diff options
author | Jan Provaznik <jprovazn@redhat.com> | 2016-12-14 12:04:17 +0000 |
---|---|---|
committer | Jan Provaznik <jprovazn@redhat.com> | 2017-01-11 18:09:42 +0100 |
commit | 2dcc387fa67c6ee705c1bf5a9f79afe5cd818d4a (patch) | |
tree | 9bafc1cde90ca35b7016cea6fd1a42f50df28e91 /manifests/profile/pacemaker | |
parent | 50e483f77e9d8a322a5afd5a20504b78bd48397c (diff) |
Set ceph key when using manila ceph backend
Manila ceph driver reads ceph's client configuration
(keyring is the most important) from ceph.conf file
(or any other file set by cephfs_conf_path). ceph.conf
should be updated with keyring location.
If ceph is deployed by tripleo then also manila ceph key
is added into ceph and ceph filesystem is created.
Depends-On: I18436a64fc991b9e697a1d79e369ac110cf8fe20
Change-Id: Iac4a260af6738ed6afd4bcb107221a736d07c1b5
Partial-Bug: #1644784
Closes-Bug: #1646147
Diffstat (limited to 'manifests/profile/pacemaker')
-rw-r--r-- | manifests/profile/pacemaker/manila.pp | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 4d79782..0bf78af 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -30,6 +30,12 @@ # (Optional) Whether or not the cephfs backend is enabled # Defaults to hiera('manila_backend_cephfs_enabled', false) # +# [*ceph_mds_enabled*] +# (Optional) Whether or not the ceph mds is enabled. This option is used +# to distinguish if an external ceph is used or if ceph is deployed by +# tripleo. By default ceph mds is not deployed by tripleo. +# Defaults to hiera('ceph_mds_enabled', false) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') @@ -43,6 +49,7 @@ class tripleo::profile::pacemaker::manila ( $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), + $ceph_mds_enabled = hiera('ceph_mds_enabled', false), $bootstrap_node = hiera('bootstrap_nodeid'), $step = hiera('step'), ) { @@ -95,14 +102,42 @@ class tripleo::profile::pacemaker::manila ( # manila cephfsnative: if $backend_cephfs_enabled { $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') + $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id') + $keyring_path = "/etc/ceph/ceph.client.${cephfs_auth_id}.keyring" + + # $ceph_mds_enabled is used to distinguish if an external ceph is used or + # if ceph is deployed by TripleO + if $ceph_mds_enabled { + include ::ceph::profile::fs + } + manila::backend::cephfsnative { $manila_cephfsnative_backend : driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false), share_backend_name => hiera('manila::backend::cephfsnative::share_backend_name'), cephfs_conf_path => hiera('manila::backend::cephfsnative::cephfs_conf_path'), - cephfs_auth_id => hiera('manila::backend::cephfsnative::cephfs_auth_id'), + cephfs_auth_id => $cephfs_auth_id, cephfs_cluster_name => hiera('manila::backend::cephfsnative::cephfs_cluster_name'), cephfs_enable_snapshots => hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), } + + ceph::key { "client.${cephfs_auth_id}" : + secret => hiera('manila::backend::cephfsnative::ceph_client_key'), + keyring_path => $keyring_path, + # inject the new key into ceph cluster only if ceph is deployed by + # tripleo (if external ceph is used it should be added manually) + inject => $ceph_mds_enabled, + user => 'manila', + cap_mds => 'allow *', + cap_mon => 'allow r, allow command \"auth del\", allow command \"auth caps\", \ +allow command \"auth get\", allow command \"auth get-or-create\"', + cap_osd => 'allow rw' + } + + ceph_config { + "client.${cephfs_auth_id}/keyring": value => $keyring_path; + "client.${cephfs_auth_id}/client mount uid": value => 0; + "client.${cephfs_auth_id}/client mount gid": value => 0; + } } # manila netapp: |