Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change way to manage monitor-secret #214

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Change way to manage monitor-secret #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3de1a75
Use foodcritic 5.0.0
guilhem Sep 18, 2015
a7254c1
Change way to manage monitor-secret
guilhem Sep 18, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
source 'https://rubygems.org'

group :lint do
gem 'foodcritic', '~> 4.0'
gem 'foodcritic', '~> 5.0'
gem 'rubocop', '~> 0.33'
end

Expand Down
3 changes: 1 addition & 2 deletions Rakefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,7 @@ namespace :style do
FoodCritic::Rake::LintTask.new(:chef) do |t|
t.options = {
fail_tags: ['any'],
tags: ['~FC003'],
chef_version: '11.6.0'
tags: ['~FC003']
}
end
rescue LoadError
Expand Down
17 changes: 12 additions & 5 deletions libraries/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,12 @@ def osd_secret
elsif node['ceph']['bootstrap_osd_key']
return node['ceph']['bootstrap_osd_key']
else
return mon_nodes[0]['ceph']['bootstrap_osd_key']
bootstrap_osd_keys = mon_nodes.map { |_, v| v.fetch('ceph', {}).fetch('bootstrap_osd_key', nil) }.compact.uniq
if bootstrap_osd_keys.length > 1
Chef::Log.fatal('Multiple bootstrap_osd_key detected')
raise
end
bootstrap_osd_keys.first
end
end

Expand Down Expand Up @@ -127,13 +132,15 @@ def mon_secret
if node['ceph']['encrypted_data_bags']
secret = Chef::EncryptedDataBagItem.load_secret(node['ceph']['mon']['secret_file'])
Chef::EncryptedDataBagItem.load('ceph', 'mon', secret)['secret']
elsif !mon_nodes.empty?
mon_nodes[0]['ceph']['monitor-secret']
elsif node['ceph']['monitor-secret']
node['ceph']['monitor-secret']
else
Chef::Log.info('No monitor secret found')
nil
monitor_secrets = mon_nodes.map { |_, v| v.fetch('ceph', {}).fetch('monitor-secret', nil) }.compact.uniq
if monitor_secrets.length > 1
Chef::Log.fatal('Multiple monitor secret detected')
raise
end
monitor_secrets.first
end
end

Expand Down
4 changes: 2 additions & 2 deletions providers/client.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def whyrun_supported?
key = @new_resource.key || get_key(keyname)

# update the key in the file
file filename do # ~FC009
file filename do
content file_content(keyname, key, as_keyring)
owner owner
group group
Expand Down Expand Up @@ -111,7 +111,7 @@ def create_entity(keyname)
Chef::Log.debug "Client #{keyname} created"

# remove temporary keyring file
file tmp_keyring do # ~FC009
file tmp_keyring do
action :delete
sensitive true if Chef::Resource::File.method_defined? :sensitive
end
Expand Down
19 changes: 12 additions & 7 deletions recipes/mon.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,14 @@

keyring = "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"

execute 'format mon-secret as keyring' do # ~FC009
execute 'format mon-secret as keyring' do
command lazy { "ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{mon_secret}' --cap mon 'allow *'" }
creates keyring
only_if { mon_secret }
sensitive true if Chef::Resource::Execute.method_defined? :sensitive
end

execute 'generate mon-secret as keyring' do # ~FC009
execute 'generate mon-secret as keyring' do
command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --gen-key --cap mon 'allow *'"
creates keyring
not_if { mon_secret }
Expand All @@ -63,14 +63,19 @@
end

ruby_block 'save mon_secret' do
not_if { node['ceph']['monitor-secret'] || node['ceph']['encrypted_data_bags'] }
block do
fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
fetch.run_command
key = fetch.stdout
node.set['ceph']['monitor-secret'] = key
if mon_secret
node.set['ceph']['monitor-secret'] = mon_secret
else
fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
fetch.run_command
key = fetch.stdout
node.set['ceph']['monitor-secret'] = key
end
node.save
end
action :nothing
sensitive true if Chef::Resource::Execute.method_defined? :sensitive
end

execute 'ceph-mon mkfs' do
Expand Down
2 changes: 1 addition & 1 deletion recipes/osd.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
# TODO: cluster name
cluster = 'ceph'

execute 'format bootstrap-osd as keyring' do # ~FC009
execute 'format bootstrap-osd as keyring' do
command lazy { "ceph-authtool '/var/lib/ceph/bootstrap-osd/#{cluster}.keyring' --create-keyring --name=client.bootstrap-osd --add-key='#{osd_secret}'" }
creates "/var/lib/ceph/bootstrap-osd/#{cluster}.keyring"
only_if { osd_secret }
Expand Down