Add nova::compute::libvirt::secret_ceph resource
This adds the nova::compute::libvirt::secret_ceph resource definition that can be used to define libvirt secrets of ceph type. Before this patch one could only handle one libvirt secret by configuring the parameters in the nova::compute::rbd class and with this one can configure multiple. This adds a new manage_libvirt_secret parameter defaulting to true in the nova::compute::rbd class so that one can disable the creation of the libvirt secret from that class. Change-Id: Ief031f5dd4b0648d5629789cb7d6d2f6f946fbf8
This commit is contained in:
parent
ddde8befa8
commit
a7498d6dbc
85
manifests/compute/libvirt/secret_ceph.pp
Normal file
85
manifests/compute/libvirt/secret_ceph.pp
Normal file
@ -0,0 +1,85 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Define: nova::compute::libvirt::secret_ceph
|
||||
#
|
||||
# Configure a libvirt secret with ceph type.
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*uuid*]
|
||||
# (Required) The UUID of the libvirt secret.
|
||||
#
|
||||
# [*value*]
|
||||
# (Required) The value to store in the secret.
|
||||
#
|
||||
# [*secret_name*]
|
||||
# (Optional) The name of the libvirt secret.
|
||||
# Defaults to $name
|
||||
#
|
||||
# [*secret_path*]
|
||||
# (Optional) Directory to store files related to secrets.
|
||||
# Defaults to /etc/nova
|
||||
#
|
||||
define nova::compute::libvirt::secret_ceph(
|
||||
String $uuid,
|
||||
String $value,
|
||||
String[1] $secret_name = $name,
|
||||
Stdlib::Absolutepath $secret_path = '/etc/nova',
|
||||
) {
|
||||
|
||||
$xml_file = "${secret_path}/libvirt-secret-${uuid}.xml"
|
||||
file { $xml_file:
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => epp('nova/libvirt-secret-ceph.xml.epp', {
|
||||
'secret_name' => $secret_name,
|
||||
'uuid' => $uuid,
|
||||
}),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
||||
$secret_file = "${secret_path}/libvirt-secret-${uuid}.secret"
|
||||
file { $secret_file:
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $value,
|
||||
show_diff => false,
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
||||
exec { "get-or-set virsh secret ${uuid}":
|
||||
command => [
|
||||
'/usr/bin/virsh', 'secret-define', '--file', $xml_file,
|
||||
],
|
||||
unless => "/usr/bin/virsh secret-list | grep -i ${uuid}",
|
||||
require => File[$xml_file],
|
||||
}
|
||||
Service<| tag == 'libvirt-service' |> -> Exec["get-or-set virsh secret ${uuid}"]
|
||||
|
||||
exec { "set-secret-value virsh secret ${uuid}":
|
||||
command => [
|
||||
'/usr/bin/virsh', 'secret-set-value', '--secret', $uuid,
|
||||
'--file', $secret_file,
|
||||
],
|
||||
unless => "/usr/bin/virsh secret-get-value ${uuid} | grep -f ${secret_file}",
|
||||
logoutput => false,
|
||||
require => [
|
||||
File[$secret_file],
|
||||
Exec["get-or-set virsh secret ${uuid}"],
|
||||
],
|
||||
}
|
||||
}
|
@ -84,6 +84,10 @@
|
||||
# only in Ubuntu/Debian.
|
||||
# Defaults to 'present'
|
||||
#
|
||||
# [*manage_libvirt_secret*]
|
||||
# (optional) Manage the libvirt secret
|
||||
# Defaults to true
|
||||
#
|
||||
class nova::compute::rbd (
|
||||
$libvirt_rbd_user,
|
||||
$libvirt_rbd_secret_uuid = false,
|
||||
@ -98,6 +102,7 @@ class nova::compute::rbd (
|
||||
Boolean $manage_ceph_client = true,
|
||||
$ceph_client_ensure = 'present',
|
||||
$package_ensure = 'present',
|
||||
Boolean $manage_libvirt_secret = true,
|
||||
) {
|
||||
|
||||
include nova::deps
|
||||
@ -128,33 +133,38 @@ class nova::compute::rbd (
|
||||
'libvirt/rbd_secret_uuid': value => $libvirt_rbd_secret_uuid;
|
||||
}
|
||||
|
||||
file { '/etc/nova/secret.xml':
|
||||
content => template('nova/secret.xml-compute.erb'),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
if $manage_libvirt_secret {
|
||||
file { '/etc/nova/secret.xml':
|
||||
content => epp('nova/libvirt-secret-ceph.xml.epp', {
|
||||
'secret_name' => "${rbd_keyring} secret",
|
||||
'uuid' => $libvirt_rbd_secret_uuid,
|
||||
}),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
||||
#Variable name shrunk in favor of removing
|
||||
#the more than 140 chars puppet-lint warning.
|
||||
#variable used in the get-or-set virsh secret
|
||||
#resource.
|
||||
$cm = '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret'
|
||||
exec { 'get-or-set virsh secret':
|
||||
command => $cm,
|
||||
unless => "/usr/bin/virsh secret-list | grep -i ${libvirt_rbd_secret_uuid}",
|
||||
require => File['/etc/nova/secret.xml'],
|
||||
}
|
||||
Service<| tag == 'libvirt-service' |> -> Exec['get-or-set virsh secret']
|
||||
#Variable name shrunk in favor of removing
|
||||
#the more than 140 chars puppet-lint warning.
|
||||
#variable used in the get-or-set virsh secret
|
||||
#resource.
|
||||
$cm = '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret'
|
||||
exec { 'get-or-set virsh secret':
|
||||
command => $cm,
|
||||
unless => "/usr/bin/virsh secret-list | grep -i ${libvirt_rbd_secret_uuid}",
|
||||
require => File['/etc/nova/secret.xml'],
|
||||
}
|
||||
Service<| tag == 'libvirt-service' |> -> Exec['get-or-set virsh secret']
|
||||
|
||||
if $libvirt_rbd_secret_key {
|
||||
$libvirt_key = $libvirt_rbd_secret_key
|
||||
} else {
|
||||
$libvirt_key = "$(ceph auth get-key ${rbd_keyring})"
|
||||
}
|
||||
exec { 'set-secret-value virsh':
|
||||
command => "/usr/bin/virsh secret-set-value --secret ${libvirt_rbd_secret_uuid} --base64 ${libvirt_key}",
|
||||
unless => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid} | grep ${libvirt_key}",
|
||||
logoutput => false,
|
||||
require => Exec['get-or-set virsh secret'],
|
||||
if $libvirt_rbd_secret_key {
|
||||
$libvirt_key = $libvirt_rbd_secret_key
|
||||
} else {
|
||||
$libvirt_key = "$(ceph auth get-key ${rbd_keyring})"
|
||||
}
|
||||
exec { 'set-secret-value virsh':
|
||||
command => "/usr/bin/virsh secret-set-value --secret ${libvirt_rbd_secret_uuid} --base64 ${libvirt_key}",
|
||||
unless => "/usr/bin/virsh secret-get-value ${libvirt_rbd_secret_uuid} | grep ${libvirt_key}",
|
||||
logoutput => false,
|
||||
require => Exec['get-or-set virsh secret'],
|
||||
}
|
||||
}
|
||||
} else {
|
||||
nova_config {
|
||||
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added new ``nova::compute::libvirt::secret_ceph`` resource definition that
|
||||
can be used to create a libvirt secret of type ceph.
|
||||
- |
|
||||
Added new ``manage_libvirt_secret`` parameter defaulting to true in the
|
||||
``nova::compute::rbd`` class.
|
91
spec/defines/nova_compute_libvirt_secret_ceph_spec.rb
Normal file
91
spec/defines/nova_compute_libvirt_secret_ceph_spec.rb
Normal file
@ -0,0 +1,91 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'nova::compute::libvirt::secret_ceph' do
|
||||
shared_examples 'nova::compute::libvirt::secret_ceph' do
|
||||
describe 'with required parameters' do
|
||||
let :pre_condition do
|
||||
"include nova"
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c',
|
||||
:value => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==',
|
||||
:secret_name => 'client.openstack',
|
||||
:secret_path => '/tmp',
|
||||
}
|
||||
end
|
||||
|
||||
let :title do
|
||||
'random'
|
||||
end
|
||||
|
||||
it { is_expected.to contain_file('/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml').with(
|
||||
:ensure => 'present',
|
||||
:owner => 'root',
|
||||
:group => 'root',
|
||||
:mode => '0600',
|
||||
:require => 'Anchor[nova::config::begin]',
|
||||
)}
|
||||
|
||||
it {
|
||||
verify_contents(catalogue, '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml', [
|
||||
"<secret ephemeral=\'no\' private=\'no\'>",
|
||||
" <usage type=\'ceph\'>",
|
||||
" <name>client.openstack</name>",
|
||||
" </usage>",
|
||||
" <uuid>4f515eff-47e4-425c-b24d-9c6adc56401c</uuid>",
|
||||
"</secret>"
|
||||
])
|
||||
}
|
||||
|
||||
it { is_expected.to contain_file('/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret').with(
|
||||
:ensure => 'present',
|
||||
:owner => 'root',
|
||||
:group => 'root',
|
||||
:mode => '0600',
|
||||
:show_diff => false,
|
||||
:require => 'Anchor[nova::config::begin]',
|
||||
)}
|
||||
|
||||
it {
|
||||
verify_contents(catalogue, '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret', [
|
||||
"AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==",
|
||||
])
|
||||
}
|
||||
|
||||
it { is_expected.to contain_exec('get-or-set virsh secret 4f515eff-47e4-425c-b24d-9c6adc56401c').with(
|
||||
:command => [
|
||||
'/usr/bin/virsh', 'secret-define', '--file', '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml',
|
||||
],
|
||||
:unless => "/usr/bin/virsh secret-list | grep -i 4f515eff-47e4-425c-b24d-9c6adc56401c",
|
||||
:require => 'File[/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.xml]',
|
||||
)}
|
||||
|
||||
it { is_expected.to contain_exec('set-secret-value virsh secret 4f515eff-47e4-425c-b24d-9c6adc56401c').with(
|
||||
:command => [
|
||||
'/usr/bin/virsh', 'secret-set-value', '--secret', '4f515eff-47e4-425c-b24d-9c6adc56401c',
|
||||
'--file', '/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret',
|
||||
],
|
||||
:unless => "/usr/bin/virsh secret-get-value 4f515eff-47e4-425c-b24d-9c6adc56401c | grep -f /tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret",
|
||||
:logoutput => false,
|
||||
:require => [
|
||||
'File[/tmp/libvirt-secret-4f515eff-47e4-425c-b24d-9c6adc56401c.secret]',
|
||||
'Exec[get-or-set virsh secret 4f515eff-47e4-425c-b24d-9c6adc56401c]',
|
||||
],
|
||||
)}
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'nova::compute::libvirt::secret_ceph'
|
||||
end
|
||||
end
|
||||
end
|
6
templates/libvirt-secret-ceph.xml.epp
Normal file
6
templates/libvirt-secret-ceph.xml.epp
Normal file
@ -0,0 +1,6 @@
|
||||
<secret ephemeral='no' private='no'>
|
||||
<usage type='ceph'>
|
||||
<name><%= $secret_name -%></name>
|
||||
</usage>
|
||||
<uuid><%= $uuid -%></uuid>
|
||||
</secret>
|
@ -1,6 +0,0 @@
|
||||
<secret ephemeral='no' private='no'>
|
||||
<usage type='ceph'>
|
||||
<name><%= @rbd_keyring %> secret</name>
|
||||
</usage>
|
||||
<uuid><%= @libvirt_rbd_secret_uuid %></uuid>
|
||||
</secret>
|
Loading…
Reference in New Issue
Block a user