Defined Type: openstack::nova::libvirt::secret

Defined in:
modules/openstack/manifests/nova/libvirt/secret.pp

Overview

Parameters:

  • keydata (String[1])
  • client_name (String[1])
  • libvirt_uuid (String[1])
  • data_dir (Stdlib::Unixpath) (defaults to: '/etc/libvirt')


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'modules/openstack/manifests/nova/libvirt/secret.pp', line 1

define openstack::nova::libvirt::secret (
    String[1]        $keydata,
    String[1]        $client_name,
    String[1]        $libvirt_uuid,
    Stdlib::Unixpath $data_dir = '/etc/libvirt',
) {
    ensure_packages(['libvirt-clients'])

    $xmlfile = "${data_dir}/libvirt-secret-${client_name}.xml"
    file { $xmlfile:
        ensure    => present,
        mode      => '0400',
        owner     => 'root',
        group     => 'root',
        content   => epp(
            'openstack/nova/libvirt-secret.xml.epp',
            { 'uuid' => $libvirt_uuid, 'ceph_client_name' => $client_name },
        ),
        show_diff => false,
        require   => Package['libvirt-clients'],
    }

    $check_secret_exec_name = "check-virsh-secret-for-${client_name}"
    exec { $check_secret_exec_name:
        command   => "/usr/bin/virsh secret-define --file ${xmlfile}",
        unless    => "/usr/bin/virsh secret-list | grep -q ${libvirt_uuid}",
        logoutput => false,
        require   => File[$xmlfile],
    }

    $set_secret_exec_name = "set-virsh-secret-for-${client_name}"
    exec { $set_secret_exec_name:
        command   => "/usr/bin/virsh secret-set-value --secret ${libvirt_uuid} --base64 ${keydata}",
        unless    => "/usr/bin/virsh secret-get-value --secret ${libvirt_uuid} | grep -q ${keydata}",
        logoutput => false,
        require   => Exec[$check_secret_exec_name],
    }
}