Increase flexibility with managing client keys in profile
This commit introduces the client_keys hash parameter to ceph::profile. This allows one to use the profile to inject and configure any client keys with any parameter. Backwards compatibility is *NOT* maintained for the purpose of staying as clean and as simple as possible in the context of drafting the first stable release of puppet-ceph. This avoids shipping the first stable release with, already, a deprecation that will have to be maintained throughout an entire release cycle. Some tests have been added and test coverage is in general improved as part of this commit. Change-Id: Ie6adbd601388ab52c37037004bd0ceef9fc41942
This commit is contained in:
parent
7f7847315c
commit
2041c1e7b5
|
@ -18,10 +18,29 @@ ceph::profile::params::public_network: '10.11.12.0/24'
|
|||
ceph::profile::params::mon_key: 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg=='
|
||||
# as an alternative to specifying the mon key you can provide an exising keyring
|
||||
#ceph::profile::params::mon_keyring: '/etc/ceph/ceph.mon.keyring'
|
||||
ceph::profile::params::admin_key: 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA=='
|
||||
ceph::profile::params::admin_key_mode: '0600'
|
||||
ceph::profile::params::bootstrap_osd_key: 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw=='
|
||||
ceph::profile::params::bootstrap_mds_key: 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw=='
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA=='
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
'client.bootstrap-osd':
|
||||
secret: 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw=='
|
||||
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
|
||||
cap_mon: 'allow profile bootstrap-osd'
|
||||
'client.bootstrap-mds':
|
||||
secret: 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw=='
|
||||
keyring_path: '/var/lib/ceph/bootstrap-mds/ceph.keyring'
|
||||
cap_mon: 'allow profile bootstrap-mds'
|
||||
'client.volumes':
|
||||
secret: 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw=='
|
||||
mode: '0600'
|
||||
user: 'cinder'
|
||||
group: 'cinder'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
|
||||
ceph::profile::params::osds:
|
||||
'/dev/sdc':
|
||||
journal: '/dev/sdb1'
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
ceph::profile::params::client_keys:
|
||||
'client.volumes':
|
||||
secret: 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw=='
|
||||
mode: '0644'
|
||||
user: 'root'
|
||||
group: 'root'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
|
@ -14,21 +14,21 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
# Class: ceph::profile::client
|
||||
# == Class: ceph::profile::client
|
||||
#
|
||||
# Profile for a Ceph client
|
||||
#
|
||||
class ceph::profile::client {
|
||||
require ceph::profile::base
|
||||
require ::ceph::profile::base
|
||||
|
||||
# if this is also a mon, the key is already defined
|
||||
if ! defined(Ceph::Key['client.admin']) {
|
||||
if $ceph::profile::params::admin_key {
|
||||
ceph::key { 'client.admin':
|
||||
keyring_path => '/etc/ceph/ceph.client.admin.keyring',
|
||||
secret => $ceph::profile::params::admin_key,
|
||||
mode => $ceph::profile::params::admin_key_mode,
|
||||
# If the same server is hosting a mon, osd and client, the key resource is
|
||||
# ultimately handled by the mon class.
|
||||
if ! defined(Class['ceph::keys']) {
|
||||
if !empty($ceph::profile::params::client_keys) {
|
||||
class { '::ceph::keys':
|
||||
args => $ceph::profile::params::client_keys
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,13 +14,14 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
# == Class: ceph::profile::mon
|
||||
#
|
||||
# Profile for a Ceph mon
|
||||
#
|
||||
class ceph::profile::mon {
|
||||
require ceph::profile::base
|
||||
require ::ceph::profile::base
|
||||
|
||||
Ceph_Config<| |> ->
|
||||
ceph::mon { $::hostname:
|
||||
|
@ -29,36 +30,16 @@ class ceph::profile::mon {
|
|||
keyring => $ceph::profile::params::mon_keyring,
|
||||
}
|
||||
|
||||
Ceph::Key {
|
||||
$defaults = {
|
||||
inject => true,
|
||||
inject_as_id => 'mon.',
|
||||
inject_keyring => "/var/lib/ceph/mon/ceph-${::hostname}/keyring",
|
||||
}
|
||||
|
||||
# this supports providing the key manually
|
||||
if $ceph::profile::params::admin_key {
|
||||
ceph::key { 'client.admin':
|
||||
secret => $ceph::profile::params::admin_key,
|
||||
cap_mon => 'allow *',
|
||||
cap_osd => 'allow *',
|
||||
cap_mds => 'allow',
|
||||
mode => $ceph::profile::params::admin_key_mode,
|
||||
}
|
||||
}
|
||||
|
||||
if $ceph::profile::params::bootstrap_osd_key {
|
||||
ceph::key { 'client.bootstrap-osd':
|
||||
secret => $ceph::profile::params::bootstrap_osd_key,
|
||||
keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
cap_mon => 'allow profile bootstrap-osd',
|
||||
}
|
||||
}
|
||||
|
||||
if $ceph::profile::params::bootstrap_mds_key {
|
||||
ceph::key { 'client.bootstrap-mds':
|
||||
secret => $ceph::profile::params::bootstrap_mds_key,
|
||||
keyring_path => '/var/lib/ceph/bootstrap-mds/ceph.keyring',
|
||||
cap_mon => 'allow profile bootstrap-mds',
|
||||
if !empty($ceph::profile::params::client_keys) {
|
||||
class { '::ceph::keys':
|
||||
args => $ceph::profile::params::client_keys,
|
||||
defaults => $defaults
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,23 +14,14 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
# Class: ceph::profle::osd
|
||||
#
|
||||
# Profile for a Ceph osd
|
||||
#
|
||||
class ceph::profile::osd {
|
||||
require ceph::profile::base
|
||||
|
||||
# this supports providing the key manually
|
||||
if $ceph::profile::params::bootstrap_osd_key {
|
||||
if ! defined(Ceph::Key['client.bootstrap-osd']) {
|
||||
ceph::key { 'client.bootstrap-osd':
|
||||
keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
secret => $ceph::profile::params::bootstrap_osd_key,
|
||||
}
|
||||
}
|
||||
}
|
||||
require ::ceph::profile::client
|
||||
|
||||
class { '::ceph::osds':
|
||||
args => $ceph::profile::params::osds,
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
# == Class: ceph::profile::params
|
||||
#
|
||||
|
@ -69,22 +70,17 @@
|
|||
# [*public_network*] The address of the public network.
|
||||
# Optional. {public-network-ip/netmask}
|
||||
#
|
||||
# [*admin_key*] The admin secret key.
|
||||
# Optional.
|
||||
#
|
||||
# [*admin_key_mode*] The admin key mode.
|
||||
# Optional.
|
||||
#
|
||||
# [*mon_key*] The mon secret key.
|
||||
# Optional. Either mon_key or mon_keyring need to be set when using cephx.
|
||||
#
|
||||
# [*mon_keyring*] The location of the keyring retrieved by default
|
||||
# Optional. Either mon_key or mon_keyring need to be set when using cephx
|
||||
#
|
||||
# [*bootstrap_osd_key*] The osd secret key (used for bootstrap)
|
||||
# Optional.
|
||||
# [*client_keys*] A hash of client keys that will be passed to ceph::keys.
|
||||
# Optional but required when using cephx.
|
||||
# See ceph::key for hash parameters andstructure.
|
||||
#
|
||||
# [*bootstrap_mds_key*] The mds secret key (used for bootstrap)
|
||||
# [*osds*] A Ceph osd hash
|
||||
# Optional.
|
||||
#
|
||||
# [*manage_repo*] Whether we should manage the local repository (true) or depend
|
||||
|
@ -92,9 +88,6 @@
|
|||
# the repo by yourself.
|
||||
# Optional. Defaults to true
|
||||
#
|
||||
# [*osds*] A Ceph osd hash
|
||||
# Optional.
|
||||
#
|
||||
class ceph::profile::params (
|
||||
# puppet 2.7 compatibiliy hack. TODO: change to undef once 2.7 is deprecated
|
||||
$fsid = '4b5c8c0a-ff60-454b-a1b4-9747aa737d19',
|
||||
|
@ -108,13 +101,15 @@ class ceph::profile::params (
|
|||
$osd_pool_default_min_size = undef,
|
||||
$cluster_network = undef,
|
||||
$public_network = undef,
|
||||
$admin_key = undef,
|
||||
$admin_key_mode = undef,
|
||||
$mon_key = undef,
|
||||
$mon_keyring = undef,
|
||||
$bootstrap_osd_key = undef,
|
||||
$bootstrap_mds_key = undef,
|
||||
$client_keys = {},
|
||||
$osds = undef,
|
||||
$manage_repo = true,
|
||||
) {
|
||||
validate_hash($client_keys)
|
||||
|
||||
if $authentication_type == 'cephx' and empty($client_keys) {
|
||||
fail("client_keys must be provided when using authentication_type = 'cephx'")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,17 +14,79 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'ceph::profile::client' do
|
||||
|
||||
shared_examples_for 'ceph profile client' do
|
||||
it { is_expected.to contain_ceph__key('client.admin').with(
|
||||
:secret => 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA==',
|
||||
:keyring_path => '/etc/ceph/ceph.client.admin.keyring',
|
||||
:mode => '0644')
|
||||
}
|
||||
context 'with the default client keys defined in common.yaml' do
|
||||
|
||||
it { is_expected.to contain_class('ceph::profile::base') }
|
||||
it { is_expected.to contain_class('ceph::keys').with(
|
||||
'args' => {
|
||||
'client.admin' => {
|
||||
'secret' => 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA==',
|
||||
'mode' => '0600',
|
||||
'cap_mon' => 'allow *',
|
||||
'cap_osd' => 'allow *',
|
||||
'cap_mds' => 'allow *'
|
||||
},
|
||||
'client.bootstrap-osd' => {
|
||||
'secret' => 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw==',
|
||||
'keyring_path' => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
'cap_mon' => 'allow profile bootstrap-osd'
|
||||
},
|
||||
'client.bootstrap-mds' => {
|
||||
'secret' => 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw==',
|
||||
'keyring_path' => '/var/lib/ceph/bootstrap-mds/ceph.keyring',
|
||||
'cap_mon' => 'allow profile bootstrap-mds'
|
||||
},
|
||||
'client.volumes' => {
|
||||
'secret' => 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw==',
|
||||
'mode' => '0644',
|
||||
'user' => 'root',
|
||||
'group' => 'root',
|
||||
'cap_mon' => 'allow r',
|
||||
'cap_osd' => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
}
|
||||
}
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with the specific client keys defined in client.yaml' do
|
||||
|
||||
before :each do
|
||||
facts.merge!( :hostname => 'client')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_class('ceph::profile::base') }
|
||||
it { is_expected.to contain_class('ceph::keys').with(
|
||||
'args' => {
|
||||
'client.volumes' => {
|
||||
'secret' => 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw==',
|
||||
'mode' => '0644',
|
||||
'user' => 'root',
|
||||
'group' => 'root',
|
||||
'cap_mon' => 'allow r',
|
||||
'cap_osd' => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
}
|
||||
}
|
||||
)}
|
||||
end
|
||||
|
||||
context 'without cephx and client_keys' do
|
||||
let :pre_condition do
|
||||
"class { 'ceph::profile::params':
|
||||
authentication_type => 'undef',
|
||||
client_keys => {}
|
||||
}"
|
||||
end
|
||||
|
||||
it { is_expected.to contain_class('ceph::profile::base') }
|
||||
it { is_expected.to_not contain_class('ceph::keys') }
|
||||
end
|
||||
end
|
||||
|
||||
context 'on Debian' do
|
||||
|
|
|
@ -20,36 +20,45 @@ require 'spec_helper'
|
|||
describe 'ceph::profile::mon' do
|
||||
|
||||
shared_examples_for 'ceph profile mon' do
|
||||
|
||||
it { is_expected.to contain_ceph__mon('first').with(
|
||||
:authentication_type => 'cephx',
|
||||
:key => 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg==')
|
||||
}
|
||||
it { is_expected.to contain_ceph__key('client.admin').with(
|
||||
:secret => 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA==',
|
||||
:cap_mon => 'allow *',
|
||||
:cap_osd => 'allow *',
|
||||
:cap_mds => 'allow',
|
||||
:mode => '0644',
|
||||
:inject => true,
|
||||
:inject_as_id => 'mon.',
|
||||
:inject_keyring => '/var/lib/ceph/mon/ceph-first/keyring')
|
||||
}
|
||||
it { is_expected.to contain_ceph__key('client.bootstrap-osd').with(
|
||||
:secret => 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw==',
|
||||
:keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
:cap_mon => 'allow profile bootstrap-osd',
|
||||
:inject => true,
|
||||
:inject_as_id => 'mon.',
|
||||
:inject_keyring => '/var/lib/ceph/mon/ceph-first/keyring')
|
||||
}
|
||||
it { is_expected.to contain_ceph__key('client.bootstrap-mds').with(
|
||||
:secret => 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw==',
|
||||
:keyring_path => '/var/lib/ceph/bootstrap-mds/ceph.keyring',
|
||||
:cap_mon => 'allow profile bootstrap-mds',
|
||||
:inject => true,
|
||||
:inject_as_id => 'mon.',
|
||||
:inject_keyring => '/var/lib/ceph/mon/ceph-first/keyring')
|
||||
}
|
||||
it { is_expected.to contain_class('ceph::keys').with(
|
||||
'args' => {
|
||||
'client.admin' => {
|
||||
'secret' => 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA==',
|
||||
'mode' => '0600',
|
||||
'cap_mon' => 'allow *',
|
||||
'cap_osd' => 'allow *',
|
||||
'cap_mds' => 'allow *'
|
||||
},
|
||||
'client.bootstrap-osd' => {
|
||||
'secret' => 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw==',
|
||||
'keyring_path' => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
'cap_mon' => 'allow profile bootstrap-osd'
|
||||
},
|
||||
'client.bootstrap-mds' => {
|
||||
'secret' => 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw==',
|
||||
'keyring_path' => '/var/lib/ceph/bootstrap-mds/ceph.keyring',
|
||||
'cap_mon' => 'allow profile bootstrap-mds'
|
||||
},
|
||||
'client.volumes' => {
|
||||
'secret' => 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw==',
|
||||
'mode' => '0644',
|
||||
'user' => 'root',
|
||||
'group' => 'root',
|
||||
'cap_mon' => 'allow r',
|
||||
'cap_osd' => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
}
|
||||
},
|
||||
'defaults' => {
|
||||
'inject' => true,
|
||||
'inject_as_id' => 'mon.',
|
||||
'inject_keyring' => '/var/lib/ceph/mon/ceph-first/keyring'
|
||||
}
|
||||
)}
|
||||
end
|
||||
|
||||
context 'on Debian' do
|
||||
|
|
|
@ -26,10 +26,7 @@ describe 'ceph::profile::osd' do
|
|||
facts.merge!( :hostname => 'osd')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_ceph__key('client.bootstrap-osd').with(
|
||||
:keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
:secret => 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw==')
|
||||
}
|
||||
it { is_expected.to contain_class('ceph::profile::client') }
|
||||
it { is_expected.to contain_ceph__osd('/dev/sdc').with(:journal => '/dev/sdb1') }
|
||||
it { is_expected.to contain_ceph__osd('/dev/sdd').with(:journal => '/dev/sdb2') }
|
||||
end
|
||||
|
@ -40,10 +37,7 @@ describe 'ceph::profile::osd' do
|
|||
facts.merge!( :hostname => 'first')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_ceph__key('client.bootstrap-osd').with(
|
||||
:keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
|
||||
:secret => 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw==')
|
||||
}
|
||||
it { is_expected.to contain_class('ceph::profile::client') }
|
||||
it { is_expected.to contain_ceph__osd('/dev/sdb').with( :journal => '/tmp/journal') }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,87 @@
|
|||
#
|
||||
# Copyright (C) 2015 iWeb Technologies Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'ceph::profile::params' do
|
||||
|
||||
shared_examples_for 'ceph profile params' do
|
||||
describe "should fail when client_keys is not a hash" do
|
||||
|
||||
let :pre_condition do
|
||||
"class { 'ceph::profile::params':
|
||||
client_keys => 'client.admin'
|
||||
}"
|
||||
end
|
||||
|
||||
it { is_expected.to raise_error Puppet::Error, /is not a Hash/ }
|
||||
end
|
||||
|
||||
describe "should fail when using cephx without client_keys" do
|
||||
|
||||
let :pre_condition do
|
||||
"class { 'ceph::profile::params':
|
||||
authentication_type => 'cephx',
|
||||
client_keys => {}
|
||||
}"
|
||||
end
|
||||
|
||||
it { is_expected.to raise_error Puppet::Error,
|
||||
/client_keys must be provided when using authentication_type = 'cephx'/
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
context 'on Debian' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:lsbdistcodename => 'wheezy'
|
||||
}
|
||||
end
|
||||
|
||||
it_configures 'ceph profile params'
|
||||
end
|
||||
|
||||
context 'on Ubuntu' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:osfamily => 'Debian',
|
||||
:lsbdistcodename => 'Precise'
|
||||
}
|
||||
end
|
||||
|
||||
it_configures 'ceph profile params'
|
||||
end
|
||||
|
||||
context 'on RHEL6' do
|
||||
|
||||
let :facts do
|
||||
{ :osfamily => 'RedHat', }
|
||||
end
|
||||
|
||||
it_configures 'ceph profile params'
|
||||
end
|
||||
end
|
||||
# Local Variables:
|
||||
# compile-command: "cd ../.. ;
|
||||
# BUNDLE_PATH=/tmp/vendor bundle install ;
|
||||
# BUNDLE_PATH=/tmp/vendor bundle exec rake spec
|
||||
# "
|
||||
# End:
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
######## Ceph
|
||||
ceph::profile::params::release: 'firefly'
|
||||
ceph::profile::params::release: 'giant'
|
||||
|
||||
######## Ceph.conf
|
||||
ceph::profile::params::fsid: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
|
||||
|
@ -16,13 +16,30 @@ ceph::profile::params::public_network: '10.11.12.0/24'
|
|||
|
||||
######## Keys
|
||||
ceph::profile::params::mon_key: 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg=='
|
||||
ceph::profile::params::admin_key: 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA=='
|
||||
ceph::profile::params::admin_key_mode: '0644'
|
||||
ceph::profile::params::bootstrap_osd_key: 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw=='
|
||||
ceph::profile::params::bootstrap_mds_key: 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw=='
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA=='
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
'client.bootstrap-osd':
|
||||
secret: 'AQARG3JTsDDEHhAAVinHPiqvJkUi5Mww/URupw=='
|
||||
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
|
||||
cap_mon: 'allow profile bootstrap-osd'
|
||||
'client.bootstrap-mds':
|
||||
secret: 'AQCztJdSyNb0NBAASA2yPZPuwXeIQnDJ9O8gVw=='
|
||||
keyring_path: '/var/lib/ceph/bootstrap-mds/ceph.keyring'
|
||||
cap_mon: 'allow profile bootstrap-mds'
|
||||
'client.volumes':
|
||||
secret: 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw=='
|
||||
mode: '0644'
|
||||
user: 'root'
|
||||
group: 'root'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
ceph::profile::params::osds:
|
||||
'/dev/sdc':
|
||||
journal: '/dev/sdb1'
|
||||
'/dev/sdd':
|
||||
journal: '/dev/sdb2'
|
||||
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
ceph::profile::params::client_keys:
|
||||
'client.volumes':
|
||||
secret: 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw=='
|
||||
mode: '0644'
|
||||
user: 'root'
|
||||
group: 'root'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
|
@ -14,6 +14,7 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
require 'spec_helper_system'
|
||||
|
||||
|
@ -25,6 +26,7 @@ describe 'ceph::profile::client' do
|
|||
packages = "[ 'python-ceph', 'ceph-common', 'librados2', 'librbd1', 'libcephfs1' ]"
|
||||
fsid = 'a4807c9a-e76f-4666-a297-6d6cbc922e3a'
|
||||
admin_key = 'AQA0TVRTsP/aHxAAFBvntu1dSEJHxtJeFFrRsg=='
|
||||
volumes_key = 'AQA4MPZTOGU0ARAAXH9a0fXxVq0X25n2yPREDw=='
|
||||
mon_key = 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg=='
|
||||
hieradata_common = '/var/lib/hiera/common.yaml'
|
||||
hiera_shared = <<-EOS
|
||||
|
@ -39,6 +41,7 @@ ceph::profile::params::mon_host: '10.11.12.2:6789'
|
|||
->
|
||||
file { [
|
||||
'/etc/ceph/ceph.client.admin.keyring',
|
||||
'/etc/ceph/ceph.client.volumes.keyring'
|
||||
]:
|
||||
ensure => absent
|
||||
}
|
||||
|
@ -65,12 +68,25 @@ ceph::profile::params::mon_host: '10.11.12.2:6789'
|
|||
end
|
||||
|
||||
describe 'on one host' do
|
||||
it 'should install one monitor and one client on one host', :cephx do
|
||||
it 'should install one monitor and one extra client on one host', :cephx do
|
||||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::admin_key: '#{admin_key}'
|
||||
ceph::profile::params::mon_key: '#{mon_key}'
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: #{admin_key}
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
'client.volumes':
|
||||
secret: #{volumes_key}
|
||||
mode: '0644'
|
||||
user: 'root'
|
||||
group: 'root'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
EOS
|
||||
|
||||
file = Tempfile.new('hieradata')
|
||||
|
@ -99,10 +115,21 @@ ceph::profile::params::mon_key: '#{mon_key}'
|
|||
r.exit_code.should be_zero
|
||||
end
|
||||
|
||||
shell 'ceph -n client.volumes -s' do |r|
|
||||
r.stdout.should =~ /1 mons .* quorum 0 first/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
|
||||
shell 'ceph auth list' do |r|
|
||||
r.stdout.should =~ /#{admin_key}/
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
|
||||
shell 'ceph auth list' do |r|
|
||||
r.stdout.should =~ /#{volumes_key}/
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
end
|
||||
|
||||
it 'should uninstall one monitor' do
|
||||
|
@ -115,12 +142,42 @@ ceph::profile::params::mon_key: '#{mon_key}'
|
|||
describe 'on two hosts' do
|
||||
it 'should install one monitor on first host, one client on second host', :cephx do
|
||||
['first', 'second'].each do |vm|
|
||||
hiera = <<-EOS
|
||||
if vm == "first"
|
||||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::admin_key: '#{admin_key}'
|
||||
ceph::profile::params::mon_key: '#{mon_key}'
|
||||
EOS
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: #{admin_key}
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
'client.volumes':
|
||||
secret: #{volumes_key}
|
||||
mode: '0644'
|
||||
user: 'root'
|
||||
group: 'root'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
EOS
|
||||
end
|
||||
|
||||
if vm == "second"
|
||||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::client_keys:
|
||||
'client.volumes':
|
||||
secret: #{volumes_key}
|
||||
mode: '0644'
|
||||
user: 'root'
|
||||
group: 'root'
|
||||
cap_mon: 'allow r'
|
||||
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'
|
||||
EOS
|
||||
end
|
||||
|
||||
file = Tempfile.new('hieradata')
|
||||
begin
|
||||
|
@ -150,15 +207,27 @@ ceph::profile::params::mon_key: '#{mon_key}'
|
|||
end
|
||||
end
|
||||
|
||||
shell 'ceph -s' do |r|
|
||||
r.stdout.should =~ /1 mons .* quorum 0 first/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
['first', 'second'].each do |vm|
|
||||
if vm == "first"
|
||||
shell 'ceph -s' do |r|
|
||||
r.stdout.should =~ /1 mons .* quorum 0 first/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
|
||||
shell 'ceph auth list' do |r|
|
||||
r.stdout.should =~ /#{admin_key}/
|
||||
r.exit_code.should be_zero
|
||||
shell 'ceph auth list' do |r|
|
||||
r.stdout.should =~ /#{admin_key}/
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
end
|
||||
|
||||
if vm == "second"
|
||||
shell 'ceph -n client.volumes -s' do |r|
|
||||
r.stdout.should =~ /1 mons .* quorum 0 first/
|
||||
r.stderr.should be_empty
|
||||
r.exit_code.should be_zero
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
# limitations under the License.
|
||||
#
|
||||
# Author: David Gurtner <aldavud@crimson.ch>
|
||||
# Author: David Moreau Simard <dmsimard@iweb.com>
|
||||
#
|
||||
require 'spec_helper_system'
|
||||
|
||||
|
@ -123,10 +124,16 @@ ceph::profile::params::mon_host: '10.11.12.2:6789'
|
|||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::admin_key: '#{admin_key}'
|
||||
ceph::profile::params::mon_key: '#{mon_key}'
|
||||
ceph::profile::params::mon_initial_members: 'first'
|
||||
ceph::profile::params::mon_host: '10.11.12.2:6789'
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: #{admin_key}
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
EOS
|
||||
|
||||
file = Tempfile.new('hieradata')
|
||||
|
@ -199,10 +206,16 @@ ceph::profile::params::mon_host: '10.11.12.2:6789'
|
|||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::admin_key: '#{admin_key}'
|
||||
ceph::profile::params::mon_keyring: '#{keyring_path}'
|
||||
ceph::profile::params::mon_initial_members: 'first'
|
||||
ceph::profile::params::mon_host: '10.11.12.2:6789'
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: #{admin_key}
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
EOS
|
||||
|
||||
file = Tempfile.new('hieradata')
|
||||
|
|
|
@ -194,11 +194,20 @@ ceph::profile::params::osds:
|
|||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::admin_key: '#{admin_key}'
|
||||
ceph::profile::params::bootstrap_osd_key: '#{bootstrap_osd_key}'
|
||||
ceph::profile::params::mon_key: '#{mon_key}'
|
||||
ceph::profile::params::osds:
|
||||
'/dev/sdb': {}
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: #{admin_key}
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
'client.bootstrap-osd':
|
||||
secret: #{bootstrap_osd_key}
|
||||
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
|
||||
cap_mon: 'allow profile bootstrap-osd'
|
||||
EOS
|
||||
|
||||
file = Tempfile.new('hieradata')
|
||||
|
@ -341,11 +350,20 @@ ceph::profile::params::osds:
|
|||
hiera = <<-EOS
|
||||
ceph::profile::params::release: '#{release}'
|
||||
ceph::profile::params::authentication_type: 'cephx'
|
||||
ceph::profile::params::admin_key: '#{admin_key}'
|
||||
ceph::profile::params::bootstrap_osd_key: '#{bootstrap_osd_key}'
|
||||
ceph::profile::params::mon_key: '#{mon_key}'
|
||||
ceph::profile::params::osds:
|
||||
'/dev/sdb': {}
|
||||
ceph::profile::params::client_keys:
|
||||
'client.admin':
|
||||
secret: #{admin_key}
|
||||
mode: '0600'
|
||||
cap_mon: 'allow *'
|
||||
cap_osd: 'allow *'
|
||||
cap_mds: 'allow *'
|
||||
'client.bootstrap-osd':
|
||||
secret: #{bootstrap_osd_key}
|
||||
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
|
||||
cap_mon: 'allow profile bootstrap-osd'
|
||||
EOS
|
||||
|
||||
file = Tempfile.new('hieradata')
|
||||
|
|
Loading…
Reference in New Issue