Update virsh secret if rbd_keyring or libvirt_rbd_secret_uuid change

This change allows puppet to regenerate the virsh secret or update its key if one of rbd_keyring or libvirt_rbd_secret_uuid change. Closes-Bug: 1583998 Related-Bug: 1606918 Change-Id: I66d343c7c6a4ef0e7ceabe099af00a170f845b2f Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
2016-08-01 16:52:37 +02:00
parent 339756580b
commit a2794ea407
2 changed files with 4 additions and 4 deletions
--- a/manifests/compute/rbd.pp
+++ b/manifests/compute/rbd.pp
@@ -102,7 +102,7 @@ class nova::compute::rbd (

    exec { 'get-or-set virsh secret':
      command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
-      creates => '/etc/nova/virsh.secret',
+      unless  => "/usr/bin/virsh secret-list | grep ${libvirt_rbd_secret_uuid}",
      require => [File['/etc/nova/secret.xml'], Service['libvirt']],
    }

@@ -113,7 +113,7 @@ class nova::compute::rbd (
    }
    exec { 'set-secret-value virsh':
      command => "/usr/bin/virsh secret-set-value --secret ${libvirt_rbd_secret_uuid} --base64 ${libvirt_key}",
-      unless  => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid}",
+      unless  => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid} | grep ${libvirt_key}",
      require => Exec['get-or-set virsh secret'],
      before  => Anchor['nova::config::end'],
    }
--- a/spec/classes/nova_compute_rbd_spec.rb
+++ b/spec/classes/nova_compute_rbd_spec.rb
@@ -89,7 +89,7 @@ describe 'nova::compute::rbd' do
        ])
        is_expected.to contain_exec('get-or-set virsh secret').with(
          :command =>  '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
-          :creates => '/etc/nova/virsh.secret',
+          :unless  => '/usr/bin/virsh secret-list | grep UUID',
          :require => ['File[/etc/nova/secret.xml]', 'Service[libvirt]'],
        )
        is_expected.to contain_exec('set-secret-value virsh').with(
@@ -140,7 +140,7 @@ describe 'nova::compute::rbd' do
        ])
        is_expected.to contain_exec('get-or-set virsh secret').with(
          :command =>  '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
-          :creates => '/etc/nova/virsh.secret',
+          :unless  => '/usr/bin/virsh secret-list | grep UUID',
          :require => ['File[/etc/nova/secret.xml]', 'Service[libvirt]'],
        )
        is_expected.to contain_exec('set-secret-value virsh').with(