puppet-tripleo/manifests/profile/base/iscsid.pp

80 lines
2.9 KiB
Puppet

# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::iscsid
#
# Iscsid profile for tripleo
#
# === Parameters
#
# [*chap_algs*]
# (Optional) Comma separated list of algorithms to use in CHAP protocol
# Defaults to 'SHA3-256,SHA256,SHA1,MD5'
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
class tripleo::profile::base::iscsid (
$chap_algs = 'SHA3-256,SHA256,SHA1,MD5',
$step = Integer(hiera('step')),
) {
if $step >= 2 {
# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
# https://bugzilla.redhat.com/show_bug.cgi?id=1244328
ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' })
# THT supplies a volume mount to the host's /etc/iscsi directory (at
# /tmp/iscsi.host). If the sentinel file (.initiator_reset) exists on the
# host, then copy the IQN from the host. This ensures the IQN is reset
# once, and only once.
exec { 'sync-iqn-from-host':
command => '/bin/cp /tmp/iscsi.host/.initiator_reset /tmp/iscsi.host/initiatorname.iscsi /etc/iscsi/',
onlyif => '/usr/bin/test -f /tmp/iscsi.host/.initiator_reset',
before => Exec['reset-iscsi-initiator-name'],
tag => 'iscsid_config'
}
exec { 'reset-iscsi-initiator-name':
command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
before => File['/etc/iscsi/.initiator_reset'],
require => Package['iscsi-initiator-utils'],
tag => 'iscsid_config'
}
file { '/etc/iscsi/.initiator_reset':
ensure => present,
before => Exec['sync-iqn-to-host'],
}
exec { 'sync-iqn-to-host':
command => '/bin/cp /etc/iscsi/initiatorname.iscsi /etc/iscsi/.initiator_reset /tmp/iscsi.host/',
onlyif => [
'/usr/bin/test -d /tmp/iscsi.host',
'/usr/bin/test ! -f /tmp/iscsi.host/iscsi/.initiator_reset',
],
tag => 'iscsid_config',
}
$chap_algs_real = join(any2array($chap_algs), ',')
augeas {'chap_algs in /etc/iscsi/iscsid.conf':
context => '/files/etc/iscsi/iscsid.conf',
changes => ["set node.session.auth.chap_algs ${chap_algs_real}"],
}
}
}