Merge "Remove file ACL settings for ceph keyring"

2022-05-26 01:13:11 +00:00 · 2022-05-26 01:13:11 +00:00 · e3e6e01c84
parent 3c1784ce80 9765e20fb1
commit e3e6e01c84
4 changed files with 25 additions and 78 deletions
--- a/manifests/profile/base/glance/backend/rbd.pp
+++ b/manifests/profile/base/glance/backend/rbd.pp
@ -25,10 +25,6 @@
 #   (Optional) Hash containing multistore data for configuring multiple backends.
 #   Defaults to {}
 #
-# [*glance_rbd_ceph_conf_path*]
-#   (Optional) The path where the Ceph Cluster config files are stored on the host.
-#   Defaults to '/etc/ceph'
-#
 # [*rbd_store_ceph_conf*]
 #   (Optional) Ceph cluster config file.
 #   Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf').
@ -65,16 +61,15 @@
 #
 class tripleo::profile::base::glance::backend::rbd (
  $backend_names,
-  $multistore_config         = {},
-  $glance_rbd_ceph_conf_path = '/etc/ceph',
-  $rbd_store_ceph_conf       = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
-  $rbd_store_user            = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
-  $rbd_store_pool            = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
-  $rbd_store_chunk_size      = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
-  $rbd_thin_provisioning     = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
-  $rados_connect_timeout     = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
-  $store_description         = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
-  $step                      = Integer(lookup('step')),
+  $multistore_config     = {},
+  $rbd_store_ceph_conf   = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'),
+  $rbd_store_user        = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'),
+  $rbd_store_pool        = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'),
+  $rbd_store_chunk_size  = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef),
+  $rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef),
+  $rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef),
+  $store_description     = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'),
+  $step                  = Integer(lookup('step')),
 ) {

  if $step >= 4 {
@ -88,26 +83,11 @@ class tripleo::profile::base::glance::backend::rbd (
      $ceph_cluster_name = $backend_config['CephClusterName']

      if $ceph_cluster_name {
-        $ceph_cluster_name_real = $ceph_cluster_name
        $rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf"
      } else {
-        $ceph_cluster_name_real = $rbd_store_ceph_conf.match(/(\w+)(\.conf$)/)[1]
        $rbd_store_ceph_conf_real = $rbd_store_ceph_conf
      }

-      $ceph_client_keyring = "${glance_rbd_ceph_conf_path}/${ceph_cluster_name_real}.client.${rbd_store_user_real}.keyring"
-
-      exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance":
-        path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m u:glance:r-- ${ceph_client_keyring}",
-        unless  => "getfacl ${ceph_client_keyring} | grep -q user:glance:r--",
-      }
-      -> exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance-mask":
-        path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m m::r ${ceph_client_keyring}",
-        unless  => "getfacl ${ceph_client_keyring} | grep -q mask::r",
-      }
-
      create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({
        'rbd_store_ceph_conf'   => $rbd_store_ceph_conf_real,
        'rbd_store_user'        => $rbd_store_user_real,
--- a/manifests/profile/base/manila/share.pp
+++ b/manifests/profile/base/manila/share.pp
@ -117,7 +117,6 @@ class tripleo::profile::base::manila::share (
      $cephfs_ganesha_server_ip = lookup('manila::backend::cephfs::cephfs_ganesha_server_ip', undef, undef, undef)
      $manila_cephfs_protocol_helper_type = lookup('manila::backend::cephfs::cephfs_protocol_helper_type', undef, undef, false)
      $manila_cephfs_pool_name = lookup('manila::backend::cephfs::pool_name', undef, undef, 'manila_data')
-      $manila_cephfs_ceph_conf_path = lookup('manila_cephfs_ceph_conf_path', undef, undef, '/etc/ceph')

      if $cephfs_ganesha_server_ip == undef {
        $cephfs_ganesha_server_ip_real = lookup('ganesha_vip', undef, undef, undef)
@ -150,18 +149,6 @@ class tripleo::profile::base::manila::share (
          ganesha_rados_store_pool_name => $manila_cephfs_pool_name,
        }
      }
-
-      $keyring_local_path = "${manila_cephfs_ceph_conf_path}/ceph.client.${cephfs_auth_id}.keyring"
-      exec{ "exec-setfacl-${cephfs_auth_id}":
-        path    => ['/bin', '/usr/bin' ],
-        command => "setfacl -m u:manila:r-- ${keyring_local_path}",
-        unless  => "getfacl ${keyring_local_path} | grep -q user:manila:r--",
-      }
-      -> exec{ "exec-setfacl-${cephfs_auth_id}-mask":
-        path    => ['/bin', '/usr/bin' ],
-        command => "setfacl -m m::r ${keyring_local_path}",
-        unless  => "getfacl ${keyring_local_path} | grep -q mask::r",
-      }
    }

    # manila netapp:
--- a/manifests/profile/base/nova/compute_libvirt_shared.pp
+++ b/manifests/profile/base/nova/compute_libvirt_shared.pp
@ -18,41 +18,33 @@
 #
 # === Parameters
 #
-# [*nova_rbd_client_name*]
-#   (optional) name of RBD client
-#   defaults to hiera('nova::compute::rbd::libvirt_rbd_user')
-#
-# [*nova_rbd_ceph_conf_path*]
-#   (Optional) The path where the Ceph Cluster config files are stored on the host
-#   defaults to '/etc/ceph'
-#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
 #   Defaults to hiera('step')
 #
+# [*rbd_ephemeral_storage*]
+#   (Optional) Use Ceph as ephmeral disk backend.
+#   Defaults to hiera('nova::compute::rbd::ephemeral_storage', false)
+#
+# [*rbd_persistent_storage*]
+#   (Optional) Use Ceph as volume backend.
+#   Defaults to hiera('rbd_persistent_storage', false)
+#
+# [*rbd_disk_cachemodes*]
+#   (Optional) Cache mode of rbd volumes.
+#   Defaults to hiera('rbd_disk_cachemodes', ['network=writeback'])
+#
 class tripleo::profile::base::nova::compute_libvirt_shared (
-  $nova_rbd_client_name    = hiera('nova::compute::rbd::libvirt_rbd_user','openstack'),
-  $nova_rbd_ceph_conf_path = '/etc/ceph',
-  $step                    = Integer(hiera('step')),
+  $step                   = Integer(hiera('step')),
+  $rbd_ephemeral_storage  = hiera('nova::compute::rbd::ephemeral_storage', false),
+  $rbd_persistent_storage = hiera('rbd_persistent_storage', false),
+  $rbd_disk_cachemodes    = hiera('rbd_disk_cachemodes', ['network=writeback']),
 ) {
  if $step >= 4 {
    # Ceph + Libvirt
-    $rbd_ephemeral_storage  = hiera('nova::compute::rbd::ephemeral_storage', false)
-    $rbd_persistent_storage = hiera('rbd_persistent_storage', false)
-    $rbd_disk_cachemodes    = hiera('rbd_disk_cachemodes', ['network=writeback'])
    if $rbd_ephemeral_storage or $rbd_persistent_storage {
      include nova::compute::rbd
-      exec{ "exec-setfacl-${nova_rbd_client_name}-nova":
-        path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m u:nova:r-- ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring",
-        unless  => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q user:nova:r--",
-      }
-      -> exec{ "exec-setfacl-${nova_rbd_client_name}-nova-mask":
-        path    => ['/bin', '/usr/bin'],
-        command => "setfacl -m m::r ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring",
-        unless  => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q mask::r",
-      }
    }

    if $rbd_ephemeral_storage {
--- a/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb
+++ b/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb
@ -48,12 +48,6 @@ describe 'tripleo::profile::base::glance::backend::rbd' do
          :rbd_store_pool      => 'images',
          :store_description   => 'RBD store',
        )
-        is_expected.to contain_exec('exec-setfacl-ceph-openstack-glance').with_command(
-          'setfacl -m u:glance:r-- /etc/ceph/ceph.client.openstack.keyring'
-        )
-        is_expected.to contain_exec('exec-setfacl-ceph-openstack-glance-mask').with_command(
-          'setfacl -m m::r /etc/ceph/ceph.client.openstack.keyring'
-        )
      end

      context 'with parameters overridden' do
@ -123,12 +117,6 @@ describe 'tripleo::profile::base::glance::backend::rbd' do
            :rbd_store_pool      => 'images2',
            :store_description   => 'rbd2 backend',
          )
-          is_expected.to contain_exec('exec-setfacl-ceph2-openstack2-glance').with_command(
-            'setfacl -m u:glance:r-- /etc/ceph/ceph2.client.openstack2.keyring'
-          )
-          is_expected.to contain_exec('exec-setfacl-ceph2-openstack2-glance-mask').with_command(
-            'setfacl -m m::r /etc/ceph/ceph2.client.openstack2.keyring'
-          )
        end
      end
    end