Remove /etc/ceph dependency on puppet services

In tripleo-heat-templates a new 'CephConfigPath' parameter
is introduced with the purpose of customizing the path where the
Ceph config and keyring files are created on the host.
This change makes sure that puppet-tripleo is able to consume
a custom location for the Ceph config and keyring files.

Closes-Bug: #1708302
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Iaabb66cd26f0246defe391a4e34f4eab3c3c5fee

manifests/profile/base/cinder/volume.pp

@@ -106,6 +106,10 @@
 #   (Optional) Name of RBD client
 #   Defaults to hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name')
 #
+# [*cinder_rbd_ceph_conf_path*]
+#   (Optional) The path where the Ceph Cluster config files are stored on the host
+#   Defaults to '/etc/ceph'
+#
 # [*cinder_volume_cluster*]
 #   (Optional) Name of the cluster when running in active-active mode
 #   Defaults to hiera('tripleo::profile::base::cinder::volume::cinder_volume_cluster')
@@ -157,6 +161,7 @@ class tripleo::profile::base::cinder::volume (
   $cinder_enable_vrts_hs_backend               = false,
   $cinder_enable_nvmeof_backend                = false,
   $cinder_user_enabled_backends                = hiera('cinder_user_enabled_backends', undef),
+  $cinder_rbd_ceph_conf_path                   = '/etc/ceph',
   $cinder_rbd_client_name                      = hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name','openstack'),
   $cinder_volume_cluster                       = hiera('tripleo::profile::base::cinder::volume::cinder_volume_cluster', ''),
   $enable_internal_tls                         = hiera('enable_internal_tls', false),
@@ -325,13 +330,13 @@ class tripleo::profile::base::cinder::volume (
 
       exec{ "exec-setfacl-${cinder_rbd_client_name}-cinder":
         path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m u:cinder:r-- /etc/ceph/ceph.client.${cinder_rbd_client_name}.keyring",
-        unless  => "getfacl /etc/ceph/ceph.client.${cinder_rbd_client_name}.keyring | grep -q user:cinder:r--",
+        command => "setfacl -m u:cinder:r-- ${cinder_rbd_ceph_conf_path}/ceph.client.${cinder_rbd_client_name}.keyring",
+        unless  => "getfacl ${cinder_rbd_ceph_conf_path}/ceph.client.${cinder_rbd_client_name}.keyring | grep -q user:cinder:r--",
       }
       -> exec{ "exec-setfacl-${cinder_rbd_client_name}-cinder-mask":
         path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m m::r /etc/ceph/ceph.client.${cinder_rbd_client_name}.keyring",
-        unless  => "getfacl /etc/ceph/ceph.client.${cinder_rbd_client_name}.keyring | grep -q mask::r",
+        command => "setfacl -m m::r ${cinder_rbd_ceph_conf_path}/ceph.client.${cinder_rbd_client_name}.keyring",
+        unless  => "getfacl ${cinder_rbd_ceph_conf_path}/ceph.client.${cinder_rbd_client_name}.keyring | grep -q mask::r",
       }
 
       $cinder_rbd_extra_pools = hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools', undef)

manifests/profile/base/glance/backend/rbd.pp

@@ -25,6 +25,10 @@
 #   (Optional) Hash containing multistore data for configuring multiple backends.
 #   Defaults to {}
 #
+# [*glance_rbd_ceph_conf_path*]
+#   (Optional) The path where the Ceph Cluster config files are stored on the host.
+#   Defaults to '/etc/ceph'
+#
 # [*rbd_store_ceph_conf*]
 #   (Optional) Ceph cluster config file.
 #   Defaults to hiera('glance::backend::rbd::rbd_store_ceph_conf', '/etc/ceph/ceph.conf').
@@ -61,15 +65,16 @@
 #
 class tripleo::profile::base::glance::backend::rbd (
   $backend_names,
-  $multistore_config     = {},
-  $rbd_store_ceph_conf   = hiera('glance::backend::rbd::rbd_store_ceph_conf', '/etc/ceph/ceph.conf'),
-  $rbd_store_user        = hiera('glance::backend::rbd::rbd_store_user', 'openstack'),
-  $rbd_store_pool        = hiera('glance::backend::rbd::rbd_store_pool', 'images'),
-  $rbd_store_chunk_size  = hiera('glance::backend::rbd::rbd_store_chunk_size', undef),
-  $rbd_thin_provisioning = hiera('glance::backend::rbd::rbd_thin_provisioning', undef),
-  $rados_connect_timeout = hiera('glance::backend::rbd::rados_connect_timeout', undef),
-  $store_description     = hiera('tripleo::profile::base::glance::api::glance_store_description', 'RBD store'),
-  $step                  = Integer(hiera('step')),
+  $multistore_config         = {},
+  $glance_rbd_ceph_conf_path = '/etc/ceph',
+  $rbd_store_ceph_conf       = hiera('glance::backend::rbd::rbd_store_ceph_conf', '/etc/ceph/ceph.conf'),
+  $rbd_store_user            = hiera('glance::backend::rbd::rbd_store_user', 'openstack'),
+  $rbd_store_pool            = hiera('glance::backend::rbd::rbd_store_pool', 'images'),
+  $rbd_store_chunk_size      = hiera('glance::backend::rbd::rbd_store_chunk_size', undef),
+  $rbd_thin_provisioning     = hiera('glance::backend::rbd::rbd_thin_provisioning', undef),
+  $rados_connect_timeout     = hiera('glance::backend::rbd::rados_connect_timeout', undef),
+  $store_description         = hiera('tripleo::profile::base::glance::api::glance_store_description', 'RBD store'),
+  $step                      = Integer(hiera('step')),
 ) {
 
   if $step >= 4 {
@@ -81,15 +86,16 @@ class tripleo::profile::base::glance::backend::rbd (
       $store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description)
 
       $ceph_cluster_name = $backend_config['CephClusterName']
+
       if $ceph_cluster_name {
         $ceph_cluster_name_real = $ceph_cluster_name
         $rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf"
       } else {
-        $ceph_cluster_name_real = $rbd_store_ceph_conf.match(/(\/etc\/ceph\/)(\w+)(\.conf$)/)[2]
+        $ceph_cluster_name_real = $rbd_store_ceph_conf.match(/(\w+)(\.conf$)/)[1]
         $rbd_store_ceph_conf_real = $rbd_store_ceph_conf
       }
 
-      $ceph_client_keyring = "/etc/ceph/${ceph_cluster_name_real}.client.${rbd_store_user_real}.keyring"
+      $ceph_client_keyring = "${glance_rbd_ceph_conf_path}/${ceph_cluster_name_real}.client.${rbd_store_user_real}.keyring"
 
       exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance":
         path    => ['/bin', '/usr/bin'],

manifests/profile/base/gnocchi/api.pp

@@ -59,6 +59,10 @@
 #   (Optional) RBD Client username.
 #   Defaults to hiera('gnocchi::storage::ceph::ceph_username')
 #
+# [*gnocchi_rbd_ceph_conf_path*]
+#   (Optional) The path where the Ceph Cluster config files are stored on the host
+#   Defaults to '/etc/ceph'
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
@@ -77,6 +81,7 @@ class tripleo::profile::base::gnocchi::api (
   $gnocchi_redis_password        = hiera('gnocchi_redis_password'),
   $redis_vip                     = hiera('redis_vip'),
   $gnocchi_rbd_client_name       = hiera('gnocchi::storage::ceph::ceph_username','openstack'),
+  $gnocchi_rbd_ceph_conf_path    = '/etc/ceph',
   $step                          = Integer(hiera('step')),
   $incoming_storage_driver       = hiera('incoming_storage_driver', undef),
 ) {
@@ -145,13 +150,13 @@ class tripleo::profile::base::gnocchi::api (
         include gnocchi::storage::ceph
         exec{ "exec-setfacl-${gnocchi_rbd_client_name}-gnocchi":
           path    => ['/bin', '/usr/bin'],
-          command => "setfacl -m u:gnocchi:r-- /etc/ceph/ceph.client.${gnocchi_rbd_client_name}.keyring",
-          unless  => "getfacl /etc/ceph/ceph.client.${gnocchi_rbd_client_name}.keyring | grep -q user:gnocchi:r--",
+          command => "setfacl -m u:gnocchi:r-- ${gnocchi_rbd_ceph_conf_path}/ceph.client.${gnocchi_rbd_client_name}.keyring",
+          unless  => "getfacl ${gnocchi_rbd_ceph_conf_path}/ceph.client.${gnocchi_rbd_client_name}.keyring | grep -q user:gnocchi:r--",
         }
         -> exec{ "exec-setfacl-${gnocchi_rbd_client_name}-gnocchi-mask":
           path    => ['/bin', '/usr/bin'],
-          command => "setfacl -m m::r /etc/ceph/ceph.client.${gnocchi_rbd_client_name}.keyring",
-          unless  => "getfacl /etc/ceph/ceph.client.${gnocchi_rbd_client_name}.keyring | grep -q mask::r",
+          command => "setfacl -m m::r ${gnocchi_rbd_ceph_conf_path}/ceph.client.${gnocchi_rbd_client_name}.keyring",
+          unless  => "getfacl ${gnocchi_rbd_ceph_conf_path}/ceph.client.${gnocchi_rbd_client_name}.keyring | grep -q mask::r",
         }
       }
       's3': { include gnocchi::storage::s3 }

manifests/profile/base/manila/share.pp

@@ -106,6 +106,7 @@ class tripleo::profile::base::manila::share (
       $cephfs_ganesha_server_ip = hiera('manila::backend::cephfs::cephfs_ganesha_server_ip', undef)
       $manila_cephfs_protocol_helper_type = hiera('manila::backend::cephfs::cephfs_protocol_helper_type', false)
       $manila_cephfs_pool_name = hiera('manila::backend::cephfs::pool_name', 'manila_data')
+      $manila_cephfs_ceph_conf_path = hiera('manila_cephfs_ceph_conf_path', '/etc/ceph')
 
       if $cephfs_ganesha_server_ip == undef {
         $cephfs_ganesha_server_ip_real = hiera('ganesha_vip', undef)
@@ -146,15 +147,16 @@ class tripleo::profile::base::manila::share (
         "client.${cephfs_auth_id}/client mount gid": value => 0;
       }
 
+      $keyring_local_path = "${manila_cephfs_ceph_conf_path}/ceph.client.${cephfs_auth_id}.keyring"
       exec{ "exec-setfacl-${cephfs_auth_id}":
         path    => ['/bin', '/usr/bin' ],
-        command => "setfacl -m u:manila:r-- ${keyring_path}",
-        unless  => "getfacl ${keyring_path} | grep -q user:manila:r--",
+        command => "setfacl -m u:manila:r-- ${keyring_local_path}",
+        unless  => "getfacl ${keyring_local_path} | grep -q user:manila:r--",
       }
       -> exec{ "exec-setfacl-${cephfs_auth_id}-mask":
         path    => ['/bin', '/usr/bin' ],
-        command => "setfacl -m m::r ${keyring_path}",
-        unless  => "getfacl ${keyring_path} | grep -q mask::r",
+        command => "setfacl -m m::r ${keyring_local_path}",
+        unless  => "getfacl ${keyring_local_path} | grep -q mask::r",
       }
     }
 

manifests/profile/base/nova/compute_libvirt_shared.pp

@@ -22,14 +22,19 @@
 #   (optional) name of RBD client
 #   defaults to hiera('nova::compute::rbd::libvirt_rbd_user')
 #
+# [*nova_rbd_ceph_conf_path*]
+#   (Optional) The path where the Ceph Cluster config files are stored on the host
+#   defaults to '/etc/ceph'
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
 #   Defaults to hiera('step')
 #
 class tripleo::profile::base::nova::compute_libvirt_shared (
-  $nova_rbd_client_name = hiera('nova::compute::rbd::libvirt_rbd_user','openstack'),
-  $step                 = Integer(hiera('step')),
+  $nova_rbd_client_name    = hiera('nova::compute::rbd::libvirt_rbd_user','openstack'),
+  $nova_rbd_ceph_conf_path = '/etc/ceph',
+  $step                    = Integer(hiera('step')),
 ) {
   if $step >= 4 {
     # Ceph + Libvirt
@@ -39,13 +44,13 @@ class tripleo::profile::base::nova::compute_libvirt_shared (
       include nova::compute::rbd
       exec{ "exec-setfacl-${nova_rbd_client_name}-nova":
         path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m u:nova:r-- /etc/ceph/ceph.client.${nova_rbd_client_name}.keyring",
-        unless  => "getfacl /etc/ceph/ceph.client.${nova_rbd_client_name}.keyring | grep -q user:nova:r--",
+        command => "setfacl -m u:nova:r-- ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring",
+        unless  => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q user:nova:r--",
       }
       -> exec{ "exec-setfacl-${nova_rbd_client_name}-nova-mask":
         path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m m::r /etc/ceph/ceph.client.${nova_rbd_client_name}.keyring",
-        unless  => "getfacl /etc/ceph/ceph.client.${nova_rbd_client_name}.keyring | grep -q mask::r",
+        command => "setfacl -m m::r ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring",
+        unless  => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q mask::r",
       }
     }
 

manifests/profile/pacemaker/cinder/backup_bundle.pp

@@ -65,12 +65,17 @@
 #   (optional) Set the --user= switch to be passed to pcmk
 #   Defaults to 'root'
 #
+# [*ceph_conf_path*]
+#   (optional) The path where the Ceph Cluster config files are stored on the host
+#   Defaults to '/etc/ceph'
+#
 class tripleo::profile::pacemaker::cinder::backup_bundle (
   $bootstrap_node             = hiera('cinder_backup_short_bootstrap_node_name'),
   $cinder_backup_docker_image = undef,
   $docker_volumes             = [],
   $docker_environment         = {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'},
   $container_backend          = 'docker',
+  $ceph_conf_path             = '/etc/ceph',
   $log_driver                 = undef,
   $log_file                   = '/var/log/containers/stdouts/openstack-cinder-backup.log',
   $tls_priorities             = hiera('tripleo::pacemaker::tls_priorities', undef),
@@ -206,7 +211,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
             'options'    => 'rw',
           },
           'cinder-backup-ceph-cfg-dir'            => {
-            'source-dir' => '/etc/ceph',
+            'source-dir' => $ceph_conf_path,
             'target-dir' => '/var/lib/kolla/config_files/src-ceph',
             'options'    => 'ro',
           },

manifests/profile/pacemaker/cinder/volume_bundle.pp

@@ -47,6 +47,10 @@
 #   (optional) Container backend to use when creating the bundle
 #   Defaults to 'docker'
 #
+# [*ceph_conf_path*]
+#   (optional) The path where the Ceph Cluster config files are stored on the host
+#   Defaults to '/etc/ceph'
+#
 # [*log_driver*]
 #   (optional) Container log driver to use. When set to undef it uses 'k8s-file'
 #   when container_cli is set to podman and 'journald' when it is set to docker.
@@ -73,6 +77,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
   $pcs_tries                  = hiera('pcs_tries', 20),
   $step                       = Integer(hiera('step')),
   $container_backend          = 'docker',
+  $ceph_conf_path             = '/etc/ceph',
   $log_driver                 = undef,
   $log_file                   = '/var/log/containers/stdouts/openstack-cinder-volume.log',
   $tls_priorities             = hiera('tripleo::pacemaker::tls_priorities', undef),
@@ -207,7 +212,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
             'options'    => 'rw',
           },
           'cinder-volume-ceph-cfg-dir'            => {
-            'source-dir' => '/etc/ceph',
+            'source-dir' => $ceph_conf_path,
             'target-dir' => '/var/lib/kolla/config_files/src-ceph/',
             'options'    => 'ro',
           },

manifests/profile/pacemaker/manila/share_bundle.pp

@@ -51,6 +51,10 @@
 #   (optional) Container backend to use when creating the bundle
 #   Defaults to 'docker'
 #
+# [*ceph_conf_path*]
+#   (optional) The path where the Ceph Cluster config files are stored on the host
+#   Defaults to '/etc/ceph'
+#
 # [*log_driver*]
 #   (optional) Container log driver to use. When set to undef it uses 'k8s-file'
 #   when container_cli is set to podman and 'journald' when it is set to docker.
@@ -76,6 +80,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
   $docker_environment         = {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'},
   $ceph_nfs_enabled           = hiera('ceph_nfs_enabled', false),
   $container_backend          = 'docker',
+  $ceph_conf_path             = '/etc/ceph',
   $tls_priorities             = hiera('tripleo::pacemaker::tls_priorities', undef),
   $bundle_user                = 'root',
   $log_driver                 = undef,
@@ -208,7 +213,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
             'options'    => 'rw',
           },
           'manila-share-ceph-cfg-dir'            => {
-            'source-dir' => '/etc/ceph',
+            'source-dir' => $ceph_conf_path,
             'target-dir' => '/etc/ceph',
             'options'    => 'ro',
           },