state = JSON.parse(mon_status)['state']
return QUORUM_STATES.include?(state)
end
+
+def ceph_get_client_key(pool, service)
+ #TODO cluster name
+ cluster = 'ceph'
+ hostname = %x[hostname]
+ hostname.chomp!
+ client_name = "client.#{hostname}.#{service}"
+ key_path = "/var/lib/ceph/bootstrap-client/#{cluster}.#{client_name}.keyring"
+ final_key_path = "/etc/ceph/#{cluster}.#{client_name}.keyring"
+
+ client_key = %x[ceph --cluster #{cluster} --name client.bootstrap-client --keyring /var/lib/ceph/bootstrap-client/#{cluster}.keyring auth get-or-create-key #{client_name} osd "allow pool #{pool} rwx;" mon "allow rw"]
+
+ file "#{key_path}.raw" do
+ owner "root"
+ group "root"
+ mode "0440"
+ content client_key
+ end
+
+ execute "format as keyring" do
+ command <<-EOH
+ set -e
+ set -x
+ # TODO don't put the key in "ps" output, stdout
+ read KEY <"#{key_path}.raw"
+ ceph-authtool #{key_path} --create-keyring --name=#{client_name} --add-key="$KEY"
+ rm -f "#{key_path}.raw"
+ mv #{key_path} #{final_key_path}
+ EOH
+ end
+
+ return ["#{client_name}", final_key_path]
+end
--- /dev/null
+# this recipe allows bootstrapping ceph clients
+
+include_recipe "ceph::default"
+include_recipe "ceph::conf"
+
+mons = get_mon_nodes("ceph_bootstrap_client_key:*")
+
+if mons.empty? then
+ puts "No ceph-mon having ceph_bootstrap_client_key found."
+else
+
+ directory "/var/lib/ceph/bootstrap-client" do
+ owner "root"
+ group "root"
+ mode "0755"
+ end
+
+ #TODO cluster name
+ cluster = 'ceph'
+
+ file "/var/lib/ceph/bootstrap-client/#{cluster}.keyring.raw" do
+ owner "root"
+ group "root"
+ mode "0440"
+ content mons[0]["ceph_bootstrap_client_key"]
+ end
+
+ execute "format as keyring" do
+ command <<-EOH
+ set -e
+ # TODO don't put the key in "ps" output, stdout
+ read KEY <'/var/lib/ceph/bootstrap-client/#{cluster}.keyring.raw'
+ ceph-authtool '/var/lib/ceph/bootstrap-client/#{cluster}.keyring' --create-keyring --name=client.bootstrap-client --add-key="$KEY"
+ rm -f '/var/lib/ceph/bootstrap-client/#{cluster}.keyring.raw'
+ EOH
+ end
+end
end
end
-ruby_block "save osd bootstrap key in node attributes" do
+ruby_block "save bootstrap keys in node attributes" do
block do
if node['ceph_bootstrap_osd_key'].nil? then
+ raise "missing bootstrap_osd key but do have bootstrap_client key!" unless node['ceph_bootstrap_client_key'].nil?
if not have_quorum? then
- puts 'ceph-mon is not in quorum, skipping bootstrap-osd key generation for this run'
+ puts 'ceph-mon is not in quorum, skipping bootstrap key generation for this run'
else
- key = %x[
+ osd_key = %x[
ceph \
--name mon. \
--keyring '/var/lib/ceph/mon/#{cluster}-#{node['hostname']}/keyring' \
allow command mon getmap"
]
raise 'adding or getting bootstrap-osd key failed' unless $?.exitstatus == 0
- node.override['ceph_bootstrap_osd_key'] = key
+ node.override['ceph_bootstrap_osd_key'] = osd_key
+
+ client_key = %x[
+ ceph \
+ --name mon. \
+ --keyring '/var/lib/ceph/mon/#{cluster}-#{node['hostname']}/keyring' \
+ auth get-or-create-key client.bootstrap-client mon \
+ "allow command auth get-or-create-key * osd * mon *;"
+ ]
+ raise 'adding or getting bootstrap-client key failed' unless $?.exitstatus == 0
+ node.override['ceph_bootstrap_client_key'] = client_key
+
node.save
end
+ else #node['ceph_bootstrap_osd_key'] not nil
+ raise "have ceph_bootstrap_osd_key but not bootstrap_client key!" unless !node['ceph_bootstrap_client_key'].nil?
end
end
end
+
projects / ceph-cookbooks.git / commitdiff