799029519b
* added endpoint attributes (moved from common) * removed qpid as a messaging option (can be incuded in a wrapper) * removed os-bare-metal dependencies * deleted default attributes from nova.conf.rb originated in openstack-common * removed fedora and suse as supported platform * adapted optimized endpoint logic * removed rubocop exceptions in recipes and regenerated the .rubocop_todo.yaml containing all remaining exceptions * added versionbumb for refactored os-identity and common * moved version up to 13.0.0 for mitaka release * adapted the specs (unit tests) to work again * refactored spec_helper.rb method "expect_creates_api_paste" * added new logic into templates/default/nova.conf.erb * refactored attributes throughout all recipes that were connected to the attributes used for the nova.conf.erb template to adapt the new template attribute syntax * moved all attributes from attributes/default.rb that were used in nova_conf.erb to attributes/nova_conf.rb * refactored attributes to fit upcomming template logic * refactored recipes/nova_common.rb to fit upcomming template logic * removed all attributes from default.rb and nova.conf.erb which are set as default in attributes, openstack doc and used to render the template * removed nova-network as a supported config option Depends-On: I9cc1b5cc069987ac83e064322c2291772505ff5f Depends-On: Ifa5a7f4e1df47a3961976e64f654224864c3dcb4 Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613 Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c Implements: blueprint cookbook-refactoring Change-Id: I9ac9eeb29ab27f31394830e4b6f999d5870cc0e4
76 lines
2.3 KiB
Ruby
76 lines
2.3 KiB
Ruby
# encoding: UTF-8
|
|
#
|
|
# Cookbook Name:: openstack-compute
|
|
# Recipe:: libvirt_rbd
|
|
#
|
|
# Copyright 2014, x-ion GmbH
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
class ::Chef::Recipe
|
|
include ::Openstack
|
|
end
|
|
|
|
include_recipe 'ceph'
|
|
|
|
ceph_user = node['openstack']['compute']['libvirt']['rbd']['cinder']['user'] # ['conf']['libvirt']['rbd_user']
|
|
cinder_pool = node['openstack']['compute']['libvirt']['rbd']['cinder']['pool']
|
|
nova_pool = node['openstack']['compute']['conf']['DEFAULT']['images_rbd_pool']
|
|
glance_pool = node['openstack']['compute']['libvirt']['rbd']['glance']['pool']
|
|
|
|
secret_uuid = node['openstack']['compute']['libvirt']['rbd']['cinder']['secret_uuid']
|
|
ceph_keyname = "client.#{ceph_user}"
|
|
ceph_keyring = "/etc/ceph/ceph.#{ceph_keyname}.keyring"
|
|
|
|
caps = { 'mon' => 'allow r',
|
|
'osd' => "allow class-read object_prefix rbd_children, allow rwx pool=#{cinder_pool}, allow rwx pool=#{nova_pool}, allow rx pool=#{glance_pool}" }
|
|
|
|
ceph_client ceph_user do
|
|
name ceph_user
|
|
caps caps
|
|
keyname ceph_keyname
|
|
filename ceph_keyring
|
|
owner node['openstack']['compute']['user']
|
|
group node['openstack']['compute']['group']
|
|
|
|
action :add
|
|
end
|
|
|
|
Chef::Log.info("rbd_secret_name: #{secret_uuid}")
|
|
|
|
template '/tmp/secret.xml' do
|
|
source 'secret.xml.erb'
|
|
user 'root'
|
|
group 'root'
|
|
mode '00600'
|
|
variables(
|
|
uuid: secret_uuid,
|
|
client_name: ceph_user
|
|
)
|
|
not_if "virsh secret-list | grep #{secret_uuid}"
|
|
end
|
|
|
|
execute 'virsh secret-define --file /tmp/secret.xml' do
|
|
not_if "virsh secret-list | grep #{secret_uuid}"
|
|
end
|
|
|
|
# this will update the key if necessary
|
|
execute "virsh secret-set-value --secret #{secret_uuid} --base64 $(ceph-authtool -p -n client.#{ceph_user} #{ceph_keyring})" do
|
|
not_if "virsh secret-get-value #{secret_uuid} | grep $(ceph-authtool -p -n #{ceph_keyname} #{ceph_keyring})"
|
|
end
|
|
|
|
file '/tmp/secret.xml' do
|
|
action :delete
|
|
end
|