Merge "Add nova::compute::libvirt::secret_ceph resource"
This commit is contained in:
commit
96acc50a11
|
@ -0,0 +1,85 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Define: nova::compute::libvirt::secret_ceph
|
||||
#
|
||||
# Configure a libvirt secret with ceph type.
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*uuid*]
|
||||
# (Required) The UUID of the libvirt secret.
|
||||
#
|
||||
# [*value*]
|
||||
# (Required) The value to store in the secret.
|
||||
#
|
||||
# [*secret_name*]
|
||||
# (Optional) The name of the libvirt secret.
|
||||
# Defaults to $name
|
||||
#
|
||||
# [*secret_path*]
|
||||
# (Optional) Directory to store files related to secrets.
|
||||
# Defaults to /etc/nova
|
||||
#
|
||||
define nova::compute::libvirt::secret_ceph(
|
||||
String $uuid,
|
||||
String $value,
|
||||
String[1] $secret_name = $name,
|
||||
Stdlib::Absolutepath $secret_path = '/etc/nova',
|
||||
) {
|
||||
|
||||
$xml_file = "${secret_path}/libvirt-secret-${uuid}.xml"
|
||||
file { $xml_file:
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => epp('nova/libvirt-secret-ceph.xml.epp', {
|
||||
'secret_name' => $secret_name,
|
||||
'uuid' => $uuid,
|
||||
}),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
||||
$secret_file = "${secret_path}/libvirt-secret-${uuid}.secret"
|
||||
file { $secret_file:
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $value,
|
||||
show_diff => false,
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
||||
exec { "get-or-set virsh secret ${uuid}":
|
||||
command => [
|
||||
'/usr/bin/virsh', 'secret-define', '--file', $xml_file,
|
||||
],
|
||||
unless => "/usr/bin/virsh secret-list | grep -i ${uuid}",
|
||||
require => File[$xml_file],
|
||||
}
|
||||
Service<| tag == 'libvirt-service' |> -> Exec["get-or-set virsh secret ${uuid}"]
|
||||
|
||||
exec { "set-secret-value virsh secret ${uuid}":
|
||||
command => [
|
||||
'/usr/bin/virsh', 'secret-set-value', '--secret', $uuid,
|
||||
'--file', $secret_file,
|
||||
],
|
||||
unless => "/usr/bin/virsh secret-get-value ${uuid} | grep -f ${secret_file}",
|
||||
logoutput => false,
|
||||
require => [
|
||||
File[$secret_file],
|
||||
Exec["get-or-set virsh secret ${uuid}"],
|
||||
],
|
||||
}
|
||||
}
|
|
@ -84,6 +84,10 @@
|
|||
# only in Ubuntu/Debian.
|
||||
# Defaults to 'present'
|
||||
#
|
||||
# [*manage_libvirt_secret*]
|
||||
# (optional) Manage the libvirt secret
|
||||
# Defaults to true
|
||||
#
|
||||
class nova::compute::rbd (
|
||||
$libvirt_rbd_user,
|
||||
$libvirt_rbd_secret_uuid = false,
|
||||
|
@ -98,6 +102,7 @@ class nova::compute::rbd (
|
|||
Boolean $manage_ceph_client = true,
|
||||
$ceph_client_ensure = 'present',
|
||||
$package_ensure = 'present',
|
||||
Boolean $manage_libvirt_secret = true,
|
||||
) {
|
||||
|
||||
include nova::deps
|
||||
|
@ -128,33 +133,38 @@ class nova::compute::rbd (
|
|||
'libvirt/rbd_secret_uuid': value => $libvirt_rbd_secret_uuid;
|
||||
}
|
||||
|
||||
file { '/etc/nova/secret.xml':
|
||||
content => template('nova/secret.xml-compute.erb'),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
if $manage_libvirt_secret {
|
||||
file { '/etc/nova/secret.xml':
|
||||
content => epp('nova/libvirt-secret-ceph.xml.epp', {
|
||||
'secret_name' => "${rbd_keyring} secret",
|
||||
'uuid' => $libvirt_rbd_secret_uuid,
|
||||
}),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
||||
#Variable name shrunk in favor of removing
|
||||
#the more than 140 chars puppet-lint warning.
|
||||
#variable used in the get-or-set virsh secret
|
||||
#resource.
|
||||
$cm = '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret'
|
||||
exec { 'get-or-set virsh secret':
|
||||
command => $cm,
|
||||
unless => "/usr/bin/virsh secret-list | grep -i ${libvirt_rbd_secret_uuid}",
|
||||
require => File['/etc/nova/secret.xml'],
|
||||
}
|
||||
Service<| tag == 'libvirt-service' |> -> Exec['get-or-set virsh secret']
|
||||
#Variable name shrunk in favor of removing
|
||||
#the more than 140 chars puppet-lint warning.
|
||||
#variable used in the get-or-set virsh secret
|
||||
#resource.
|
||||
$cm = '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret'
|
||||
exec { 'get-or-set virsh secret':
|
||||
command => $cm,
|
||||
unless => "/usr/bin/virsh secret-list | grep -i ${libvirt_rbd_secret_uuid}",
|
||||
require => File['/etc/nova/secret.xml'],
|
||||
}
|
||||
Service<| tag == 'libvirt-service' |> -> Exec['get-or-set virsh secret']
|
||||
|
||||
if $libvirt_rbd_secret_key {
|
||||
$libvirt_key = $libvirt_rbd_secret_key
|
||||
} else {
|
||||
$libvirt_key = "$(ceph auth get-key ${rbd_keyring})"
|
||||
}
|
||||
exec { 'set-secret-value virsh':
|
||||
command => "/usr/bin/virsh secret-set-value --secret ${libvirt_rbd_secret_uuid} --base64 ${libvirt_key}",
|
||||
unless => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid} | grep ${libvirt_key}",
|
||||
logoutput => false,
|
||||
require => Exec['get-or-set virsh secret'],
|
||||
if $libvirt_rbd_secret_key {
|
||||
$libvirt_key = $libvirt_rbd_secret_key
|
||||
} else {
|
||||
$libvirt_key = "$(ceph auth get-key ${rbd_keyring})"
|
||||
}
|
||||
exec { 'set-secret-value virsh':
|
||||
command => "/usr/bin/virsh secret-set-value --secret ${libvirt_rbd_secret_uuid} --base64 ${libvirt_key}",
|
||||
unless => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid} | grep ${libvirt_key}",
|
||||
logoutput => false,
|
||||
require => Exec['get-or-set virsh secret'],
|
||||
}
|
||||
}
|
||||
} else {
|
||||
nova_config {
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added new ``nova::compute::libvirt::secret_ceph`` resource definition that
|
||||
can be used to create a libvirt secret of type ceph.
|
||||
- |
|
||||
Added new ``manage_libvirt_secret`` parameter defaulting to true in the
|
||||
``nova::compute::rbd`` class.
|
|
@ -0,0 +1,91 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'nova::compute::libvirt::secret_ceph' do
|
||||
shared_examples 'nova::compute::libvirt::secret_ceph' do
|
||||
describe 'with required parameters' do
|
||||
let :pre_condition do
|
||||
"include nova"
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c',
|
||||
:value => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==',
|
||||
:secret_name => 'client.openstack',
|
||||
:secret_path => '/tmp',
|
||||
}
|
||||
end
|
||||
|
||||
let :title do
|
||||
'random'
|
||||
end
|
||||
|
||||
it { is_expected.to contain_file('/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml').with(
|
||||
:ensure => 'present',
|
||||
:owner => 'root',
|
||||
:group => 'root',
|
||||
:mode => '0600',
|
||||
:require => 'Anchor[nova::config::begin]',
|
||||
)}
|
||||
|
||||
it {
|
||||
verify_contents(catalogue, '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml', [
|
||||
"<secret ephemeral=\'no\' private=\'no\'>",
|
||||
" <usage type=\'ceph\'>",
|
||||
" <name>client.openstack</name>",
|
||||
" </usage>",
|
||||
" <uuid>4f515eff-47e4-425c-b24d-9c6adc56401c</uuid>",
|
||||
"</secret>"
|
||||
])
|
||||
}
|
||||
|
||||
it { is_expected.to contain_file('/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret').with(
|
||||
:ensure => 'present',
|
||||
:owner => 'root',
|
||||
:group => 'root',
|
||||
:mode => '0600',
|
||||
:show_diff => false,
|
||||
:require => 'Anchor[nova::config::begin]',
|
||||
)}
|
||||
|
||||
it {
|
||||
verify_contents(catalogue, '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret', [
|
||||
"AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==",
|
||||
])
|
||||
}
|
||||
|
||||
it { is_expected.to contain_exec('get-or-set virsh secret 4f515eff-47e4-425c-b24d-9c6adc56401c').with(
|
||||
:command => [
|
||||
'/usr/bin/virsh', 'secret-define', '--file', '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml',
|
||||
],
|
||||
:unless => "/usr/bin/virsh secret-list | grep -i 4f515eff-47e4-425c-b24d-9c6adc56401c",
|
||||
:require => 'File[/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml]',
|
||||
)}
|
||||
|
||||
it { is_expected.to contain_exec('set-secret-value virsh secret 4f515eff-47e4-425c-b24d-9c6adc56401c').with(
|
||||
:command => [
|
||||
'/usr/bin/virsh', 'secret-set-value', '--secret', '4f515eff-47e4-425c-b24d-9c6adc56401c',
|
||||
'--file', '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret',
|
||||
],
|
||||
:unless => "/usr/bin/virsh secret-get-value 4f515eff-47e4-425c-b24d-9c6adc56401c | grep -f /tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret",
|
||||
:logoutput => false,
|
||||
:require => [
|
||||
'File[/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret]',
|
||||
'Exec[get-or-set virsh secret 4f515eff-47e4-425c-b24d-9c6adc56401c]',
|
||||
],
|
||||
)}
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'nova::compute::libvirt::secret_ceph'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,6 @@
|
|||
<secret ephemeral='no' private='no'>
|
||||
<usage type='ceph'>
|
||||
<name><%= $secret_name -%></name>
|
||||
</usage>
|
||||
<uuid><%= $uuid -%></uuid>
|
||||
</secret>
|
|
@ -1,6 +0,0 @@
|
|||
<secret ephemeral='no' private='no'>
|
||||
<usage type='ceph'>
|
||||
<name><%= @rbd_keyring %> secret</name>
|
||||
</usage>
|
||||
<uuid><%= @libvirt_rbd_secret_uuid %></uuid>
|
||||
</secret>
|
Loading…
Reference in New Issue