diff --git a/cinder/templates/bin/_ceph-admin-keyring.sh.tpl b/cinder/templates/bin/_ceph-admin-keyring.sh.tpl new file mode 100644 index 0000000000..f3c0a521db --- /dev/null +++ b/cinder/templates/bin/_ceph-admin-keyring.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cat < /etc/ceph/ceph.client.admin.keyring +[client.admin] +{{- if .Values.conf.ceph.admin_keyring }} + key = {{ .Values.conf.ceph.admin_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/cinder/templates/bin/_ceph-keyring.sh.tpl b/cinder/templates/bin/_ceph-keyring.sh.tpl index f27075331b..4673bd192b 100644 --- a/cinder/templates/bin/_ceph-keyring.sh.tpl +++ b/cinder/templates/bin/_ceph-keyring.sh.tpl @@ -21,11 +21,7 @@ export HOME=/tmp cat < /etc/ceph/ceph.client.${RBD_USER}.keyring [client.${RBD_USER}] -{{- if .Values.conf.ceph.cinder_keyring }} - key = {{ .Values.conf.ceph.cinder_keyring }} -{{- else }} key = $(cat /tmp/client-keyring) -{{- end }} EOF exit 0 diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml index 28a43fcb0b..75be206268 100644 --- a/cinder/templates/configmap-bin.yaml +++ b/cinder/templates/configmap-bin.yaml @@ -47,6 +47,8 @@ data: {{ tuple "bin/_cinder-volume.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} ceph-keyring.sh: |+ {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ceph-admin-keyring.sh: |+ +{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} volume-usage-audit.sh: |+ {{ tuple "bin/_volume-usage-audit.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} backup-storage-init.sh: |+ diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml index d1bdac328c..e9601ec32b 100644 --- a/cinder/templates/job-backup-storage-init.yaml +++ b/cinder/templates/job-backup-storage-init.yaml @@ -72,16 +72,13 @@ spec: securityContext: runAsUser: 0 command: - - /tmp/ceph-keyring.sh - env: - - name: RBD_USER - value: "admin" + - /tmp/ceph-admin-keyring.sh volumeMounts: - name: etcceph mountPath: /etc/ceph - name: cinder-bin - mountPath: /tmp/ceph-keyring.sh - subPath: ceph-keyring.sh + mountPath: /tmp/ceph-admin-keyring.sh + subPath: ceph-admin-keyring.sh readOnly: true - name: ceph-keyring mountPath: /tmp/client-keyring diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml index 3c30b1354f..b5dc7de1ae 100644 --- a/cinder/templates/job-storage-init.yaml +++ b/cinder/templates/job-storage-init.yaml @@ -72,16 +72,13 @@ spec: securityContext: runAsUser: 0 command: - - /tmp/ceph-keyring.sh - env: - - name: RBD_USER - value: "admin" + - /tmp/ceph-admin-keyring.sh volumeMounts: - name: etcceph mountPath: /etc/ceph - name: cinder-bin - mountPath: /tmp/ceph-keyring.sh - subPath: ceph-keyring.sh + mountPath: /tmp/ceph-admin-keyring.sh + subPath: ceph-admin-keyring.sh readOnly: true - name: ceph-keyring mountPath: /tmp/client-keyring diff --git a/cinder/values.yaml b/cinder/values.yaml index 4d0cb7995a..519cd359e8 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -414,7 +414,7 @@ conf: override: append: monitors: [] - cinder_keyring: null + admin_keyring: null cinder: DEFAULT: use_syslog: false