From: Walter Huf <walter.huf@corvisa.com>
Date: Thu, 8 May 2014 20:57:44 +0000 (-0500)
Subject: Automatically generates a monsecret if it is blank
X-Git-Tag: v0.8.0~38
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f46342969004635a2adb5327ba0d51148568b15d;p=ceph-cookbooks.git

Automatically generates a monsecret if it is blank

Some of the more advanced features require a mon secret to
generate auth keys for other things, such as radosgw.
This change will run gen-key command to generate a mon secret if it
has not been set as an attribute already. It will also search for
other mon nodes and use the cluster secret if it already exists.
---

diff --git a/recipes/mon.rb b/recipes/mon.rb
index 30e6994..683cea6 100644
--- a/recipes/mon.rb
+++ b/recipes/mon.rb
@@ -48,12 +48,27 @@ unless File.exist?("/var/lib/ceph/mon/ceph-#{node['hostname']}/done")
     secret = Chef::EncryptedDataBagItem.load_secret(node['ceph']['mon']['secret_file'])
     monitor_secret = Chef::EncryptedDataBagItem.load('ceph', 'mon', secret)['secret']
   else
-    monitor_secret = node['ceph']['monitor-secret']
+    monitor_secret = mon_secret   # try to find an existing secret
   end
 
-  execute 'format as keyring' do
-    command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{monitor_secret}' --cap mon 'allow *'"
-    creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
+  if monitor_secret && monitor_secret != ''
+    execute 'format mon-secret as keyring' do
+      command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{monitor_secret}' --cap mon 'allow *'"
+      creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
+    end
+  else   # make a new monitor secret
+    execute 'generate mon-secret as keyring' do
+      command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --gen-key --cap mon 'allow *'"
+      creates "#{Chef::Config[:file_cache_path]}/#{cluster}-#{node['hostname']}.mon.keyring"
+    end
+    ruby_block 'save monitor secret to node' do
+      block do
+        fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
+        fetch.run_command
+        key = fetch.stdout
+        node.set['ceph']['monitor-secret'] = key
+      end
+    end
   end
 
   execute 'ceph-mon mkfs' do
diff --git a/recipes/osd.rb b/recipes/osd.rb
index 3407e51..337af2b 100644
--- a/recipes/osd.rb
+++ b/recipes/osd.rb
@@ -55,7 +55,7 @@ end
 # TODO: cluster name
 cluster = 'ceph'
 
-execute 'format as keyring' do
+execute 'format bootstrap-osd as keyring' do
   command lazy { "ceph-authtool '/var/lib/ceph/bootstrap-osd/#{cluster}.keyring' --create-keyring --name=client.bootstrap-osd --add-key='#{osd_secret}'" }
   creates "/var/lib/ceph/bootstrap-osd/#{cluster}.keyring"
   only_if { osd_secret }