Remove file ACL settings for ceph keyring
... because these resources are no longer used since all services were
containerized.
We already removed the same logic for Gnocchi only by [1].
[1] 6aa4681137
Change-Id: I2a32a067e3586e14c461948bd677b75365272cff
This commit is contained in:
parent
80f739f54f
commit
9765e20fb1
@ -25,10 +25,6 @@
|
||||
# (Optional) Hash containing multistore data for configuring multiple backends.
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*glance_rbd_ceph_conf_path*]
|
||||
# (Optional) The path where the Ceph Cluster config files are stored on the host.
|
||||
# Defaults to '/etc/ceph'
|
||||
#
|
||||
# [*rbd_store_ceph_conf*]
|
||||
# (Optional) Ceph cluster config file.
|
||||
# Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf').
|
||||
@ -65,16 +61,15 @@
|
||||
#
|
||||
class tripleo::profile::base::glance::backend::rbd (
|
||||
$backend_names,
|
||||
$multistore_config = {},
|
||||
$glance_rbd_ceph_conf_path = '/etc/ceph',
|
||||
$rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
|
||||
$rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
|
||||
$rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
|
||||
$rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
|
||||
$rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
|
||||
$rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
|
||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
|
||||
$step = Integer(lookup('step')),
|
||||
$multistore_config = {},
|
||||
$rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
|
||||
$rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
|
||||
$rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
|
||||
$rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
|
||||
$rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
|
||||
$rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
|
||||
$store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
|
||||
$step = Integer(lookup('step')),
|
||||
) {
|
||||
|
||||
if $step >= 4 {
|
||||
@ -88,26 +83,11 @@ class tripleo::profile::base::glance::backend::rbd (
|
||||
$ceph_cluster_name = $backend_config['CephClusterName']
|
||||
|
||||
if $ceph_cluster_name {
|
||||
$ceph_cluster_name_real = $ceph_cluster_name
|
||||
$rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf"
|
||||
} else {
|
||||
$ceph_cluster_name_real = $rbd_store_ceph_conf.match(/(\w+)(\.conf$)/)[1]
|
||||
$rbd_store_ceph_conf_real = $rbd_store_ceph_conf
|
||||
}
|
||||
|
||||
$ceph_client_keyring = "${glance_rbd_ceph_conf_path}/${ceph_cluster_name_real}.client.${rbd_store_user_real}.keyring"
|
||||
|
||||
exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance":
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "setfacl -m u:glance:r-- ${ceph_client_keyring}",
|
||||
unless => "getfacl ${ceph_client_keyring} | grep -q user:glance:r--",
|
||||
}
|
||||
-> exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance-mask":
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "setfacl -m m::r ${ceph_client_keyring}",
|
||||
unless => "getfacl ${ceph_client_keyring} | grep -q mask::r",
|
||||
}
|
||||
|
||||
create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({
|
||||
'rbd_store_ceph_conf' => $rbd_store_ceph_conf_real,
|
||||
'rbd_store_user' => $rbd_store_user_real,
|
||||
|
@ -117,7 +117,6 @@ class tripleo::profile::base::manila::share (
|
||||
$cephfs_ganesha_server_ip = lookup('manila::backend::cephfs::cephfs_ganesha_server_ip', undef, undef, undef)
|
||||
$manila_cephfs_protocol_helper_type = lookup('manila::backend::cephfs::cephfs_protocol_helper_type', undef, undef, false)
|
||||
$manila_cephfs_pool_name = lookup('manila::backend::cephfs::pool_name', undef, undef, 'manila_data')
|
||||
$manila_cephfs_ceph_conf_path = lookup('manila_cephfs_ceph_conf_path', undef, undef, '/etc/ceph')
|
||||
|
||||
if $cephfs_ganesha_server_ip == undef {
|
||||
$cephfs_ganesha_server_ip_real = lookup('ganesha_vip', undef, undef, undef)
|
||||
@ -150,18 +149,6 @@ class tripleo::profile::base::manila::share (
|
||||
ganesha_rados_store_pool_name => $manila_cephfs_pool_name,
|
||||
}
|
||||
}
|
||||
|
||||
$keyring_local_path = "${manila_cephfs_ceph_conf_path}/ceph.client.${cephfs_auth_id}.keyring"
|
||||
exec{ "exec-setfacl-${cephfs_auth_id}":
|
||||
path => ['/bin', '/usr/bin' ],
|
||||
command => "setfacl -m u:manila:r-- ${keyring_local_path}",
|
||||
unless => "getfacl ${keyring_local_path} | grep -q user:manila:r--",
|
||||
}
|
||||
-> exec{ "exec-setfacl-${cephfs_auth_id}-mask":
|
||||
path => ['/bin', '/usr/bin' ],
|
||||
command => "setfacl -m m::r ${keyring_local_path}",
|
||||
unless => "getfacl ${keyring_local_path} | grep -q mask::r",
|
||||
}
|
||||
}
|
||||
|
||||
# manila netapp:
|
||||
|
@ -18,41 +18,33 @@
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*nova_rbd_client_name*]
|
||||
# (optional) name of RBD client
|
||||
# defaults to hiera('nova::compute::rbd::libvirt_rbd_user')
|
||||
#
|
||||
# [*nova_rbd_ceph_conf_path*]
|
||||
# (Optional) The path where the Ceph Cluster config files are stored on the host
|
||||
# defaults to '/etc/ceph'
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to hiera('step')
|
||||
#
|
||||
# [*rbd_ephemeral_storage*]
|
||||
# (Optional) Use Ceph as ephmeral disk backend.
|
||||
# Defaults to hiera('nova::compute::rbd::ephemeral_storage', false)
|
||||
#
|
||||
# [*rbd_persistent_storage*]
|
||||
# (Optional) Use Ceph as volume backend.
|
||||
# Defaults to hiera('rbd_persistent_storage', false)
|
||||
#
|
||||
# [*rbd_disk_cachemodes*]
|
||||
# (Optional) Cache mode of rbd volumes.
|
||||
# Defaults to hiera('rbd_disk_cachemodes', ['network=writeback'])
|
||||
#
|
||||
class tripleo::profile::base::nova::compute_libvirt_shared (
|
||||
$nova_rbd_client_name = hiera('nova::compute::rbd::libvirt_rbd_user','openstack'),
|
||||
$nova_rbd_ceph_conf_path = '/etc/ceph',
|
||||
$step = Integer(hiera('step')),
|
||||
$step = Integer(hiera('step')),
|
||||
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false),
|
||||
$rbd_persistent_storage = hiera('rbd_persistent_storage', false),
|
||||
$rbd_disk_cachemodes = hiera('rbd_disk_cachemodes', ['network=writeback']),
|
||||
) {
|
||||
if $step >= 4 {
|
||||
# Ceph + Libvirt
|
||||
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
|
||||
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
|
||||
$rbd_disk_cachemodes = hiera('rbd_disk_cachemodes', ['network=writeback'])
|
||||
if $rbd_ephemeral_storage or $rbd_persistent_storage {
|
||||
include nova::compute::rbd
|
||||
exec{ "exec-setfacl-${nova_rbd_client_name}-nova":
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "setfacl -m u:nova:r-- ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring",
|
||||
unless => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q user:nova:r--",
|
||||
}
|
||||
-> exec{ "exec-setfacl-${nova_rbd_client_name}-nova-mask":
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "setfacl -m m::r ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring",
|
||||
unless => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q mask::r",
|
||||
}
|
||||
}
|
||||
|
||||
if $rbd_ephemeral_storage {
|
||||
|
@ -48,12 +48,6 @@ describe 'tripleo::profile::base::glance::backend::rbd' do
|
||||
:rbd_store_pool => 'images',
|
||||
:store_description => 'RBD store',
|
||||
)
|
||||
is_expected.to contain_exec('exec-setfacl-ceph-openstack-glance').with_command(
|
||||
'setfacl -m u:glance:r-- /etc/ceph/ceph.client.openstack.keyring'
|
||||
)
|
||||
is_expected.to contain_exec('exec-setfacl-ceph-openstack-glance-mask').with_command(
|
||||
'setfacl -m m::r /etc/ceph/ceph.client.openstack.keyring'
|
||||
)
|
||||
end
|
||||
|
||||
context 'with parameters overridden' do
|
||||
@ -123,12 +117,6 @@ describe 'tripleo::profile::base::glance::backend::rbd' do
|
||||
:rbd_store_pool => 'images2',
|
||||
:store_description => 'rbd2 backend',
|
||||
)
|
||||
is_expected.to contain_exec('exec-setfacl-ceph2-openstack2-glance').with_command(
|
||||
'setfacl -m u:glance:r-- /etc/ceph/ceph2.client.openstack2.keyring'
|
||||
)
|
||||
is_expected.to contain_exec('exec-setfacl-ceph2-openstack2-glance-mask').with_command(
|
||||
'setfacl -m m::r /etc/ceph/ceph2.client.openstack2.keyring'
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user