Some refactor on mon_secret

diff --git a/libraries/default.rb b/libraries/default.rb
index 3e12340e97cbc5e051ca41782e9a2b33025c8a76..495a96a08fd73bed657e2f095d19423d0d4c8bce 100644 (file)
--- a/libraries/default.rb
+++ b/libraries/default.rb
@@ -94,17 +94,17 @@ def mon_addresses
 end
 
 def mon_secret
-  # find the monitor secret
-  mon_secret = ''
-  mons = mon_nodes
-  if !mons.empty?
-    mon_secret = mons[0]['ceph']['monitor-secret']
-  elsif mons.empty? && node['ceph']['monitor-secret']
-    mon_secret = node['ceph']['monitor-secret']
+  if node['ceph']['encrypted_data_bags']
+    secret = Chef::EncryptedDataBagItem.load_secret(node['ceph']['mon']['secret_file'])
+    Chef::EncryptedDataBagItem.load('ceph', 'mon', secret)['secret']
+  elsif !mon_nodes.empty?
+    mon_nodes[0]['ceph']['monitor-secret']
+  elsif node['ceph']['monitor-secret']
+    node['ceph']['monitor-secret']
   else
-    Chef::Log.warn('No monitor secret found')
+    Chef::Log.info('No monitor secret found')
+    nil
   end
-  mon_secret
 end
 
 def quorum_members_ips

diff --git a/recipes/mon.rb b/recipes/mon.rb
index 683cea66c1875a92f939f2a0afa3657f58b21cfa..31fc96a408001cd1083ae8c5bf67d86a3839cd31 100644 (file)
--- a/recipes/mon.rb
+++ b/recipes/mon.rb
@@ -44,31 +44,28 @@ cluster = 'ceph'
 unless File.exist?("/var/lib/ceph/mon/ceph-#{node['hostname']}/done")
   keyring = "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
 
-  if node['ceph']['encrypted_data_bags']
-    secret = Chef::EncryptedDataBagItem.load_secret(node['ceph']['mon']['secret_file'])
-    monitor_secret = Chef::EncryptedDataBagItem.load('ceph', 'mon', secret)['secret']
-  else
-    monitor_secret = mon_secret   # try to find an existing secret
+  execute 'format mon-secret as keyring' do
+    command lazy { "ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{mon_secret}' --cap mon 'allow *'" }
+    creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
+    only_if { mon_secret }
   end
 
-  if monitor_secret && monitor_secret != ''
-    execute 'format mon-secret as keyring' do
-      command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{monitor_secret}' --cap mon 'allow *'"
-      creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
-    end
-  else   # make a new monitor secret
-    execute 'generate mon-secret as keyring' do
-      command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --gen-key --cap mon 'allow *'"
-      creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
-    end
-    ruby_block 'save monitor secret to node' do
-      block do
-        fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
-        fetch.run_command
-        key = fetch.stdout
-        node.set['ceph']['monitor-secret'] = key
-      end
+  execute 'generate mon-secret as keyring' do
+    command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --gen-key --cap mon 'allow *'"
+    creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
+    not_if { mon_secret }
+    notifies :create, 'ruby_block[save mon_secret]', :immediately
+  end
+
+  ruby_block 'save mon_secret' do
+    block do
+      fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
+      fetch.run_command
+      key = fetch.stdout
+      node.set['ceph']['monitor-secret'] = key
+      node.save
     end
+    action :nothing
   end
 
   execute 'ceph-mon mkfs' do