From 5b07d43b3ecc39640dabd11376847c4d9e882cc1 Mon Sep 17 00:00:00 2001 From: Luigi Toscano Date: Tue, 22 May 2018 18:25:46 +0200 Subject: [PATCH] Use iniset to populate CEPH_CONF_FILE whenever possible The remaining occurrences of cat <<... EOF populate non-INI files. Remove few security checks which are not needed, because iniset takes care of checking the existence of the section and keys and adding or replacing them if needed. Change-Id: I4951e1f2f456b3c6f83fd4868db90fae9d811fbe --- devstack/lib/ceph | 93 ++++++++++++++++++----------------------------- 1 file changed, 36 insertions(+), 57 deletions(-) diff --git a/devstack/lib/ceph b/devstack/lib/ceph index b0223a1..96ba38c 100644 --- a/devstack/lib/ceph +++ b/devstack/lib/ceph @@ -384,20 +384,17 @@ function configure_ceph { sudo mkdir -p ${CEPH_DATA_DIR}/mon/ceph-$(hostname) # create a default ceph configuration file - cat </dev/null - [global] - fsid = ${CEPH_FSID} - mon_initial_members = $(hostname) - mon_host = ${SERVICE_HOST} - auth_cluster_required = cephx - auth_service_required = cephx - auth_client_required = cephx - filestore_xattr_use_omap = true - osd crush chooseleaf type = 0 - osd journal size = 100 - osd pool default size = ${CEPH_REPLICAS} - rbd default features = ${CEPH_RBD_DEFAULT_FEATURES} -EOF + iniset -sudo ${CEPH_CONF_FILE} global "fsid" "${CEPH_FSID}" + iniset -sudo ${CEPH_CONF_FILE} global "mon_initial_members" "$(hostname)" + iniset -sudo ${CEPH_CONF_FILE} global "mon_host" "${SERVICE_HOST}" + iniset -sudo ${CEPH_CONF_FILE} global "auth_cluster_required" "cephx" + iniset -sudo ${CEPH_CONF_FILE} global "auth_service_required" "cephx" + iniset -sudo ${CEPH_CONF_FILE} global "auth_client_required" "cephx" + iniset -sudo ${CEPH_CONF_FILE} global "filestore_xattr_use_omap" "true" + iniset -sudo ${CEPH_CONF_FILE} global "osd crush chooseleaf type" "0" + iniset -sudo ${CEPH_CONF_FILE} global "osd journal size" "100" + iniset -sudo ${CEPH_CONF_FILE} global "osd pool default size" "${CEPH_REPLICAS}" + iniset -sudo ${CEPH_CONF_FILE} global "rbd default features" "${CEPH_RBD_DEFAULT_FEATURES}" # bootstrap the ceph monitor sudo ceph-mon -c ${CEPH_CONF_FILE} --mkfs -i $(hostname) \ @@ -521,47 +518,33 @@ EOF function _configure_rgw_ceph_section { configure_ceph_embedded_rgw_paths - if [[ ! "$(egrep "\[${key}\]" ${CEPH_CONF_FILE})" ]]; then - cat </dev/null - [${key}] - host = $(hostname) - keyring = ${dest}/keyring - rgw socket path = /tmp/radosgw-$(hostname).sock - log file = /var/log/ceph/radosgw-$(hostname).log - rgw data = ${dest} - rgw print continue = false - rgw frontends = civetweb port=${CEPH_RGW_PORT} + iniset -sudo ${CEPH_CONF_FILE} ${key} "host" "$(hostname)" + iniset -sudo ${CEPH_CONF_FILE} ${key} "keyring" "${dest}/keyring" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw socket path" "/tmp/radosgw-$(hostname).sock" + iniset -sudo ${CEPH_CONF_FILE} ${key} "log file" "/var/log/ceph/radosgw-$(hostname).log" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw data" "${dest}" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw print continue" "false" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw frontends" "civetweb port=${CEPH_RGW_PORT}" - rgw keystone url = http://${SERVICE_HOST}:35357 - rgw s3 auth use keystone = true - rgw keystone admin user = radosgw - rgw keystone admin password = $SERVICE_PASSWORD - rgw keystone accepted roles = Member, _member_, admin, ResellerAdmin -EOF + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone url" "http://${SERVICE_HOST}:35357" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw s3 auth use keystone" "true" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone admin user" "radosgw" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone admin password" "$SERVICE_PASSWORD" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone accepted roles" "Member, _member_, admin, ResellerAdmin" - if [ "$CEPH_RGW_KEYSTONE_SSL" = "True" ]; then - cat </dev/null - nss db path = ${dest}/nss -EOF - else - cat </dev/null - rgw keystone verify ssl = false -EOF - fi + if [ "$CEPH_RGW_KEYSTONE_SSL" = "True" ]; then + iniset -sudo ${CEPH_CONF_FILE} ${key} "nss db path" "${dest}/nss" + else + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone verify ssl" "false" + fi - if [[ $CEPH_RGW_IDENTITY_API_VERSION == '2.0' && \ - ! "$(grep -sq "rgw keystone admin tenant = $SERVICE_PROJECT_NAME" ${CEPH_CONF_FILE} )" ]]; then - cat </dev/null - rgw keystone admin tenant = $SERVICE_PROJECT_NAME -EOF - else - cat </dev/null - rgw keystone admin project = $SERVICE_PROJECT_NAME - rgw keystone admin domain = $SERVICE_DOMAIN_NAME - rgw keystone api version = 3 -EOF - fi + if [[ $CEPH_RGW_IDENTITY_API_VERSION == '2.0' ]]; then + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone admin tenant" "$SERVICE_PROJECT_NAME" + else + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone admin project" "$SERVICE_PROJECT_NAME" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone admin domain" "$SERVICE_DOMAIN_NAME" + iniset -sudo ${CEPH_CONF_FILE} ${key} "rgw keystone api version" "3" fi } @@ -722,12 +705,8 @@ function configure_ceph_manila { --yes-i-really-mean-it # Make manila's libcephfs client a root user. - cat </dev/null - - [client.${MANILA_CEPH_USER}] - client mount uid = 0 - client mount gid = 0 -EOF + iniset -sudo ${CEPH_CONF_FILE} client.${MANILA_CEPH_USER} "client mount uid" "0" + iniset -sudo ${CEPH_CONF_FILE} client.${MANILA_CEPH_USER} "client mount gid" "0" if [ $MANILA_CEPH_DRIVER == 'cephfsnfs' ]; then configure_nfs_ganesha