From 9765e20fb1536fdaab65c19d21d252c2ebfbf45b Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 27 Feb 2022 23:08:01 +0900 Subject: [PATCH] Remove file ACL settings for ceph keyring ... because these resources are no longer used since all services were containerized. We already removed the same logic for Gnocchi only by [1]. [1] 6aa468113712415711937f20a6652ab60db14420 Change-Id: I2a32a067e3586e14c461948bd677b75365272cff --- manifests/profile/base/glance/backend/rbd.pp | 38 +++++------------- manifests/profile/base/manila/share.pp | 13 ------ .../base/nova/compute_libvirt_shared.pp | 40 ++++++++----------- ...eo_profile_base_glance_backend_rbd_spec.rb | 12 ------ 4 files changed, 25 insertions(+), 78 deletions(-) diff --git a/manifests/profile/base/glance/backend/rbd.pp b/manifests/profile/base/glance/backend/rbd.pp index 66e5fd9d6..ff803dc4b 100644 --- a/manifests/profile/base/glance/backend/rbd.pp +++ b/manifests/profile/base/glance/backend/rbd.pp @@ -25,10 +25,6 @@ # (Optional) Hash containing multistore data for configuring multiple backends. # Defaults to {} # -# [*glance_rbd_ceph_conf_path*] -# (Optional) The path where the Ceph Cluster config files are stored on the host. -# Defaults to '/etc/ceph' -# # [*rbd_store_ceph_conf*] # (Optional) Ceph cluster config file. # Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'). @@ -65,16 +61,15 @@ # class tripleo::profile::base::glance::backend::rbd ( $backend_names, - $multistore_config = {}, - $glance_rbd_ceph_conf_path = '/etc/ceph', - $rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'), - $rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'), - $rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'), - $rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef), - $rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef), - $rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef), - $store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'), - $step = Integer(lookup('step')), + $multistore_config = {}, + $rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'), + $rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'), + $rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'), + $rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef), + $rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef), + $rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef), + $store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'), + $step = Integer(lookup('step')), ) { if $step >= 4 { @@ -88,26 +83,11 @@ class tripleo::profile::base::glance::backend::rbd ( $ceph_cluster_name = $backend_config['CephClusterName'] if $ceph_cluster_name { - $ceph_cluster_name_real = $ceph_cluster_name $rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf" } else { - $ceph_cluster_name_real = $rbd_store_ceph_conf.match(/(\w+)(\.conf$)/)[1] $rbd_store_ceph_conf_real = $rbd_store_ceph_conf } - $ceph_client_keyring = "${glance_rbd_ceph_conf_path}/${ceph_cluster_name_real}.client.${rbd_store_user_real}.keyring" - - exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance": - path => ['/bin', '/usr/bin'], - command => "setfacl -m u:glance:r-- ${ceph_client_keyring}", - unless => "getfacl ${ceph_client_keyring} | grep -q user:glance:r--", - } - -> exec { "exec-setfacl-${ceph_cluster_name_real}-${rbd_store_user_real}-glance-mask": - path => ['/bin', '/usr/bin'], - command => "setfacl -m m::r ${ceph_client_keyring}", - unless => "getfacl ${ceph_client_keyring} | grep -q mask::r", - } - create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({ 'rbd_store_ceph_conf' => $rbd_store_ceph_conf_real, 'rbd_store_user' => $rbd_store_user_real, diff --git a/manifests/profile/base/manila/share.pp b/manifests/profile/base/manila/share.pp index fa80c3dc7..f6fc63ca0 100644 --- a/manifests/profile/base/manila/share.pp +++ b/manifests/profile/base/manila/share.pp @@ -117,7 +117,6 @@ class tripleo::profile::base::manila::share ( $cephfs_ganesha_server_ip = lookup('manila::backend::cephfs::cephfs_ganesha_server_ip', undef, undef, undef) $manila_cephfs_protocol_helper_type = lookup('manila::backend::cephfs::cephfs_protocol_helper_type', undef, undef, false) $manila_cephfs_pool_name = lookup('manila::backend::cephfs::pool_name', undef, undef, 'manila_data') - $manila_cephfs_ceph_conf_path = lookup('manila_cephfs_ceph_conf_path', undef, undef, '/etc/ceph') if $cephfs_ganesha_server_ip == undef { $cephfs_ganesha_server_ip_real = lookup('ganesha_vip', undef, undef, undef) @@ -150,18 +149,6 @@ class tripleo::profile::base::manila::share ( ganesha_rados_store_pool_name => $manila_cephfs_pool_name, } } - - $keyring_local_path = "${manila_cephfs_ceph_conf_path}/ceph.client.${cephfs_auth_id}.keyring" - exec{ "exec-setfacl-${cephfs_auth_id}": - path => ['/bin', '/usr/bin' ], - command => "setfacl -m u:manila:r-- ${keyring_local_path}", - unless => "getfacl ${keyring_local_path} | grep -q user:manila:r--", - } - -> exec{ "exec-setfacl-${cephfs_auth_id}-mask": - path => ['/bin', '/usr/bin' ], - command => "setfacl -m m::r ${keyring_local_path}", - unless => "getfacl ${keyring_local_path} | grep -q mask::r", - } } # manila netapp: diff --git a/manifests/profile/base/nova/compute_libvirt_shared.pp b/manifests/profile/base/nova/compute_libvirt_shared.pp index d341f3bb0..ae1e25a19 100644 --- a/manifests/profile/base/nova/compute_libvirt_shared.pp +++ b/manifests/profile/base/nova/compute_libvirt_shared.pp @@ -18,41 +18,33 @@ # # === Parameters # -# [*nova_rbd_client_name*] -# (optional) name of RBD client -# defaults to hiera('nova::compute::rbd::libvirt_rbd_user') -# -# [*nova_rbd_ceph_conf_path*] -# (Optional) The path where the Ceph Cluster config files are stored on the host -# defaults to '/etc/ceph' -# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # +# [*rbd_ephemeral_storage*] +# (Optional) Use Ceph as ephmeral disk backend. +# Defaults to hiera('nova::compute::rbd::ephemeral_storage', false) +# +# [*rbd_persistent_storage*] +# (Optional) Use Ceph as volume backend. +# Defaults to hiera('rbd_persistent_storage', false) +# +# [*rbd_disk_cachemodes*] +# (Optional) Cache mode of rbd volumes. +# Defaults to hiera('rbd_disk_cachemodes', ['network=writeback']) +# class tripleo::profile::base::nova::compute_libvirt_shared ( - $nova_rbd_client_name = hiera('nova::compute::rbd::libvirt_rbd_user','openstack'), - $nova_rbd_ceph_conf_path = '/etc/ceph', - $step = Integer(hiera('step')), + $step = Integer(hiera('step')), + $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false), + $rbd_persistent_storage = hiera('rbd_persistent_storage', false), + $rbd_disk_cachemodes = hiera('rbd_disk_cachemodes', ['network=writeback']), ) { if $step >= 4 { # Ceph + Libvirt - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) - $rbd_persistent_storage = hiera('rbd_persistent_storage', false) - $rbd_disk_cachemodes = hiera('rbd_disk_cachemodes', ['network=writeback']) if $rbd_ephemeral_storage or $rbd_persistent_storage { include nova::compute::rbd - exec{ "exec-setfacl-${nova_rbd_client_name}-nova": - path => ['/bin', '/usr/bin'], - command => "setfacl -m u:nova:r-- ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring", - unless => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q user:nova:r--", - } - -> exec{ "exec-setfacl-${nova_rbd_client_name}-nova-mask": - path => ['/bin', '/usr/bin'], - command => "setfacl -m m::r ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring", - unless => "getfacl ${nova_rbd_ceph_conf_path}/ceph.client.${nova_rbd_client_name}.keyring | grep -q mask::r", - } } if $rbd_ephemeral_storage { diff --git a/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb b/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb index ce713fe8c..deab71cd7 100644 --- a/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb +++ b/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb @@ -48,12 +48,6 @@ describe 'tripleo::profile::base::glance::backend::rbd' do :rbd_store_pool => 'images', :store_description => 'RBD store', ) - is_expected.to contain_exec('exec-setfacl-ceph-openstack-glance').with_command( - 'setfacl -m u:glance:r-- /etc/ceph/ceph.client.openstack.keyring' - ) - is_expected.to contain_exec('exec-setfacl-ceph-openstack-glance-mask').with_command( - 'setfacl -m m::r /etc/ceph/ceph.client.openstack.keyring' - ) end context 'with parameters overridden' do @@ -123,12 +117,6 @@ describe 'tripleo::profile::base::glance::backend::rbd' do :rbd_store_pool => 'images2', :store_description => 'rbd2 backend', ) - is_expected.to contain_exec('exec-setfacl-ceph2-openstack2-glance').with_command( - 'setfacl -m u:glance:r-- /etc/ceph/ceph2.client.openstack2.keyring' - ) - is_expected.to contain_exec('exec-setfacl-ceph2-openstack2-glance-mask').with_command( - 'setfacl -m m::r /etc/ceph/ceph2.client.openstack2.keyring' - ) end end end