From 782f10981946f0e5ec7a249046c8d3aef5f108a8 Mon Sep 17 00:00:00 2001
From: Greg Farnum <greg@inktank.com>
Date: Thu, 2 Aug 2012 15:29:12 -0700
Subject: [PATCH] create a ceph-client role

The ceph-client role sets the host up to access the Ceph
cluster and generates the host a key capable of creating
new client access keys
---
 libraries/default.rb        | 33 +++++++++++++++++++++++++++++++++
 recipes/bootstrap_client.rb | 37 +++++++++++++++++++++++++++++++++++++
 recipes/mon.rb              | 23 +++++++++++++++++++----
 3 files changed, 89 insertions(+), 4 deletions(-)
 create mode 100644 recipes/bootstrap_client.rb

diff --git a/libraries/default.rb b/libraries/default.rb
index 351248e..96f4c81 100644
--- a/libraries/default.rb
+++ b/libraries/default.rb
@@ -59,3 +59,36 @@ def have_quorum?()
   state = JSON.parse(mon_status)['state']
   return QUORUM_STATES.include?(state)
 end
+
+def ceph_get_client_key(pool, service)
+  #TODO cluster name
+  cluster = 'ceph'
+  hostname = %x[hostname]
+  hostname.chomp!
+  client_name = "client.#{hostname}.#{service}"
+  key_path = "/var/lib/ceph/bootstrap-client/#{cluster}.#{client_name}.keyring"
+  final_key_path = "/etc/ceph/#{cluster}.#{client_name}.keyring"
+ 
+  client_key = %x[ceph --cluster #{cluster} --name client.bootstrap-client --keyring /var/lib/ceph/bootstrap-client/#{cluster}.keyring auth get-or-create-key #{client_name} osd "allow pool #{pool} rwx;" mon "allow rw"]
+  
+  file "#{key_path}.raw" do
+    owner "root"
+    group "root"
+    mode "0440"
+    content client_key
+  end
+  
+  execute "format as keyring" do
+    command <<-EOH
+        set -e
+        set -x
+        # TODO don't put the key in "ps" output, stdout
+        read KEY <"#{key_path}.raw"
+        ceph-authtool #{key_path} --create-keyring --name=#{client_name} --add-key="$KEY"
+        rm -f "#{key_path}.raw"
+        mv #{key_path} #{final_key_path}
+      EOH
+  end
+    
+  return ["#{client_name}", final_key_path]
+end
diff --git a/recipes/bootstrap_client.rb b/recipes/bootstrap_client.rb
new file mode 100644
index 0000000..a55c68c
--- /dev/null
+++ b/recipes/bootstrap_client.rb
@@ -0,0 +1,37 @@
+# this recipe allows bootstrapping ceph clients
+
+include_recipe "ceph::default"
+include_recipe "ceph::conf"
+
+mons = get_mon_nodes("ceph_bootstrap_client_key:*")
+
+if mons.empty? then
+  puts "No ceph-mon having ceph_bootstrap_client_key found."
+else
+  
+  directory "/var/lib/ceph/bootstrap-client" do
+    owner "root"
+    group "root"
+    mode "0755"
+  end
+
+  #TODO cluster name
+  cluster = 'ceph'
+
+  file "/var/lib/ceph/bootstrap-client/#{cluster}.keyring.raw" do
+    owner "root"
+    group "root"
+    mode "0440"
+    content mons[0]["ceph_bootstrap_client_key"]
+  end
+
+  execute "format as keyring" do
+    command <<-EOH
+      set -e
+      # TODO don't put the key in "ps" output, stdout
+      read KEY <'/var/lib/ceph/bootstrap-client/#{cluster}.keyring.raw'
+      ceph-authtool '/var/lib/ceph/bootstrap-client/#{cluster}.keyring' --create-keyring --name=client.bootstrap-client --add-key="$KEY"
+      rm -f '/var/lib/ceph/bootstrap-client/#{cluster}.keyring.raw'
+    EOH
+  end
+end
diff --git a/recipes/mon.rb b/recipes/mon.rb
index 13d067b..c9e4d19 100644
--- a/recipes/mon.rb
+++ b/recipes/mon.rb
@@ -81,13 +81,14 @@ ruby_block "create client.admin keyring" do
   end
 end
 
-ruby_block "save osd bootstrap key in node attributes" do
+ruby_block "save bootstrap keys in node attributes" do
   block do
     if node['ceph_bootstrap_osd_key'].nil? then
+      raise "missing bootstrap_osd key but do have bootstrap_client key!" unless node['ceph_bootstrap_client_key'].nil?
       if not have_quorum? then
-        puts 'ceph-mon is not in quorum, skipping bootstrap-osd key generation for this run'
+        puts 'ceph-mon is not in quorum, skipping bootstrap key generation for this run'
       else
-        key = %x[
+        osd_key = %x[
           ceph \
             --name mon. \
             --keyring '/var/lib/ceph/mon/#{cluster}-#{node['hostname']}/keyring' \
@@ -98,9 +99,23 @@ ruby_block "save osd bootstrap key in node attributes" do
             allow command mon getmap"
         ]
         raise 'adding or getting bootstrap-osd key failed' unless $?.exitstatus == 0
-        node.override['ceph_bootstrap_osd_key'] = key
+        node.override['ceph_bootstrap_osd_key'] = osd_key
+
+        client_key = %x[
+          ceph \
+            --name mon. \
+            --keyring '/var/lib/ceph/mon/#{cluster}-#{node['hostname']}/keyring' \
+            auth get-or-create-key client.bootstrap-client mon \
+            "allow command auth get-or-create-key * osd * mon *;"
+        ]
+        raise 'adding or getting bootstrap-client key failed' unless $?.exitstatus == 0
+        node.override['ceph_bootstrap_client_key'] = client_key
+        
         node.save
       end
+    else #node['ceph_bootstrap_osd_key'] not nil
+      raise "have ceph_bootstrap_osd_key but not bootstrap_client key!" unless !node['ceph_bootstrap_client_key'].nil?
     end
   end
 end
+
-- 
2.47.3