Add dependency on upstream ceph cookbook for better key management

The upstream ceph cookbook already hooks into chef for environment information.
This patch utilizes the client LWRP to create or add ceph keys for RBD support.
This patch also changes some default attribute names for more sane organization

Partial-Bug: #1409943

Change-Id: If37159524c237eec6ca1561e2979cd44e6dfac92

Berksfile

@@ -6,3 +6,5 @@ cookbook "openstack-identity",
   github: "stackforge/cookbook-openstack-identity"
 cookbook "openstack-common",
   github: "stackforge/cookbook-openstack-common"
+cookbook "ceph",
+  github: "ceph/ceph-cookbook"

CHANGELOG.md

@@ -3,6 +3,7 @@
 This file is used to list changes made in each version of cookbook-openstack-image.
 
 ## 10.1.0
+* Add dependency on upstream ceph cookbook for better key management
 ### Blue print
 * Make container_formats and disk_formats configurable
 

attributes/default.rb

@@ -141,12 +141,10 @@ default['openstack']['image']['cache']['stall_time'] = 86400
 default['openstack']['image']['cache']['grace_period'] = 3600
 
 # Ceph Options
-default['openstack']['image']['api']['rbd']['rbd_store_ceph_conf'] = '/etc/ceph/ceph.conf'
-default['openstack']['image']['api']['rbd']['rbd_store_user'] = 'glance'
-default['openstack']['image']['api']['rbd']['rbd_store_pool'] = 'images'
-default['openstack']['image']['api']['rbd']['rbd_store_chunk_size'] = '8'
-# The name used for the data bag item containing the Cephx user's password
-default['openstack']['image']['api']['rbd']['key_name'] = 'rbd-image'
+default['openstack']['image']['api']['rbd']['ceph_conf'] = '/etc/ceph/ceph.conf'
+default['openstack']['image']['api']['rbd']['user'] = 'glance'
+default['openstack']['image']['api']['rbd']['pool'] = 'images'
+default['openstack']['image']['api']['rbd']['chunk_size'] = '8'
 
 # API to use for accessing data. Default value points to sqlalchemy
 # package.

metadata.rb

@@ -17,3 +17,5 @@ end
 
 depends           'openstack-common', '~> 10.0'
 depends           'openstack-identity', '~> 10.0'
+depends           'ceph', '>= 0.2.1'
+depends           'ceph', '< 3.0.0'

recipes/api.rb

@@ -60,28 +60,21 @@ if node['openstack']['image']['api']['default_store'] == 'swift'
   end
 
 elsif node['openstack']['image']['api']['default_store'] == 'rbd'
-  rbd_user = node['openstack']['image']['api']['rbd']['rbd_store_user']
-  rbd_key = get_password 'service', node['openstack']['image']['api']['rbd']['key_name']
+  include_recipe 'ceph'
 
-  include_recipe 'openstack-common::ceph_client'
+  caps = { 'mon' => 'allow r',
+           'osd' => "allow class-read object_prefix rbd_children, allow rwx pool=#{node['openstack']['image']['api']['rbd']['pool']}" }
 
-  platform_options['ceph_packages'].each do |pkg|
-    package pkg do
-      options platform_options['package_overrides']
-      action :upgrade
-    end
-  end
-
-  template "/etc/ceph/ceph.client.#{rbd_user}.keyring" do
-    source 'ceph.client.keyring.erb'
-    cookbook 'openstack-common'
+  ceph_client node['openstack']['image']['api']['rbd']['user'] do
+    name node['openstack']['image']['api']['rbd']['user']
+    caps caps
+    keyname "client.#{node['openstack']['image']['api']['rbd']['user']}"
+    filename "/etc/ceph/ceph.client.#{node['openstack']['image']['api']['rbd']['user']}.keyring"
     owner node['openstack']['image']['user']
     group node['openstack']['image']['group']
-    mode 00600
-    variables(
-      name: rbd_user,
-      key: rbd_key
-    )
+
+    action :add
+    notifies :restart, 'service[glance-api]'
   end
 end
 

spec/api_spec.rb

@@ -61,41 +61,11 @@ describe 'openstack-image::api' do
     describe 'using rbd for default_store' do
       before do
         node.set['openstack']['image']['api']['default_store'] = 'rbd'
+        node.set['ceph']['config']['fsid'] = '00000000-0000-0000-0000-000000000000'
       end
 
-      it 'upgrades python-ceph package' do
-        expect(chef_run).to upgrade_package('python-ceph')
-      end
-
-      it 'honors platform package name and option overrides for ceph packages' do
-        node.set['openstack']['image']['platform']['package_overrides'] = '--override1 --override2'
-        node.set['openstack']['image']['platform']['ceph_packages'] = ['my-ceph']
-
-        expect(chef_run).to upgrade_package('my-ceph').with(options: '--override1 --override2')
-      end
-
-      it 'includes the ceph_client recipe from openstack-common' do
-        expect(chef_run).to include_recipe('openstack-common::ceph_client')
-      end
-
-      describe 'cephx client keyring file' do
-        let(:file) { chef_run.template('/etc/ceph/ceph.client.glance.keyring') }
-
-        it 'creates /etc/ceph/ceph.client.glance.keyring' do
-          expect(chef_run).to create_template(file.name).with(
-            user: 'glance',
-            group: 'glance',
-            mode: 00600,
-            cookbook: 'openstack-common'
-          )
-        end
-
-        it 'has the proper content' do
-          [/^\[client\.glance\]$/,
-           /^  key = rbd-pass$/].each do |content|
-            expect(chef_run).to render_file(file.name).with_content(content)
-          end
-        end
+      it 'includes the ceph package' do
+        expect(chef_run).to include_recipe('ceph')
       end
     end
 
@@ -293,10 +263,10 @@ describe 'openstack-image::api' do
           end
         end
 
-        %w(store_ceph_conf store_user store_pool store_chunk_size).each do |attr|
+        %w(ceph_conf user pool chunk_size).each do |attr|
           it "sets the rbd #{attr} attribute" do
-            node.set['openstack']['image']['api']['rbd']["rbd_#{attr}"] = "rbd_#{attr}_value"
-            expect(chef_run).to render_file(file.name).with_content(/^rbd_#{attr} = rbd_#{attr}_value$/)
+            node.set['openstack']['image']['api']['rbd']["#{attr}"] = "rbd_#{attr}_value"
+            expect(chef_run).to render_file(file.name).with_content(/^rbd_store_#{attr} = rbd_#{attr}_value$/)
           end
         end
 

templates/default/glance-api.conf.erb

@@ -501,22 +501,22 @@ s3_store_create_bucket_on_put = False
 # include a reference to the right keyring
 # in a client.<USER> section
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
-rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_ceph_conf"] %>
+rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["ceph_conf"] %>
 
 # RADOS user to authenticate as (only applicable if using cephx)
 # If <None>, a default will be chosen based on the client. section
 # in rbd_store_ceph_conf
 #rbd_store_user = <None>
-rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_user"] %>
+rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["user"] %>
 
 # RADOS pool in which images are stored
 #rbd_store_pool = images
-rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_pool"] %>
+rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["pool"] %>
 
 # RADOS images will be chunked into objects of this size (in megabytes).
 # For best performance, this should be a power of two
 #rbd_store_chunk_size = 8
-rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_chunk_size"] %>
+rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["chunk_size"] %>
 
 # ============ Sheepdog Store Options =============================