backup server purge authorized keys option
PROD-18933
PROD-17856
Change-Id: I6173a41e70dc79cb901f54b29d7894e9da7fe1ae
diff --git a/ceph/backup.sls b/ceph/backup.sls
index d66ebb8..2de94d6 100644
--- a/ceph/backup.sls
+++ b/ceph/backup.sls
@@ -80,6 +80,8 @@
{%- endif %}
+{%- endif %}
+
{%- if backup.server is defined %}
{%- if backup.server.enabled %}
@@ -104,47 +106,15 @@
- user: ceph_user
- pkg: ceph_backup_server_packages
-{%- for key_name, key in backup.server.key.iteritems() %}
-
-{%- if key.get('enabled', False) %}
-
-{%- set clients = [] %}
-{%- if backup.restrict_clients %}
- {%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %}
- {%- if node_grains.get('ceph_backup', {}).get('client') %}
- {%- set client = node_grains.get('ceph_backup').get('client') %}
- {%- if client.get('addresses') and client.get('addresses', []) is iterable %}
- {%- for address in client.addresses %}
- {%- do clients.append(address|string) %}
- {%- endfor %}
- {%- endif %}
- {%- endif %}
- {%- endfor %}
-{%- endif %}
-
-ceph_key_{{ key.key }}:
- ssh_auth.present:
+{{ backup.backup_dir }}/.ssh/authorized_keys:
+ file.managed:
- user: ceph
- - name: {{ key.key }}
- - options:
- - no-pty
-{%- if clients %}
- - from="{{ clients|join(',') }}"
-{%- endif %}
+ - group: ceph
+ - template: jinja
+ - source: salt://ceph/files/backup/authorized_keys
- require:
- file: {{ backup.backup_dir }}/full
-{%- else %}
-
-ceph_key_{{ key.key }}:
- ssh_auth.absent:
- - user: ceph
- - name: {{ key.key }}
-
-{%- endif %}
-
-{%- endfor %}
-
ceph_server_script:
file.managed:
- name: /usr/local/bin/ceph-backup-runner.sh
@@ -199,3 +169,5 @@
{%- endif %}
{%- endif %}
+
+{%- endif %}
diff --git a/ceph/files/backup/authorized_keys b/ceph/files/backup/authorized_keys
new file mode 100644
index 0000000..af26dce
--- /dev/null
+++ b/ceph/files/backup/authorized_keys
@@ -0,0 +1,19 @@
+{%- from "ceph/map.jinja" import backup with context %}
+{%- for key_name, key in backup.server.key.iteritems() %}
+{%- if key.get('enabled', False) %}
+{%- set clients = [] %}
+{%- if backup.restrict_clients %}
+ {%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %}
+ {%- if node_grains.get('ceph_backup', {}).get('client') %}
+ {%- set client = node_grains.get('ceph_backup').get('client') %}
+ {%- if client.get('addresses') and client.get('addresses', []) is iterable %}
+ {%- for address in client.addresses %}
+ {%- do clients.append(address|string) %}
+ {%- endfor %}
+ {%- endif %}
+ {%- endif %}
+ {%- endfor %}
+{%- endif %}
+no-pty{%- if clients %},from="{{ clients|join(',') }}"{%- endif %} {{ key.key }}
+{%- endif %}
+{%- endfor %}
diff --git a/ceph/files/crushmap b/ceph/files/crushmap
index 82d1be0..4f5a90c 100644
--- a/ceph/files/crushmap
+++ b/ceph/files/crushmap
@@ -7,7 +7,7 @@
{%- set weights = {} -%}
{%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() -%}
- {%- if node_grains.ceph.ceph_disk is defined -%}
+ {%- if node_grains.get('ceph', {}).get('ceph_disk') -%}
{# load OSDs and compute weight#}
{%- set node_weight = [] -%}
{%- for osd_id, osd in node_grains.ceph.ceph_disk.iteritems() -%}