state = JSON.parse(cmd.stdout)['state']
QUORUM_STATES.include?(state)
end
+
+# Cephx is on by default, but users can disable it.
+# type can be one of 3 values: cluster, service, or client. If the value is none of the above, set it to cluster
+def use_cephx?(type = nil)
+ # Verify type is valid
+ type = 'cluster' if %w(cluster service client).index(type).nil?
+
+ # CephX is enabled if it's not configured at all, or explicity enabled
+ node['ceph']['config'].nil? ||
+ node['ceph']['config']['global'].nil? ||
+ node['ceph']['config']['global']["auth #{type} required"] == 'cephx'
+end
end
end
-# The key is going to be automatically
-# created,
-# We store it when it is created
-unless node['ceph']['encrypted_data_bags']
+# The key is going to be automatically created, We store it when it is created
+# If we're storing keys in encrypted data bags, then they've already been generated above
+if use_cephx? && !node['ceph']['encrypted_data_bags']
ruby_block 'get osd-bootstrap keyring' do
block do
run_out = ''
end
service_type = node['ceph']['osd']['init_style']
-mons = node['ceph']['encrypted_data_bags'] ? get_mon_nodes : get_mon_nodes('ceph_bootstrap_osd_key:*')
+# Look for monitors with osd bootstrap keys.
+# If we're storing keys in encrypted data bags, then we'll have to trust the roles
+if use_cephx? && !node['ceph']['encrypted_data_bags']
+ mons = get_mon_nodes('ceph_bootstrap_osd_key:*')
+else
+ mons = get_mon_nodes
+end
return 'No ceph-mon found.' if mons.empty?
projects / ceph-cookbooks.git / commitdiff