1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# File 'modules/ceph/manifests/auth/keyring.pp', line 1
define ceph::auth::keyring (
String[1] $keydata,
Ceph::Auth::Caps $caps,
Optional[Stdlib::AbsolutePath] $keyring_path = undef,
Boolean $import_to_ceph = false,
String[1] $cluster = 'ceph',
String[1] $ensure = 'present',
String[1] $group = 'ceph',
String[1] $mode = '0600',
String[1] $owner = 'ceph',
) {
$client_name = $name ? {
/\./ => $name,
default => "client.${name}",
}
$_keyring_path = ceph::auth::get_keyring_path($client_name, $keyring_path)
ensure_packages('ceph-common')
# make sure the path hosting the file exists. This method should allow for
# callers to declare a File resource for the parent dir elsewhere in the code
wmflib::dir::mkdir_p($_keyring_path.dirname)
file { $_keyring_path:
ensure => present,
mode => $mode,
owner => $owner,
group => $group,
content => epp('ceph/auth/keyring.epp', {
client_name => $client_name,
keydata => $keydata,
caps => $caps
}),
show_diff => false,
require => Package['ceph-common'],
}
if $import_to_ceph {
$caps_opts = join(
$caps.map |$cap_name, $cap_value| { "${cap_name} '${cap_value}'" },
' ',
)
exec { "ceph-auth-load-key-${name}":
# the following command creates new keys if they are not there, or updates them with the
# new capabilities.
command => "/usr/bin/ceph --in-file '${_keyring_path}' auth import",
# the following command either creates the auth, or if it's there already, it checks if it has the
# same key data and capabilities and fails if there's any difference.
unless => "/usr/bin/ceph --in-file '${_keyring_path}' auth get-or-create-key '${client_name}' ${caps_opts}",
require => [Package['ceph-common'], File[$_keyring_path]],
}
}
}
|