Merge "Add dependency on upstream ceph cookbook for better key management"

Berksfile

@@ -6,3 +6,5 @@ cookbook "openstack-identity",
   github: "stackforge/cookbook-openstack-identity"
 cookbook "openstack-common",
   github: "stackforge/cookbook-openstack-common"
+cookbook "ceph",
+  github: "ceph/ceph-cookbook"

CHANGELOG.md

@@ -3,6 +3,7 @@
 This file is used to list changes made in each version of cookbook-openstack-image.
 
 ## 10.1.0
+* Add dependency on upstream ceph cookbook for better key management
 ### Blue print
 * Make container_formats and disk_formats configurable
 

attributes/default.rb

@@ -141,12 +141,10 @@ default['openstack']['image']['cache']['stall_time'] = 86400
 default['openstack']['image']['cache']['grace_period'] = 3600
 
 # Ceph Options
-default['openstack']['image']['api']['rbd']['rbd_store_ceph_conf'] = '/etc/ceph/ceph.conf'
-default['openstack']['image']['api']['rbd']['rbd_store_user'] = 'glance'
-default['openstack']['image']['api']['rbd']['rbd_store_pool'] = 'images'
-default['openstack']['image']['api']['rbd']['rbd_store_chunk_size'] = '8'
-# The name used for the data bag item containing the Cephx user's password
-default['openstack']['image']['api']['rbd']['key_name'] = 'rbd-image'
+default['openstack']['image']['api']['rbd']['ceph_conf'] = '/etc/ceph/ceph.conf'
+default['openstack']['image']['api']['rbd']['user'] = 'glance'
+default['openstack']['image']['api']['rbd']['pool'] = 'images'
+default['openstack']['image']['api']['rbd']['chunk_size'] = '8'
 
 # API to use for accessing data. Default value points to sqlalchemy
 # package.

metadata.rb

@@ -17,3 +17,5 @@ end
 
 depends           'openstack-common', '~> 10.0'
 depends           'openstack-identity', '~> 10.0'
+depends           'ceph', '>= 0.2.1'
+depends           'ceph', '< 3.0.0'

recipes/api.rb

@@ -60,28 +60,21 @@ if node['openstack']['image']['api']['default_store'] == 'swift'
   end
 
 elsif node['openstack']['image']['api']['default_store'] == 'rbd'
-  rbd_user = node['openstack']['image']['api']['rbd']['rbd_store_user']
-  rbd_key = get_password 'service', node['openstack']['image']['api']['rbd']['key_name']
+  include_recipe 'ceph'
 
-  include_recipe 'openstack-common::ceph_client'
+  caps = { 'mon' => 'allow r',
+           'osd' => "allow class-read object_prefix rbd_children, allow rwx pool=#{node['openstack']['image']['api']['rbd']['pool']}" }
 
-  platform_options['ceph_packages'].each do |pkg|
-    package pkg do
-      options platform_options['package_overrides']
-      action :upgrade
-    end
-  end
-
-  template "/etc/ceph/ceph.client.#{rbd_user}.keyring" do
-    source 'ceph.client.keyring.erb'
-    cookbook 'openstack-common'
+  ceph_client node['openstack']['image']['api']['rbd']['user'] do
+    name node['openstack']['image']['api']['rbd']['user']
+    caps caps
+    keyname "client.#{node['openstack']['image']['api']['rbd']['user']}"
+    filename "/etc/ceph/ceph.client.#{node['openstack']['image']['api']['rbd']['user']}.keyring"
     owner node['openstack']['image']['user']
     group node['openstack']['image']['group']
-    mode 00600
-    variables(
-      name: rbd_user,
-      key: rbd_key
-    )
+
+    action :add
+    notifies :restart, 'service[glance-api]'
   end
 end
 

spec/api_spec.rb

@@ -61,41 +61,11 @@ describe 'openstack-image::api' do
     describe 'using rbd for default_store' do
       before do
         node.set['openstack']['image']['api']['default_store'] = 'rbd'
+        node.set['ceph']['config']['fsid'] = '00000000-0000-0000-0000-000000000000'
       end
 
-      it 'upgrades python-ceph package' do
-        expect(chef_run).to upgrade_package('python-ceph')
-      end
-
-      it 'honors platform package name and option overrides for ceph packages' do
-        node.set['openstack']['image']['platform']['package_overrides'] = '--override1 --override2'
-        node.set['openstack']['image']['platform']['ceph_packages'] = ['my-ceph']
-
-        expect(chef_run).to upgrade_package('my-ceph').with(options: '--override1 --override2')
-      end
-
-      it 'includes the ceph_client recipe from openstack-common' do
-        expect(chef_run).to include_recipe('openstack-common::ceph_client')
-      end
-
-      describe 'cephx client keyring file' do
-        let(:file) { chef_run.template('/etc/ceph/ceph.client.glance.keyring') }
-
-        it 'creates /etc/ceph/ceph.client.glance.keyring' do
-          expect(chef_run).to create_template(file.name).with(
-            user: 'glance',
-            group: 'glance',
-            mode: 00600,
-            cookbook: 'openstack-common'
-          )
-        end
-
-        it 'has the proper content' do
-          [/^\[client\.glance\]$/,
-           /^  key = rbd-pass$/].each do |content|
-            expect(chef_run).to render_file(file.name).with_content(content)
-          end
-        end
+      it 'includes the ceph package' do
+        expect(chef_run).to include_recipe('ceph')
       end
     end
 
@@ -293,10 +263,10 @@ describe 'openstack-image::api' do
           end
         end
 
-        %w(store_ceph_conf store_user store_pool store_chunk_size).each do |attr|
+        %w(ceph_conf user pool chunk_size).each do |attr|
           it "sets the rbd #{attr} attribute" do
-            node.set['openstack']['image']['api']['rbd']["rbd_#{attr}"] = "rbd_#{attr}_value"
-            expect(chef_run).to render_file(file.name).with_content(/^rbd_#{attr} = rbd_#{attr}_value$/)
+            node.set['openstack']['image']['api']['rbd']["#{attr}"] = "rbd_#{attr}_value"
+            expect(chef_run).to render_file(file.name).with_content(/^rbd_store_#{attr} = rbd_#{attr}_value$/)
           end
         end
 

templates/default/glance-api.conf.erb

@@ -501,22 +501,22 @@ s3_store_create_bucket_on_put = False
 # include a reference to the right keyring
 # in a client.<USER> section
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
-rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_ceph_conf"] %>
+rbd_store_ceph_conf = <%= node["openstack"]["image"]["api"]["rbd"]["ceph_conf"] %>
 
 # RADOS user to authenticate as (only applicable if using cephx)
 # If <None>, a default will be chosen based on the client. section
 # in rbd_store_ceph_conf
 #rbd_store_user = <None>
-rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_user"] %>
+rbd_store_user = <%= node["openstack"]["image"]["api"]["rbd"]["user"] %>
 
 # RADOS pool in which images are stored
 #rbd_store_pool = images
-rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_pool"] %>
+rbd_store_pool = <%= node["openstack"]["image"]["api"]["rbd"]["pool"] %>
 
 # RADOS images will be chunked into objects of this size (in megabytes).
 # For best performance, this should be a power of two
 #rbd_store_chunk_size = 8
-rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["rbd_store_chunk_size"] %>
+rbd_store_chunk_size = <%= node["openstack"]["image"]["api"]["rbd"]["chunk_size"] %>
 
 # ============ Sheepdog Store Options =============================