80 lines
2.9 KiB
Puppet
80 lines
2.9 KiB
Puppet
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::iscsid
|
|
#
|
|
# Iscsid profile for tripleo
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*chap_algs*]
|
|
# (Optional) Comma separated list of algorithms to use in CHAP protocol
|
|
# Defaults to 'SHA3-256,SHA256,SHA1,MD5'
|
|
#
|
|
# [*step*]
|
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
# for more details.
|
|
# Defaults to hiera('step')
|
|
#
|
|
class tripleo::profile::base::iscsid (
|
|
$chap_algs = 'SHA3-256,SHA256,SHA1,MD5',
|
|
$step = Integer(hiera('step')),
|
|
) {
|
|
|
|
if $step >= 2 {
|
|
# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1244328
|
|
ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' })
|
|
|
|
# THT supplies a volume mount to the host's /etc/iscsi directory (at
|
|
# /tmp/iscsi.host). If the sentinel file (.initiator_reset) exists on the
|
|
# host, then copy the IQN from the host. This ensures the IQN is reset
|
|
# once, and only once.
|
|
exec { 'sync-iqn-from-host':
|
|
command => '/bin/cp /tmp/iscsi.host/.initiator_reset /tmp/iscsi.host/initiatorname.iscsi /etc/iscsi/',
|
|
onlyif => '/usr/bin/test -f /tmp/iscsi.host/.initiator_reset',
|
|
before => Exec['reset-iscsi-initiator-name'],
|
|
tag => 'iscsid_config'
|
|
}
|
|
|
|
exec { 'reset-iscsi-initiator-name':
|
|
command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
|
|
onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
|
|
before => File['/etc/iscsi/.initiator_reset'],
|
|
require => Package['iscsi-initiator-utils'],
|
|
tag => 'iscsid_config'
|
|
}
|
|
|
|
file { '/etc/iscsi/.initiator_reset':
|
|
ensure => present,
|
|
before => Exec['sync-iqn-to-host'],
|
|
}
|
|
|
|
exec { 'sync-iqn-to-host':
|
|
command => '/bin/cp /etc/iscsi/initiatorname.iscsi /etc/iscsi/.initiator_reset /tmp/iscsi.host/',
|
|
onlyif => [
|
|
'/usr/bin/test -d /tmp/iscsi.host',
|
|
'/usr/bin/test ! -f /tmp/iscsi.host/iscsi/.initiator_reset',
|
|
],
|
|
tag => 'iscsid_config',
|
|
}
|
|
|
|
$chap_algs_real = join(any2array($chap_algs), ',')
|
|
augeas {'chap_algs in /etc/iscsi/iscsid.conf':
|
|
context => '/files/etc/iscsi/iscsid.conf',
|
|
changes => ["set node.session.auth.chap_algs ${chap_algs_real}"],
|
|
}
|
|
}
|
|
}
|