Browse Source

Check Ceph*Key value format and halt on error

The CephX keys secret is expected to have a specific format, this
adds a constraint in the templates to ensure it has the correct
format.

Change-Id: Ic12c3c287a921d696de1395bc887691c48146359
Closes-Bug: 1864185
(cherry picked from commit 0940dfd95ef64cb4d1d87edfe74374b08db9c9f2)
(cherry picked from commit 33ce60d6acafc8e06b42366a7ef873871597a736)
(cherry picked from commit 98652da2ab272c8919a31348a4e7f6f33b8321c9)
changes/05/712305/1
Giulio Fidente 4 months ago
parent
commit
909d57ccc1
6 changed files with 18 additions and 0 deletions
  1. +6
    -0
      docker/services/ceph-ansible/ceph-base.yaml
  2. +4
    -0
      docker/services/ceph-ansible/ceph-mon.yaml
  3. +2
    -0
      docker/services/nova-libvirt.yaml
  4. +2
    -0
      puppet/services/manila-backend-cephfs.yaml
  5. +2
    -0
      puppet/services/nova-compute.yaml
  6. +2
    -0
      puppet/services/nova-libvirt.yaml

+ 6
- 0
docker/services/ceph-ansible/ceph-base.yaml View File

@@ -120,6 +120,8 @@ parameters:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClientUserName:
default: openstack
type: string
@@ -131,6 +133,8 @@ parameters:
with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
@@ -158,6 +162,8 @@ parameters:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephIPv6:
default: False
type: boolean


+ 4
- 0
docker/services/ceph-ansible/ceph-mon.yaml View File

@@ -34,11 +34,15 @@ parameters:
description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephAdminKey:
default: ''
description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephValidationRetries:
type: number
default: 40


+ 2
- 0
docker/services/nova-libvirt.yaml View File

@@ -70,6 +70,8 @@ parameters:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.


+ 2
- 0
puppet/services/manila-backend-cephfs.yaml View File

@@ -76,6 +76,8 @@ parameters:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"

outputs:
role_data:


+ 2
- 0
puppet/services/nova-compute.yaml View File

@@ -52,6 +52,8 @@ parameters:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.


+ 2
- 0
puppet/services/nova-libvirt.yaml View File

@@ -46,6 +46,8 @@ parameters:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.


Loading…
Cancel
Save