Update unless statement for cephx key checking.

Some cephx keys (manila) have specail features enabled via quoted
words in their capabilities list. The initial key is created on the
file system with escaped quotes (\"auth del\" and \"auth caps\").
However the output of ceph auth get does not excape these quotes.
This results in the grep in unless satement always failing and
causing the key to be reimported multiple times.

A Ceph tracker issue has been opend to for this issue. (1)

1: http://tracker.ceph.com/issues/22227

Change-Id: I2cf6d3ded28d2d37c10fbe9ffb29822b744a561c
This commit is contained in:
Keith Schincke 2017-11-13 08:27:51 -05:00
parent ea84cb4c31
commit 04d1a0438c
2 changed files with 10 additions and 1 deletions

View File

@ -176,10 +176,13 @@ ceph ${cluster_option} ${inject_id_option} ${inject_keyring_option} auth import
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -x
OLD_KEYRING=\$(mktemp)
TMP_KEYRING=\$(mktemp)
cat ${keyring_path} | sed -e 's/\\\\//g' > \$TMP_KEYRING
ceph ${cluster_option} ${inject_id_option} ${inject_keyring_option} auth get ${name} -o \$OLD_KEYRING || true
diff -N \$OLD_KEYRING ${keyring_path}
diff -N \$OLD_KEYRING \$TMP_KEYRING
rv=$?
rm \$OLD_KEYRING
rm \$TMP_KEYRING
exit \$rv",
require => [ Class['ceph'], Exec["ceph-key-${name}"], ],
logoutput => true,

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Update ceph::key unless statement to work out ceph auth get not escaping
embedded quotes in the capabilities lists. Ceph tracker number 22227 has
been opened to resolve this issue