diff --git a/README.md b/README.md index 8f543be..a1a295b 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,7 @@ Cinder attributes * `openstack['block-storage']['san']['san_ip'] - IP address of SAN controller * `openstack['block-storage']['san']['san_login'] - Username for SAN controller * `openstack['block-storage']['san']['san_private_key'] - Filename of private key to use for SSH authentication +* `openstack['block-storage']['san']['san_private_key_url'] - Source url of private key to use for SSH authentication * `openstack['block-storage']['storwize']['storwize_svc_volpool_name'] - Storage system storage pool for volumes * `openstack['block-storage']['storwize']['storwize_svc_vol_rsize'] - Storage system space-efficiency parameter for volumes * `openstack['block-storage']['storwize']['storwize_svc_vol_warning'] - Storage system threshold for volume capacity warnings diff --git a/attributes/default.rb b/attributes/default.rb index e59163b..7fa11e1 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -135,6 +135,8 @@ default['openstack']['block-storage']['service_role'] = 'admin' default['openstack']['block-storage']['san']['san_ip'] = '127.0.0.1' default['openstack']['block-storage']['san']['san_login'] = 'admin' default['openstack']['block-storage']['san']['san_private_key'] = '/v7000_rsa' +# The location(URL) of the san_private_key. This value may also specify HTTP(http://), FTP("ftp://"), or local(file://), if the san private key is in the local, you should also specify this attribute using(file://) +default['openstack']['block-storage']['san']['san_private_key_url'] = nil # NFS support default['openstack']['block-storage']['nfs']['nas_ip'] = '127.0.0.1' @@ -166,6 +168,7 @@ default['openstack']['block-storage']['storwize']['san_ip'] = node['openstack'][ default['openstack']['block-storage']['storwize']['san_login'] = node['openstack']['block-storage']['san']['san_login'] # If the key is set to nil, the san_login and san_password will be used. default['openstack']['block-storage']['storwize']['san_private_key'] = node['openstack']['block-storage']['san']['san_private_key'] +default['openstack']['block-storage']['storwize']['san_private_key_url'] = node['openstack']['block-storage']['san']['san_private_key_url'] default['openstack']['block-storage']['storwize']['storwize_svc_volpool_name'] = 'volpool' default['openstack']['block-storage']['storwize']['storwize_svc_vol_rsize'] = 2 default['openstack']['block-storage']['storwize']['storwize_svc_vol_warning'] = 0 diff --git a/recipes/volume.rb b/recipes/volume.rb index 46b9e0d..d99d4e9 100644 --- a/recipes/volume.rb +++ b/recipes/volume.rb @@ -106,10 +106,16 @@ when 'cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver' end when 'cinder.volume.drivers.ibm.storwize_svc.StorwizeSVCDriver' - file node['openstack']['block-storage']['san']['san_private_key'] do - mode '0400' - owner node['openstack']['block-storage']['user'] - group node['openstack']['block-storage']['group'] + san_private_key = node['openstack']['block-storage']['storwize']['san_private_key'] + san_private_key_url = node['openstack']['block-storage']['storwize']['san_private_key_url'] + + if san_private_key && san_private_key_url + remote_file san_private_key do + source san_private_key_url + mode '0400' + owner node['openstack']['block-storage']['user'] + group node['openstack']['block-storage']['group'] + end end platform_options['cinder_svc_packages'].each do |pkg| diff --git a/spec/volume_spec.rb b/spec/volume_spec.rb index 1fc98f9..28d6c3c 100644 --- a/spec/volume_spec.rb +++ b/spec/volume_spec.rb @@ -165,12 +165,13 @@ describe 'openstack-block-storage::volume' do node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.ibm.storwize_svc.StorwizeSVCDriver' end - it 'configures storewize private key' do - san_key = chef_run.file chef_run.node['openstack']['block-storage']['san']['san_private_key'] - expect(san_key.mode).to eq('0400') - expect(chef_run).to create_file('/v7000_rsa').with( + it 'download san private key if needed' do + node.set['openstack']['block-storage']['storwize']['san_private_key_url'] = 'http://server/key' + expect(chef_run).to create_remote_file('/v7000_rsa').with( + source: 'http://server/key', user: 'cinder', - group: 'cinder' + group: 'cinder', + mode: '0400' ) end