From 2dcc387fa67c6ee705c1bf5a9f79afe5cd818d4a Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Wed, 14 Dec 2016 12:04:17 +0000 Subject: Set ceph key when using manila ceph backend Manila ceph driver reads ceph's client configuration (keyring is the most important) from ceph.conf file (or any other file set by cephfs_conf_path). ceph.conf should be updated with keyring location. If ceph is deployed by tripleo then also manila ceph key is added into ceph and ceph filesystem is created. Depends-On: I18436a64fc991b9e697a1d79e369ac110cf8fe20 Change-Id: Iac4a260af6738ed6afd4bcb107221a736d07c1b5 Partial-Bug: #1644784 Closes-Bug: #1646147 --- manifests/profile/pacemaker/manila.pp | 37 ++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) (limited to 'manifests/profile/pacemaker') diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 4d79782..0bf78af 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -30,6 +30,12 @@ # (Optional) Whether or not the cephfs backend is enabled # Defaults to hiera('manila_backend_cephfs_enabled', false) # +# [*ceph_mds_enabled*] +# (Optional) Whether or not the ceph mds is enabled. This option is used +# to distinguish if an external ceph is used or if ceph is deployed by +# tripleo. By default ceph mds is not deployed by tripleo. +# Defaults to hiera('ceph_mds_enabled', false) +# # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') @@ -43,6 +49,7 @@ class tripleo::profile::pacemaker::manila ( $backend_generic_enabled = hiera('manila_backend_generic_enabled', false), $backend_netapp_enabled = hiera('manila_backend_netapp_enabled', false), $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), + $ceph_mds_enabled = hiera('ceph_mds_enabled', false), $bootstrap_node = hiera('bootstrap_nodeid'), $step = hiera('step'), ) { @@ -95,14 +102,42 @@ class tripleo::profile::pacemaker::manila ( # manila cephfsnative: if $backend_cephfs_enabled { $manila_cephfsnative_backend = hiera('manila::backend::cephfsnative::title') + $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id') + $keyring_path = "/etc/ceph/ceph.client.${cephfs_auth_id}.keyring" + + # $ceph_mds_enabled is used to distinguish if an external ceph is used or + # if ceph is deployed by TripleO + if $ceph_mds_enabled { + include ::ceph::profile::fs + } + manila::backend::cephfsnative { $manila_cephfsnative_backend : driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false), share_backend_name => hiera('manila::backend::cephfsnative::share_backend_name'), cephfs_conf_path => hiera('manila::backend::cephfsnative::cephfs_conf_path'), - cephfs_auth_id => hiera('manila::backend::cephfsnative::cephfs_auth_id'), + cephfs_auth_id => $cephfs_auth_id, cephfs_cluster_name => hiera('manila::backend::cephfsnative::cephfs_cluster_name'), cephfs_enable_snapshots => hiera('manila::backend::cephfsnative::cephfs_enable_snapshots'), } + + ceph::key { "client.${cephfs_auth_id}" : + secret => hiera('manila::backend::cephfsnative::ceph_client_key'), + keyring_path => $keyring_path, + # inject the new key into ceph cluster only if ceph is deployed by + # tripleo (if external ceph is used it should be added manually) + inject => $ceph_mds_enabled, + user => 'manila', + cap_mds => 'allow *', + cap_mon => 'allow r, allow command \"auth del\", allow command \"auth caps\", \ +allow command \"auth get\", allow command \"auth get-or-create\"', + cap_osd => 'allow rw' + } + + ceph_config { + "client.${cephfs_auth_id}/keyring": value => $keyring_path; + "client.${cephfs_auth_id}/client mount uid": value => 0; + "client.${cephfs_auth_id}/client mount gid": value => 0; + } } # manila netapp: -- cgit 1.2.3-korg