gerrit at wikimedia
Aug 11, 2013, 10:11 PM
Post #2 of 2
(8 views)
Permalink
|
|
[MediaWiki-commits] [Gerrit] ceph: add ensure param to ceph::key - change (operations/puppet)
[In reply to]
|
|
Faidon has submitted this change and it was merged.
Change subject: ceph: add ensure param to ceph::key
......................................................................
ceph: add ensure param to ceph::key
Removing a key is as easy as adding it. Add an ensure parameter and act
on it. While at it, also add docs for the whole definition.
Change-Id: I91ceb378142cb36dc3ccd400e020be4d24691334
---
M modules/ceph/manifests/key.pp
1 file changed, 55 insertions(+), 9 deletions(-)
Approvals:
Faidon: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/ceph/manifests/key.pp b/modules/ceph/manifests/key.pp
index addfec7..0d98da5 100644
--- a/modules/ceph/manifests/key.pp
+++ b/modules/ceph/manifests/key.pp
@@ -1,3 +1,38 @@
+# Definition: ceph::key
+#
+# This class adds or removes a Ceph auth key and stores it in the filesystem.
+#
+# Parameters:
+# $keyring
+# Filename of the keyring file where the key will be stored.
+# $caps,
+# Capabilities that the auth key will have.
+# $cluster
+# Defaults to ceph. Name of the Ceph cluster.
+# $owner
+# Defaults to root. Owner username of the keyring file.
+# $group
+# Defaults to root. Owner groupname of the keyring file.
+# $mode
+# Defaults to 0600. File mode in octal.
+# $ensure
+# Defaults to present.
+#
+# Actions:
+# Creates or deletes the key with "ceph auth"
+# Creates a keyring file with that key on the filesystem
+#
+# Requires:
+# Class[ceph]
+#
+# Sample Usage:
+# ceph::key { 'test':
+# ensure => present,
+# cluster => 'ceph',
+# keyring => '/srv/myapp/ceph.key',
+# caps => 'mon "allow r" osd "allow rwx"',
+# }
+
define ceph::key(
$keyring,
$caps,
@@ -5,22 +40,33 @@
$owner='root',
$group='root',
$mode='0600',
+ $ensure='present',
) {
# ping-pong trickery to securely do permissions, puppet has no umask on exec
file { $keyring:
- ensure => present,
+ ensure => $ensure,
mode => '0600',
owner => 'root',
group => 'root',
+ backup => false,
}
- exec { "ceph key ${name}":
- command => "/usr/bin/ceph \
- --cluster=${cluster} \
- auth get-or-create client.${name} \
- ${caps} \
- > ${keyring}",
- unless => "/usr/bin/test -s ${keyring}",
- require => File[$keyring],
+ if $ensure == 'present' {
+ exec { "ceph key ${name}":
+ command => "/usr/bin/ceph --cluster=${cluster} \
+ auth get-or-create client.${name} \
+ ${caps} \
+ > ${keyring}",
+ unless => "/usr/bin/test -s ${keyring}",
+ require => File[$keyring],
+ }
+ } elsif $ensure == 'absent' {
+ exec { "ceph key ${name}":
+ command => "/usr/bin/ceph --cluster=${cluster} \
+ auth del client.${name}",
+ onlyif => "/usr/bin/ceph auth print-key client.${name}",
+ }
+ } else {
+ fail('ceph::key ensure parameter must be absent or present')
}
}
--
To view, visit https://gerrit.wikimedia.org/r/78791
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I91ceb378142cb36dc3ccd400e020be4d24691334
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon <faidon [at] wikimedia>
Gerrit-Reviewer: Faidon <faidon [at] wikimedia>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
|
