Browse Source
The CinderRbdMultiConfig parameter provides a mechanism for configuring cinder RBD backends associated with external ceph clusters defined by CephExternalMultiConfig. A new nova_libvirt_init_secret.sh script handles the creation of the libvirt secret that is required for nova to connect to volumes on the cinder RBD backends. Depends-On: I040e25341c9869ad289d7e7c98e831caef23fece Change-Id: I73af5b868de629870a35d38f8436e7025aae791echanges/02/783402/4
7 changed files with 232 additions and 25 deletions
@ -0,0 +1,60 @@
|
||||
#!/bin/bash |
||||
|
||||
set -e |
||||
|
||||
CEPH_INFO=($*) |
||||
|
||||
if [ -z "$CEPH_INFO" ]; then |
||||
echo "error: At least one CLUSTER:CLIENT tuple must be specified" |
||||
exit 1 |
||||
fi |
||||
|
||||
echo "------------------------------------------------" |
||||
echo "Initializing virsh secrets for: ${CEPH_INFO[@]}" |
||||
|
||||
for INFO in ${CEPH_INFO[@]}; do |
||||
IFS=: read CLUSTER CLIENT <<< $INFO |
||||
FSID=$(awk '$1 == "fsid" {print $3}' /etc/ceph/${CLUSTER}.conf) |
||||
|
||||
echo "--------" |
||||
echo "Initializing the virsh secret for '$CLUSTER' cluster ($FSID) '$CLIENT' client" |
||||
|
||||
# Ensure the secret XML file exists. Puppet should have created a secret.xml |
||||
# file for the first cluster's secret, so detect when to use that file. |
||||
if grep -q $FSID /etc/nova/secret.xml; then |
||||
SECRET_FILE="/etc/nova/secret.xml" |
||||
SECRET_NAME="client.${CLIENT} secret" |
||||
else |
||||
SECRET_FILE="/etc/nova/${CLUSTER}-secret.xml" |
||||
SECRET_NAME="${CLUSTER}.client.${CLIENT} secret" |
||||
fi |
||||
|
||||
if [ ! -f $SECRET_FILE ]; then |
||||
echo "Creating $SECRET_FILE" |
||||
cat <<EOF > $SECRET_FILE |
||||
<secret ephemeral='no' private='no'> |
||||
<usage type='ceph'> |
||||
<name>${SECRET_NAME}</name> |
||||
</usage> |
||||
<uuid>${FSID}</uuid> |
||||
</secret> |
||||
EOF |
||||
else |
||||
echo "The $SECRET_FILE file already exists" |
||||
fi |
||||
|
||||
# Ensure the libvirt secret is defined |
||||
if /usr/bin/virsh secret-list | grep -q $FSID; then |
||||
echo "The virsh secret for $FSID has already been defined" |
||||
else |
||||
/usr/bin/virsh secret-define --file $SECRET_FILE |
||||
fi |
||||
|
||||
# Fetch the key from the keyring and ensure the secret is set |
||||
KEY=$(awk '$1 == "key" {print $3}' /etc/ceph/${CLUSTER}.client.${CLIENT}.keyring) |
||||
if /usr/bin/virsh secret-get-value $FSID 2>/dev/null | grep -q $KEY; then |
||||
echo "The virsh secret for $FSID has already been set" |
||||
else |
||||
/usr/bin/virsh secret-set-value --secret $FSID --base64 $KEY |
||||
fi |
||||
done |
Loading…
Reference in new issue