ceph/setup/keyring.sls - salt-formulas/ceph - Gitiles

 {%- from "ceph/map.jinja" import common with context %}

 {% if not common.get('container_mode', False) %}

   {# run only if ceph cluster is present #}
   {%- for node_name, node_grains in salt['mine.get']('ceph:common:keyring:admin', 'grains.items', 'pillar').iteritems() %}

     {%- if node_grains.ceph is defined and node_grains.ceph.ceph_keyring is defined and node_grains.ceph.ceph_keyring.admin is defined and node_grains.ceph.get('fsid', '') == common.fsid %}

       {%- if loop.index0 == 0 %}

         {% for keyring_name, keyring in common.get('keyring', {}).iteritems() %}

           {%- set keyring_client_name = keyring.get('name', keyring_name) %}
           {%- set ceph_cluster = common.get('cluster_name', 'ceph') %}
           {%- set keyring_path = keyring.get('path', common.prefix_dir + '/etc/ceph/' + ceph_cluster + '.client.' + keyring_client_name + '.keyring') %}

           {%- if keyring_client_name != 'admin' %}

             {%- if keyring.key is defined and common.get("manage_keyring", False) %}

               {%- if keyring.caps is defined %}

 {{ keyring_path }}:
   file.managed:
   - source: salt://ceph/files/keyring
   - template: jinja
   - defaults:
       keyring: {{ keyring|yaml }}
       name: {{ keyring_client_name }}

 ceph_import_keyring_{{ keyring_client_name }}:
   cmd.run:
   - name: "ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth import -i {{ keyring_path }}"
   - onchanges:
     - file: {{ keyring_path }}
   - require:
     - file: common_config

 ceph_update_caps_for_{{ keyring_client_name }}:
   cmd.run:
   - name: ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth caps client.{{ keyring_client_name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %}
   - onchanges:
     - file: {{ keyring_path }}
   - require:
     - file: common_config

               {%- endif %}

             {%- else %}

 ceph_create_keyring_{{ keyring_client_name }}:
   cmd.run:
   - name: ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth get-or-create client.{{ keyring_client_name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %} > {{ keyring_path }}
   - unless: "test -f {{ keyring_path }}"
   - require:
     - file: common_config

               {%- if salt['file.file_exists']('/usr/bin/ceph') %}
                 {%- set caps = salt['cmd.shell']('ceph auth list --format json') | load_json %}
                 {%- for client in caps['auth_dump'] %}
                   {%- if client['entity'] == "client." + keyring_client_name %}
                     {%- for cap_name, cap in  client.caps.iteritems() %}
                       {%- if cap != keyring.caps[cap_name] %}
 ceph_update_caps_{{ cap_name }}_for_{{ keyring_client_name }}:
   cmd.run:
   - name: ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth caps client.{{ keyring_client_name }} {{ cap_name }} '{{ cap }}'
   - require:
     - file: common_config

                       {%- endif %}
                     {%- endfor %}
                   {%- endif %}
                 {%- endfor %}
               {%- endif %}

             {%- endif %}

           {%- endif %}

         {% endfor %}

       {%- endif %}

     {%- endif %}

   {%- endfor %}

 {%- endif %}
	{%- from "ceph/map.jinja" import common with context %}

	{% if not common.get('container_mode', False) %}

	{# run only if ceph cluster is present #}
	{%- for node_name, node_grains in salt['mine.get']('ceph:common:keyring:admin', 'grains.items', 'pillar').iteritems() %}

	{%- if node_grains.ceph is defined and node_grains.ceph.ceph_keyring is defined and node_grains.ceph.ceph_keyring.admin is defined and node_grains.ceph.get('fsid', '') == common.fsid %}

	{%- if loop.index0 == 0 %}

	{% for keyring_name, keyring in common.get('keyring', {}).iteritems() %}

	{%- set keyring_client_name = keyring.get('name', keyring_name) %}
	{%- set ceph_cluster = common.get('cluster_name', 'ceph') %}
	{%- set keyring_path = keyring.get('path', common.prefix_dir + '/etc/ceph/' + ceph_cluster + '.client.' + keyring_client_name + '.keyring') %}

	{%- if keyring_client_name != 'admin' %}

	{%- if keyring.key is defined and common.get("manage_keyring", False) %}

	{%- if keyring.caps is defined %}

	{{ keyring_path }}:
	file.managed:
	- source: salt://ceph/files/keyring
	- template: jinja
	- defaults:
	keyring: {{ keyring\|yaml }}
	name: {{ keyring_client_name }}

	ceph_import_keyring_{{ keyring_client_name }}:
	cmd.run:
	- name: "ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth import -i {{ keyring_path }}"
	- onchanges:
	- file: {{ keyring_path }}
	- require:
	- file: common_config

	ceph_update_caps_for_{{ keyring_client_name }}:
	cmd.run:
	- name: ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth caps client.{{ keyring_client_name }} {%- for cap_name, cap in keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %}
	- onchanges:
	- file: {{ keyring_path }}
	- require:
	- file: common_config

	{%- endif %}

	{%- else %}

	ceph_create_keyring_{{ keyring_client_name }}:
	cmd.run:
	- name: ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth get-or-create client.{{ keyring_client_name }} {%- for cap_name, cap in keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %} > {{ keyring_path }}
	- unless: "test -f {{ keyring_path }}"
	- require:
	- file: common_config

	{%- if salt['file.file_exists']('/usr/bin/ceph') %}
	{%- set caps = salt['cmd.shell']('ceph auth list --format json') \| load_json %}
	{%- for client in caps['auth_dump'] %}
	{%- if client['entity'] == "client." + keyring_client_name %}
	{%- for cap_name, cap in client.caps.iteritems() %}
	{%- if cap != keyring.caps[cap_name] %}
	ceph_update_caps_{{ cap_name }}_for_{{ keyring_client_name }}:
	cmd.run:
	- name: ceph -c /etc/ceph/{{ ceph_cluster }}.conf auth caps client.{{ keyring_client_name }} {{ cap_name }} '{{ cap }}'
	- require:
	- file: common_config

	{%- endif %}
	{%- endfor %}
	{%- endif %}
	{%- endfor %}
	{%- endif %}

	{%- endif %}

	{%- endif %}

	{% endfor %}

	{%- endif %}

	{%- endif %}

	{%- endfor %}

	{%- endif %}