add logic for updating ceph client caps Change-Id: Ic798058b6a5391b9c71c203b2c493aa790d6ec76 Related-Prod: PROD-30113, PROD-31348

commit: 2e3af44665fbcea6655423eedfd5a40596d540bb [log] [tgz]
author: Mateusz Los <mlos@mirantis.com> Wed May 08 12:20:24 2019 +0200
committer: Mateusz Los <mlos@mirantis.com> Fri Jun 21 15:03:24 2019 +0200
tree: efa549cdb6c48b24e7c8cf7aa268c918c56366a9
parent: 62cb534db3b0946bd2edcf406bbd086eeb1969ee [diff]
diff --git a/ceph/setup/keyring.sls b/ceph/setup/keyring.sls
index f26c608..9dce69b 100644
--- a/ceph/setup/keyring.sls
+++ b/ceph/setup/keyring.sls

@@ -25,7 +25,13 @@
 
 ceph_import_keyring_{{ keyring.name }}:
   cmd.run:
-  - name: "ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth import -i {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring"
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth import -i {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring
+  - onchanges:
+    - file: {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring
+
+ceph_update_caps_for_{{ keyring.name }}:
+  cmd.run:
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth caps client.{{ keyring.name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %}
   - onchanges:
     - file: {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring
 
@@ -33,9 +39,24 @@
 
 ceph_create_keyring_{{ keyring.name }}:
   cmd.run:
-  - name: "ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth get-or-create client.{{ keyring.name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %} > {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring"
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth get-or-create client.{{ keyring.name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %} > {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring
   - unless: "test -f {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring.name }}.keyring"
 
+{%- if salt['file.file_exists']('/usr/bin/ceph') %}
+{%- set caps = salt['cmd.shell']('ceph auth list --format json') | load_json %}
+{%- for client in caps['auth_dump'] %}
+{%- if client['entity'] == "client." + keyring.name %}
+{%- for cap_name, cap in  client.caps.iteritems() %}
+{%- if cap != keyring.caps[cap_name] %}
+ceph_update_caps_for_{{ keyring.name }}:
+  cmd.run:
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth caps client.{{ keyring.name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+
 {%- endif %}
 
 {%- else %}
@@ -56,13 +77,34 @@
   - onchanges:
     - file: {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring_name }}.keyring
 
+ceph_update_caps_for_{{ keyring_name }}:
+  cmd.run:
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth caps client.{{ keyring_name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %}
+  - onchanges:
+    - file: {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring_name }}.keyring
+
 {%- elif keyring_name != 'admin' %}
 
 ceph_create_keyring_{{ keyring_name }}:
   cmd.run:
-  - name: "ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth get-or-create client.{{ keyring_name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %} > {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring_name }}.keyring"
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth get-or-create client.{{ keyring_name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %} > {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring_name }}.keyring
   - unless: "test -f {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.{{ keyring_name }}.keyring"
 
+{%- if salt['file.file_exists']('/usr/bin/ceph') %}
+{%- set caps = salt['cmd.shell']('ceph auth list --format json') | load_json %}
+{%- for client in caps['auth_dump'] %}
+{%- if client['entity'] == "client." + keyring_name %}
+{%- for cap_name, cap in  client.caps.iteritems() %}
+{%- if cap != keyring.caps[cap_name] %}
+ceph_update_caps_for_{{ keyring_name }}:
+  cmd.run:
+  - name: ceph -c /etc/ceph/{{ common.get('cluster_name', 'ceph') }}.conf auth caps client.{{ keyring_name }} {%- for cap_name, cap in  keyring.caps.iteritems() %} {{ cap_name }} '{{ cap }}' {%- endfor %}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+
 {%- endif %}
 
 {%- endif %}
commit	2e3af44665fbcea6655423eedfd5a40596d540bb	[log] [tgz]
author	Mateusz Los <mlos@mirantis.com>	Wed May 08 12:20:24 2019 +0200
committer	Mateusz Los <mlos@mirantis.com>	Fri Jun 21 15:03:24 2019 +0200
tree	efa549cdb6c48b24e7c8cf7aa268c918c56366a9
parent	62cb534db3b0946bd2edcf406bbd086eeb1969ee [diff]