Skip to content

Commit

Permalink
Merge pull request #107 from hufman/feature-lwrp-improvements
Browse files Browse the repository at this point in the history
Feature lwrp improvements
  • Loading branch information
guilhem committed Mar 27, 2014
2 parents 44e536f + 2df1933 commit 5829974
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 20 deletions.
14 changes: 14 additions & 0 deletions libraries/default.rb
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,20 @@ def mon_addresses
mon_ips.reject { |m| m.nil? }.uniq
end

def mon_secret
# find the monitor secret
mon_secret = ''
mons = get_mon_nodes
if !mons.empty?
mon_secret = mons[0]['ceph']['monitor-secret']
elsif mons.empty? && node['ceph']['monitor-secret']
mon_secret = node['ceph']['monitor-secret']
else
Chef::Log.warn('No monitor secret found')
end
mon_secret
end

def quorum_members_ips
mon_ips = []
cmd = Mixlib::ShellOut.new("ceph --admin-daemon /var/run/ceph/ceph-mon.#{node['hostname']}.asok mon_status")
Expand Down
39 changes: 19 additions & 20 deletions providers/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,28 @@ def whyrun_supported?
end

action :add do
current_resource = @current_resource
filename = @current_resource.filename
keyname = @current_resource.keyname
caps = @new_resource.caps.map { |k, v| "#{k} '#{v}'" }.join(' ')
owner = @new_resource.owner
group = @new_resource.group
mode = @new_resource.mode
unless @current_resource.caps_match
converge_by("Set caps for #{@new_resource}") do
auth_set_key(keyname, caps)
current_resource.key = get_key(keyname)

end
end

# update the key in the file
file filename do
content file_content
owner 'root'
group 'root'
mode '640'
owner owner
group group
mode mode
end

end

def load_current_resource
Expand All @@ -30,47 +37,39 @@ def load_current_resource
@current_resource.caps(get_caps(@current_resource.keyname))
default_filename = "/etc/ceph/ceph.client.#{@new_resource.name}.#{node['hostname']}.#{@new_resource.as_keyring ? "keyring" : "secret"}"
@current_resource.filename(@new_resource.filename || default_filename)
@current_resource.key(get_new_key(@current_resource.keyname))
@current_resource.key = get_key(@current_resource.keyname)
@current_resource.caps_match = true if @current_resource.caps == @new_resource.caps
end

def file_content
@current_resource.as_keyring ? "[#{@current_resource.keyname}]\n\tkey = #{@current_resource.key}\n" : @current_resource.key
end

def get_new_key(keyname)
cmd = "ceph auth print_key #{keyname}"
def get_key(keyname)
cmd = "ceph auth print_key #{keyname} --name mon. --key='#{mon_secret}'"
Mixlib::ShellOut.new(cmd).run_command.stdout
end

def get_caps(keyname)
caps = {}
cmd = "ceph auth get #{keyname}"
cmd = "ceph auth get #{keyname} --name mon. --key='#{mon_secret}'"
output = Mixlib::ShellOut.new(cmd).run_command.stdout
output.scan(/caps\s*(\S+)\s*=\s*"([^"]*)"/) { |k, v| caps[k] = v }
caps
end

def auth_set_key(keyname, caps)
# find the monitor secret
mon_secret = ''
mons = get_mon_nodes
if !mons.empty?
mon_secret = mons[0]['ceph']['monitor-secret']
elsif mons.empty? && node['ceph']['monitor-secret']
mon_secret = node['ceph']['monitor-secret']
else
Chef::Log.warn('No monitor secret found')
end
secret = mon_secret
# try to add the key
cmd = "ceph auth get-or-create #{keyname} #{caps} --name mon. --key='#{mon_secret}'"
cmd = "ceph auth get-or-create #{keyname} #{caps} --name mon. --key='#{secret}'"
get_or_create = Mixlib::ShellOut.new(cmd)
get_or_create.run_command
if get_or_create.stderr.scan(/EINVAL.*but cap.*does not match/)
Chef::Log.info('Deleting old key with incorrect caps')
# delete an old key if it exists and is wrong
Mixlib::ShellOut.new("ceph auth del #{keyname}").run_command
Mixlib::ShellOut.new("ceph auth del #{keyname} --name mon. --key='#{secret}'").run_command
# try to create again
get_or_create = Mixlib::ShellOut.new(cmd)
get_or_create.run_command
end
get_or_create.error!
Expand Down
5 changes: 5 additions & 0 deletions resources/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,9 @@
# defaults to /etc/ceph/ceph.client.#{name}.#{hostname}.secret if not as_keyring
attribute :filename, :kind_of => String

# key file access creds
attribute :owner, :kind_of => String, :default => 'root'
attribute :group, :kind_of => String, :default => 'root'
attribute :mode, :kind_of => [Integer, String], :default => '00640'

attr_accessor :key, :caps_match

0 comments on commit 5829974

Please sign in to comment.