diff --git a/libraries/default.rb b/libraries/default.rb index d02f7c4..faeeebd 100644 --- a/libraries/default.rb +++ b/libraries/default.rb @@ -69,6 +69,20 @@ def mon_addresses mon_ips.reject { |m| m.nil? }.uniq end +def mon_secret + # find the monitor secret + mon_secret = '' + mons = get_mon_nodes + if !mons.empty? + mon_secret = mons[0]['ceph']['monitor-secret'] + elsif mons.empty? && node['ceph']['monitor-secret'] + mon_secret = node['ceph']['monitor-secret'] + else + Chef::Log.warn('No monitor secret found') + end + mon_secret +end + def quorum_members_ips mon_ips = [] cmd = Mixlib::ShellOut.new("ceph --admin-daemon /var/run/ceph/ceph-mon.#{node['hostname']}.asok mon_status") diff --git a/providers/client.rb b/providers/client.rb index becada6..e176365 100644 --- a/providers/client.rb +++ b/providers/client.rb @@ -5,21 +5,28 @@ def whyrun_supported? end action :add do + current_resource = @current_resource filename = @current_resource.filename keyname = @current_resource.keyname caps = @new_resource.caps.map { |k, v| "#{k} '#{v}'" }.join(' ') + owner = @new_resource.owner + group = @new_resource.group + mode = @new_resource.mode unless @current_resource.caps_match converge_by("Set caps for #{@new_resource}") do auth_set_key(keyname, caps) + current_resource.key = get_key(keyname) + end end - + # update the key in the file file filename do content file_content - owner 'root' - group 'root' - mode '640' + owner owner + group group + mode mode end + end def load_current_resource @@ -30,7 +37,7 @@ def load_current_resource @current_resource.caps(get_caps(@current_resource.keyname)) default_filename = "/etc/ceph/ceph.client.#{@new_resource.name}.#{node['hostname']}.#{@new_resource.as_keyring ? "keyring" : "secret"}" @current_resource.filename(@new_resource.filename || default_filename) - @current_resource.key(get_new_key(@current_resource.keyname)) + @current_resource.key = get_key(@current_resource.keyname) @current_resource.caps_match = true if @current_resource.caps == @new_resource.caps end @@ -38,39 +45,31 @@ def file_content @current_resource.as_keyring ? "[#{@current_resource.keyname}]\n\tkey = #{@current_resource.key}\n" : @current_resource.key end -def get_new_key(keyname) - cmd = "ceph auth print_key #{keyname}" +def get_key(keyname) + cmd = "ceph auth print_key #{keyname} --name mon. --key='#{mon_secret}'" Mixlib::ShellOut.new(cmd).run_command.stdout end def get_caps(keyname) caps = {} - cmd = "ceph auth get #{keyname}" + cmd = "ceph auth get #{keyname} --name mon. --key='#{mon_secret}'" output = Mixlib::ShellOut.new(cmd).run_command.stdout output.scan(/caps\s*(\S+)\s*=\s*"([^"]*)"/) { |k, v| caps[k] = v } caps end def auth_set_key(keyname, caps) - # find the monitor secret - mon_secret = '' - mons = get_mon_nodes - if !mons.empty? - mon_secret = mons[0]['ceph']['monitor-secret'] - elsif mons.empty? && node['ceph']['monitor-secret'] - mon_secret = node['ceph']['monitor-secret'] - else - Chef::Log.warn('No monitor secret found') - end + secret = mon_secret # try to add the key - cmd = "ceph auth get-or-create #{keyname} #{caps} --name mon. --key='#{mon_secret}'" + cmd = "ceph auth get-or-create #{keyname} #{caps} --name mon. --key='#{secret}'" get_or_create = Mixlib::ShellOut.new(cmd) get_or_create.run_command if get_or_create.stderr.scan(/EINVAL.*but cap.*does not match/) Chef::Log.info('Deleting old key with incorrect caps') # delete an old key if it exists and is wrong - Mixlib::ShellOut.new("ceph auth del #{keyname}").run_command + Mixlib::ShellOut.new("ceph auth del #{keyname} --name mon. --key='#{secret}'").run_command # try to create again + get_or_create = Mixlib::ShellOut.new(cmd) get_or_create.run_command end get_or_create.error! diff --git a/resources/client.rb b/resources/client.rb index e8af62a..2428b34 100644 --- a/resources/client.rb +++ b/resources/client.rb @@ -16,4 +16,9 @@ # defaults to /etc/ceph/ceph.client.#{name}.#{hostname}.secret if not as_keyring attribute :filename, :kind_of => String +# key file access creds +attribute :owner, :kind_of => String, :default => 'root' +attribute :group, :kind_of => String, :default => 'root' +attribute :mode, :kind_of => [Integer, String], :default => '00640' + attr_accessor :key, :caps_match