Skip to content

Commit

Permalink
Change way to manage monitor-secret
Browse files Browse the repository at this point in the history
Fix #202
We now store monitor-secret in all monitors
We are searching monitor-secret only from provisionned one
  • Loading branch information
guilhem committed Sep 18, 2015
1 parent 3de1a75 commit a7254c1
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 10 deletions.
17 changes: 12 additions & 5 deletions libraries/default.rb
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,12 @@ def osd_secret
elsif node['ceph']['bootstrap_osd_key']
return node['ceph']['bootstrap_osd_key']
else
return mon_nodes[0]['ceph']['bootstrap_osd_key']
bootstrap_osd_keys = mon_nodes.map { |_, v| v.fetch('ceph', {}).fetch('bootstrap_osd_key', nil) }.compact.uniq
if bootstrap_osd_keys.length > 1
Chef::Log.fatal('Multiple bootstrap_osd_key detected')
raise
end
bootstrap_osd_keys.first
end
end

Expand Down Expand Up @@ -127,13 +132,15 @@ def mon_secret
if node['ceph']['encrypted_data_bags']
secret = Chef::EncryptedDataBagItem.load_secret(node['ceph']['mon']['secret_file'])
Chef::EncryptedDataBagItem.load('ceph', 'mon', secret)['secret']
elsif !mon_nodes.empty?
mon_nodes[0]['ceph']['monitor-secret']
elsif node['ceph']['monitor-secret']
node['ceph']['monitor-secret']
else
Chef::Log.info('No monitor secret found')
nil
monitor_secrets = mon_nodes.map { |_, v| v.fetch('ceph', {}).fetch('monitor-secret', nil) }.compact.uniq
if monitor_secrets.length > 1
Chef::Log.fatal('Multiple monitor secret detected')
raise
end
monitor_secrets.first
end
end

Expand Down
15 changes: 10 additions & 5 deletions recipes/mon.rb
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,19 @@
end

ruby_block 'save mon_secret' do
not_if { node['ceph']['monitor-secret'] || node['ceph']['encrypted_data_bags'] }
block do
fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
fetch.run_command
key = fetch.stdout
node.set['ceph']['monitor-secret'] = key
if mon_secret
node.set['ceph']['monitor-secret'] = mon_secret
else
fetch = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --print-key --name=mon.")
fetch.run_command
key = fetch.stdout
node.set['ceph']['monitor-secret'] = key
end
node.save
end
action :nothing
sensitive true if Chef::Resource::Execute.method_defined? :sensitive
end

execute 'ceph-mon mkfs' do
Expand Down

0 comments on commit a7254c1

Please sign in to comment.