Glance: Fix storage-init script

The new storage-init script doesn't handle the case in which the rbd pool
user already exists. This PS solves the issue by improving the script.

Change-Id: I22c55429d3077393b279fb784845db41a69b5469
Closes-Bug: 1719081

glance/templates/bin/_ceph-admin-keyring.sh.tpl

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+export HOME=/tmp
+
+cat <<EOF > /etc/ceph/ceph.client.admin.keyring
+[client.admin]
+{{- if .Values.conf.ceph.admin_keyring }}
+    key = {{ .Values.conf.ceph.admin_keyring }}
+{{- else }}
+    key = $(cat /tmp/client-keyring)
+{{- end }}
+EOF
+
+exit 0

glance/templates/bin/_ceph-keyring.sh.tpl

@@ -21,11 +21,7 @@ export HOME=/tmp
 
 cat <<EOF > /etc/ceph/ceph.client.${RBD_STORE_USER}.keyring
 [client.${RBD_STORE_USER}]
-{{- if .Values.conf.ceph.keyring }}
-    key = {{ .Values.conf.ceph.keyring }}
-{{- else }}
     key = $(cat /tmp/client-keyring)
-{{- end }}
 EOF
 
 exit 0

glance/templates/bin/_storage-init.sh.tpl

@@ -36,11 +36,16 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then
   }
   ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE}
 
-  #NOTE(Portdirect): Determine proper privs to assign keyring
+  if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
-  ceph auth get-or-create client.${RBD_POOL_USER} \
+    KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
-    mon "allow *" \
+    echo $KEYSTR  > ${KEYRING}
-    osd "allow *" \
+  else
-    -o ${KEYRING}
+    #NOTE(Portdirect): Determine proper privs to assign keyring
+    ceph auth get-or-create client.${RBD_POOL_USER} \
+      mon "allow *" \
+      osd "allow *" \
+      -o ${KEYRING}
+  fi
 
   ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
   cat > ${SECRET} <<EOF

glance/templates/configmap-bin.yaml

@@ -45,6 +45,8 @@ data:
 {{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   ceph-keyring.sh: |+
 {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  ceph-admin-keyring.sh: |+
+{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   clean-image.sh: |+
 {{ tuple "bin/_clean-image.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   clean-secrets.sh: |+

glance/templates/job-storage-init.yaml

@@ -39,17 +39,14 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
           securityContext:
             runAsUser: {{ .Values.pod.user.glance.uid }}
-          env:
-            - name: RBD_STORE_USER
-              value: admin
           command:
-            - /tmp/ceph-keyring.sh
+            - /tmp/ceph-admin-keyring.sh
           volumeMounts:
             - name: etcceph
               mountPath: /etc/ceph
             - name: glance-bin
-              mountPath: /tmp/ceph-keyring.sh
+              mountPath: /tmp/ceph-admin-keyring.sh
-              subPath: ceph-keyring.sh
+              subPath: ceph-admin-keyring.sh
               readOnly: true
             - name: ceph-keyring
               mountPath: /tmp/client-keyring

glance/values.yaml

@@ -68,7 +68,7 @@ conf:
       container_format: bare
   ceph:
     monitors: []
-    keyring: null
+    admin_keyring: null
     override:
     append:
   ceph_client: