From 9d875081d486883f86c6f8f5b94a08c04643b907 Mon Sep 17 00:00:00 2001 From: Sergio de Carvalho Date: Mon, 10 Aug 2015 17:53:06 +0100 Subject: [PATCH] Add OSD secret before monitor starts Commit e1f084 introduced a regression when the bootstrap OSD secret is stored in encrypted databags (EDB). The problem is that if the first monitor is started without the bootstrap OSD key in the keyring, a random OSD secret is generated, which will then not match the pre-generated one. The solution is to revert the resource that adds the bootstrap OSD key to where it was (before monitor starts) but add a condition that ensures this is only done if EDBs are enabled. When EDBs are not enabled, it is not necessary to add the bootstrap OSD key to the keyring. --- recipes/mon.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/recipes/mon.rb b/recipes/mon.rb index 7e0cc1d..9ca5e0d 100644 --- a/recipes/mon.rb +++ b/recipes/mon.rb @@ -55,6 +55,11 @@ execute 'generate mon-secret as keyring' do notifies :create, 'ruby_block[save mon_secret]', :immediately end +execute 'add bootstrap-osd key to keyring' do + command lazy { "ceph-authtool '#{keyring}' --name=client.bootstrap-osd --add-key='#{osd_secret}' --cap mon 'allow profile bootstrap-osd' --cap osd 'allow profile bootstrap-osd'" } + only_if { node['ceph']['encrypted_data_bags'] && osd_secret } +end + ruby_block 'save mon_secret' do block do fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.") @@ -125,8 +130,3 @@ if use_cephx? && !node['ceph']['encrypted_data_bags'] not_if { node['ceph']['bootstrap_osd_key'] } end end - -execute 'add bootstrap-osd key to keyring' do - command lazy { "ceph-authtool '#{keyring}' --name=client.bootstrap-osd --add-key='#{osd_secret}' --cap mon 'allow profile bootstrap-osd' --cap osd 'allow profile bootstrap-osd'" } - only_if { osd_secret } -end -- 2.47.3