_rbd_user |>> Ceph::Key <<| title == $cinder_rbd_user |>>
if defined(Ceph::Key[$cinder_rbd_user]) { ensure_resource(
ensure_resource( 'file',
'file', "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", {
"/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { owner => 'root',
owner => 'root', group => 'cephkeyring',
group => 'cephkeyring', mode => '0440',
mode => '0440', require => Ceph::Key[$cinder_rbd_user],
require => Ceph::Key[$cinder_rbd_user], notify => Service['nova-compute'],
notify => Service['nova-compute'], }
} )
)
}
Concat::Fragment <<| title == 'ceph-client-os' |>> Concat::Fragment <<| title == 'ceph-client-os' |>>
} else { } else {

14
manifests/volume/backend/rbd.pp
View File

@ -84,14 +84,12 @@ define cloud::volume::backend::rbd (
# Configure Ceph keyring # Configure Ceph keyring
Ceph::Key <<| title == $rbd_user |>> Ceph::Key <<| title == $rbd_user |>>
if defined(Ceph::Key[$rbd_user]) { ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", {
ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { owner => 'root',
owner => 'root', group => 'cephkeyring',
group => 'cephkeyring', mode => '0440',
mode => '0440', require => Ceph::Key[$rbd_user],
require => Ceph::Key[$rbd_user], })
})
}
Concat::Fragment <<| title == 'ceph-client-os' |>> Concat::Fragment <<| title == 'ceph-client-os' |>>

5
spec/classes/cloud_compute_hypervisor_spec.rb
View File

@ -384,6 +384,11 @@ describe 'cloud::compute::hypervisor' do
:command => 'usermod -a -G cephkeyring nova', :command => 'usermod -a -G cephkeyring nova',
:unless => 'groups nova | grep cephkeyring' :unless => 'groups nova | grep cephkeyring'
) )
is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({
'owner' => 'root',
'group' => 'cephkeyring',
'mode' => '0440',
})
end end
it 'configure libvirt driver' do it 'configure libvirt driver' do

5
spec/classes/cloud_volume_storage_spec.rb
View File

@ -157,6 +157,11 @@ describe 'cloud::volume::storage' do
:path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], :path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'],
:unless => 'groups cinder | grep cephkeyring' :unless => 'groups cinder | grep cephkeyring'
) )
is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({
'owner' => 'root',
'group' => 'cephkeyring',
'mode' => '0440',
})
end end
end end