Ensure the CephX Manila keyring permissions are only set when needed

Do not try to set the ACLs on the Manila CephX keyring if the CephFS backend is not enabled; in that case the keyring does not exist. Change-Id: I2f0018c66bd071f9e2e0dfafb0339a5b891ed71a Closes-Bug: 1770444 (cherry picked from commit ce734ea1e2)
2018-05-10 18:34:32 +02:00 · 2018-05-10 18:34:32 +02:00 · 1052ff5dfe
parent 6938b5d1f2
commit 1052ff5dfe
1 changed files with 8 additions and 1 deletions
--- a/manifests/profile/base/manila/share.pp
+++ b/manifests/profile/base/manila/share.pp
@ -23,14 +23,20 @@
 #   for more details.
 #   Defaults to hiera('step')
 #
+# [*backend_cephfs_enabled*]
+#   (Optional) Whether or not the cephfs backend is enabled
+#   Defaults to hiera('manila_backend_cephfs_enabled', false)
+#
 class tripleo::profile::base::manila::share (
-  $step = hiera('step'),
+  $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false),
+  $step                   = hiera('step'),
 ) {
  include ::tripleo::profile::base::manila

  if $step >= 4 {
    include ::manila::share

+    if $backend_cephfs_enabled {
      $cephfs_auth_id = hiera('manila::backend::cephfsnative::cephfs_auth_id')
      $keyring_path = "/etc/ceph/ceph.client.${cephfs_auth_id}.keyring"
      ceph_config {
@ -45,5 +51,6 @@ class tripleo::profile::base::manila::share (
        unless  => "getfacl ${keyring_path} | grep -q user:manila:r--",
      }
      Ceph::Key<| title == "client.${cephfs_auth_id}" |> -> Exec["exec-setfacl-${cephfs_auth_id}-manila"]
+    }
  }
 }