Add dependency on upstream ceph cookbook for better key management
The upstream ceph cookbook already hooks into chef for environment information. This patch utilizes the client LWRP to create or add ceph keys for RBD support. This patch also changes some default attribute names for more sane organization Partial-Bug: #1409943 Change-Id: If37159524c237eec6ca1561e2979cd44e6dfac92
This commit is contained in:
parent
24489d8044
commit
da05834a09
|
@ -6,3 +6,5 @@ cookbook "openstack-identity",
|
|||
github: "stackforge/cookbook-openstack-identity"
|
||||
cookbook "openstack-common",
|
||||
github: "stackforge/cookbook-openstack-common"
|
||||
cookbook "ceph",
|
||||
github: "ceph/ceph-cookbook"
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
This file is used to list changes made in each version of cookbook-openstack-image.
|
||||
|
||||
## 10.1.0
|
||||
* Add dependency on upstream ceph cookbook for better key management
|
||||
### Blue print
|
||||
* Make container_formats and disk_formats configurable
|
||||
|
||||
|
|
|
@ -141,12 +141,10 @@ default['openstack']['image']['cache']['stall_time'] = 86400
|
|||
default['openstack']['image']['cache']['grace_period'] = 3600
|
||||
|
||||
# Ceph Options
|
||||
default['openstack']['image']['api']['rbd']['rbd_store_ceph_conf'] = '/etc/ceph/ceph.conf'
|
||||
default['openstack']['image']['api']['rbd']['rbd_store_user'] = 'glance'
|
||||
default['openstack']['image']['api']['rbd']['rbd_store_pool'] = 'images'
|
||||
default['openstack']['image']['api']['rbd']['rbd_store_chunk_size'] = '8'
|
||||
# The name used for the data bag item containing the Cephx user's password
|
||||
default['openstack']['image']['api']['rbd']['key_name'] = 'rbd-image'
|
||||
default['openstack']['image']['api']['rbd']['ceph_conf'] = '/etc/ceph/ceph.conf'
|
||||
default['openstack']['image']['api']['rbd']['user'] = 'glance'
|
||||
default['openstack']['image']['api']['rbd']['pool'] = 'images'
|
||||
default['openstack']['image']['api']['rbd']['chunk_size'] = '8'
|
||||
|
||||
# API to use for accessing data. Default value points to sqlalchemy
|
||||
# package.
|
||||
|
|
|
@ -17,3 +17,5 @@ end
|
|||
|
||||
depends 'openstack-common', '~> 10.0'
|
||||
depends 'openstack-identity', '~> 10.0'
|
||||
depends 'ceph', '>= 0.2.1'
|
||||
depends 'ceph', '< 3.0.0'
|
||||
|
|
|
@ -60,28 +60,21 @@ if node['openstack']['image']['api']['default_store'] == 'swift'
|
|||
end
|
||||
|
||||
elsif node['openstack']['image']['api']['default_store'] == 'rbd'
|
||||
rbd_user = node['openstack']['image']['api']['rbd']['rbd_store_user']
|
||||
rbd_key = get_password 'service', node['openstack']['image']['api']['rbd']['key_name']
|
||||
include_recipe 'ceph'
|
||||
|
||||
include_recipe 'openstack-common::ceph_client'
|
||||
caps = { 'mon' => 'allow r',
|
||||
'osd' => "allow class-read object_prefix rbd_children, allow rwx pool=#{node['openstack']['image']['api']['rbd']['pool']}" }
|
||||
|
||||
platform_options['ceph_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
template "/etc/ceph/ceph.client.#{rbd_user}.keyring" do
|
||||
source 'ceph.client.keyring.erb'
|
||||
cookbook 'openstack-common'
|
||||
ceph_client node['openstack']['image']['api']['rbd']['user'] do
|
||||
name node['openstack']['image']['api']['rbd']['user']
|
||||
caps caps
|
||||
keyname "client.#{node['openstack']['image']['api']['rbd']['user']}"
|
||||
filename "/etc/ceph/ceph.client.#{node['openstack']['image']['api']['rbd']['user']}.keyring"
|
||||
owner node['openstack']['image']['user']
|
||||
group node['openstack']['image']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
name: rbd_user,
|
||||
key: rbd_key
|
||||
)
|
||||
|
||||
action :add
|
||||
notifies :restart, 'service[glance-api]'
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -61,41 +61,11 @@ describe 'openstack-image::api' do
|
|||
describe 'using rbd for default_store' do
|
||||
before do
|
||||
node.set['openstack']['image']['api']['default_store'] = 'rbd'
|
||||
node.set['ceph']['config']['fsid'] = '00000000-0000-0000-0000-000000000000'
|
||||
end
|
||||
|
||||
it 'upgrades python-ceph package' do
|
||||
expect(chef_run).to upgrade_package('python-ceph')
|
||||
end
|
||||
|
||||
it 'honors platform package name and option overrides for ceph packages' do
|
||||
node.set['openstack']['image']['platform']['package_overrides'] = '--override1 --override2'
|
||||
node.set['openstack']['image']['platform']['ceph_packages'] = ['my-ceph']
|
||||
|
||||
expect(chef_run).to upgrade_package('my-ceph').with(options: '--override1 --override2')
|
||||
end
|
||||
|
||||
it 'includes the ceph_client recipe from openstack-common' do
|
||||
expect(chef_run).to include_recipe('openstack-common::ceph_client')
|
||||
end
|
||||
|
||||
describe 'cephx client keyring file' do
|
||||
let(:file) { chef_run.template('/etc/ceph/ceph.client.glance.keyring') }
|
||||
|
||||
it 'creates /etc/ceph/ceph.client.glance.keyring' do
|
||||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'glance',
|
||||
group: 'glance',
|
||||
mode: 00600,
|
||||
cookbook: 'openstack-common'
|
||||
)
|
||||
end
|
||||
|
||||
it 'has the proper content' do
|
||||
[/^\[client\.glance\]$/,
|
||||
/^ key = rbd-pass$/].each do |content|
|
||||
expect(chef_run).to render_file(file.name).with_content(content)
|
||||
end
|
||||
end
|
||||
it 'includes the ceph package' do
|
||||
expect(chef_run).to include_recipe('ceph')
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -293,10 +263,10 @@ describe 'openstack-image::api' do
|
|||
end
|
||||
end
|
||||
|
||||
%w(store_ceph_conf store_user store_pool store_chunk_size).each do |attr|
|
||||
%w(ceph_conf user pool chunk_size).each do |attr|
|
||||
it "sets the rbd #{attr} attribute" do
|
||||
node.set['openstack']['image']['api']['rbd']["rbd_#{attr}"] = "rbd_#{attr}_value"
|
||||
expect(chef_run).to render_file(file.name).with_content(/^rbd_#{attr} = rbd_#{attr}_value$/)
|
||||
node.set['openstack']['image']['api']['rbd']["#{attr}"] = "rbd_#{attr}_value"
|
||||
expect(chef_run).to render_file(file.name).with_content(/^rbd_store_#{attr} = rbd_#{attr}_value$/)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -501,22 +501,22 @@ s3_store_create_bucket_on_put = False
|
|||
# include a reference to the right keyring
|
||||
# in a client.<USER> section
|
||||
#rbd_store_ceph_conf = /etc/ceph/ceph.conf
|
||||
rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_ceph_conf"] %>
|
||||
rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["ceph_conf"] %>
|
||||
|
||||
# RADOS user to authenticate as (only applicable if using cephx)
|
||||
# If <None>, a default will be chosen based on the client. section
|
||||
# in rbd_store_ceph_conf
|
||||
#rbd_store_user = <None>
|
||||
rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_user"] %>
|
||||
rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["user"] %>
|
||||
|
||||
# RADOS pool in which images are stored
|
||||
#rbd_store_pool = images
|
||||
rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_pool"] %>
|
||||
rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["pool"] %>
|
||||
|
||||
# RADOS images will be chunked into objects of this size (in megabytes).
|
||||
# For best performance, this should be a power of two
|
||||
#rbd_store_chunk_size = 8
|
||||
rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_chunk_size"] %>
|
||||
rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["chunk_size"] %>
|
||||
|
||||
# ============ Sheepdog Store Options =============================
|
||||
|
||||
|
|
Loading…
Reference in New Issue