From f3dd32b7715e31091f3c6c4f32a7dda2aaa3151a Mon Sep 17 00:00:00 2001
From: Alex Schultz <aschultz@redhat.com>
Date: Sat, 11 Nov 2017 21:04:32 +0000
Subject: [PATCH] Revert "Set ACLs on ceph client keyrings"

This reverts commit a4d12e02a7a44116aa8c7a327e14a09522a54b57.

There is a typo in the manilla relationship that causes failures.
Reverting for now to unblock scenario004. The typo should be fixed and
resubmitted.

Change-Id: I69f54418dd603e5819b9da483a04cea3b3f66231
Closes-Bug: #1731688
---
 manifests/profile/base/cinder/volume.pp               |  7 -------
 manifests/profile/base/glance/api.pp                  | 11 +----------
 manifests/profile/base/gnocchi/api.pp                 | 10 +---------
 manifests/profile/base/manila/share.pp                |  9 +--------
 manifests/profile/base/nova/compute_libvirt_shared.pp |  6 ------
 .../tripleo_profile_base_cinder_volume_spec.rb        |  3 ---
 spec/classes/tripleo_profile_base_gnocchi_api_spec.rb |  3 ---
 7 files changed, 3 insertions(+), 46 deletions(-)

diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp
index a508c2eb0..503b3f922 100644
--- a/manifests/profile/base/cinder/volume.pp
+++ b/manifests/profile/base/cinder/volume.pp
@@ -164,13 +164,6 @@ class tripleo::profile::base::cinder::volume (
       include ::tripleo::profile::base::cinder::volume::rbd
       $cinder_rbd_backend_name = hiera('cinder::backend::rbd::volume_backend_name', 'tripleo_ceph')
 
-      exec{ 'exec-setfacl-openstack-cinder':
-        path    => ['/bin', '/usr/bin'],
-        command => 'setfacl -m u:cinder:r-- /etc/ceph/ceph.client.openstack.keyring',
-        unless  => 'getfacl /etc/ceph/ceph.client.openstack.keyring | grep -q "user:cinder:r--"',
-      }
-      Ceph::Key<||> -> Exec['exec-setfacl-openstack-cinder']
-
       $cinder_rbd_extra_pools = hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools', undef)
       if $cinder_rbd_extra_pools {
           $base_name = $cinder_rbd_backend_name
diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp
index 7909f2ca1..c7f4cb293 100644
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@@ -129,16 +129,7 @@ class tripleo::profile::base::glance::api (
     case $glance_backend {
         'swift': { $backend_store = 'swift' }
         'file': { $backend_store = 'file' }
-        'rbd': {
-          $backend_store = 'rbd'
-          exec{ 'exec-setfacl-openstack-glance':
-            path    => ['/bin', '/usr/bin'],
-            command => 'setfacl -m u:glance:r-- /etc/ceph/ceph.client.openstack.keyring',
-            unless  => 'getfacl /etc/ceph/ceph.client.openstack.keyring | grep -q "user:glance:r--"',
-          }
-          Class['glance']->Exec['exec-setfacl-openstack-glance']
-          Ceph::Key<||> -> Exec['exec-setfacl-openstack-glance']
-        }
+        'rbd': { $backend_store = 'rbd' }
         'cinder': { $backend_store = 'cinder' }
         default: { fail('Unrecognized glance_backend parameter.') }
     }
diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp
index 23acec6de..c958359c1 100644
--- a/manifests/profile/base/gnocchi/api.pp
+++ b/manifests/profile/base/gnocchi/api.pp
@@ -124,15 +124,7 @@ class tripleo::profile::base::gnocchi::api (
         }
       }
       'file': { include ::gnocchi::storage::file }
-      'rbd': {
-        include ::gnocchi::storage::ceph
-        exec{ 'exec-setfacl-openstack-gnocchi':
-          path    => ['/bin', '/usr/bin'],
-          command => 'setfacl -m u:gnocchi:r-- /etc/ceph/ceph.client.openstack.keyring',
-          unless  => 'getfacl /etc/ceph/ceph.client.openstack.keyring | grep -q "user:gnocchi:r--"',
-        }
-        Ceph::Key<||> -> Exec['exec-satfacl-openstack-gnocchi']
-      }
+      'rbd': { include ::gnocchi::storage::ceph }
       default: { fail('Unrecognized gnocchi_backend parameter.') }
     }
   }
diff --git a/manifests/profile/base/manila/share.pp b/manifests/profile/base/manila/share.pp
index 9e6cbbbee..1c279993d 100644
--- a/manifests/profile/base/manila/share.pp
+++ b/manifests/profile/base/manila/share.pp
@@ -100,14 +100,7 @@ class tripleo::profile::base::manila::share (
       $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id')
       $keyring_path = "/etc/ceph/ceph.client.${cephfs_auth_id}.keyring"
 
-      exec{ "exec-setfacl-${cephfs_auth_id}}":
-        path    => ['/bin', '/usr/bin' ],
-        command => "setfacl -m u:manila:r-- ${keyring_path}",
-        unless  => "getfacl ${keyring_path} | grep -q \"user:manila:r--\"",
-      }
-      Ceph::Key<||> -> Exec["exec-satfacl-openstack-${cephfs_auth_id}"]
-
-      manila::backend::cephfs { $manila_cephfsnative_backend :
+      manila::backend::cephfsnative { $manila_cephfsnative_backend :
         driver_handles_share_servers => hiera('manila::backend::cephfsnative::driver_handles_share_servers', false),
         share_backend_name           => hiera('manila::backend::cephfsnative::share_backend_name'),
         cephfs_conf_path             => hiera('manila::backend::cephfsnative::cephfs_conf_path'),
diff --git a/manifests/profile/base/nova/compute_libvirt_shared.pp b/manifests/profile/base/nova/compute_libvirt_shared.pp
index 8fc8d453f..36235cde9 100644
--- a/manifests/profile/base/nova/compute_libvirt_shared.pp
+++ b/manifests/profile/base/nova/compute_libvirt_shared.pp
@@ -32,12 +32,6 @@ class tripleo::profile::base::nova::compute_libvirt_shared (
     $rbd_persistent_storage = hiera('rbd_persistent_storage', false)
     if $rbd_ephemeral_storage or $rbd_persistent_storage {
       include ::nova::compute::rbd
-      exec{ 'exec-setfacl-openstack-nova':
-        path    => ['/bin', '/usr/bin'],
-        command => 'setfacl -m u:nova:r-- /etc/ceph/ceph.client.openstack.keyring',
-        unless  => 'getfacl /etc/ceph/ceph.client.openstack.keyring | grep -q "user:nova:r--"',
-      }
-      Ceph::Key<||> -> Exec['exec-satfacl-openstack-nova']
     }
 
     if $rbd_ephemeral_storage {
diff --git a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
index 5cf79ff15..fab47cfa1 100644
--- a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
+++ b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb
@@ -186,9 +186,6 @@ describe 'tripleo::profile::base::cinder::volume' do
           is_expected.to contain_class('cinder::backends').with(
             :enabled_backends => ['tripleo_ceph']
           )
-          is_expected.to contain_exec('exec-setfacl-openstack-cinder').with(
-             'command' => "setfacl -m u:cinder:r-- /etc/ceph/ceph.client.openstack.keyring"
-          )
         end
         context 'additional rbd pools' do
           # The list of additional rbd pools is not an input, but instead comes
diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb
index d6035d5f4..60e82b384 100644
--- a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb
@@ -107,9 +107,6 @@ describe 'tripleo::profile::base::gnocchi::api' do
           :redis_url => 'redis://:gnocchi@127.0.0.1:6379/'
         )
         is_expected.to contain_class('gnocchi::storage::ceph')
-        is_expected.to contain_exec('exec-setfacl-openstack-gnocchi').with(
-          'command' => 'setfacl -m u:gnocchi:r-- /etc/ceph/ceph.client.openstack.keyring'
-        )
       }
     end