commit f98219e0f3e87e01ab5b7c8f12c7b149019bf75b
author Jiri Broulik <jbroulik@mirantis.com> Thu Oct 12 14:21:23 2017 +0200
committer Jiri Broulik <jbroulik@mirantis.com> Thu Oct 12 15:09:23 2017 +0200
tree 1a95b8b04a51705551907ad5bdbfd64d5f2cf46f
parent dfb06c267342996be2b1a50ca5b3ce8070d72d8e

virsh secret for ceph volumes

Change-Id: Iac1312ff4453a19b4f3182678d87e92b46d9af6c

nova/compute.sls

diff --git a/nova/compute.sls b/nova/compute.sls
index af88b85..07fdfe2 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -186,12 +186,41 @@
   pkg.installed:
   - name: ceph-common
 
+{%- if compute.ceph.cinder_secret_uuid is defined and compute.ceph.cinder_volumes_key is defined %}
+
+{%- set cinder_volumes_key = salt['grains.get']("ceph:ceph_keyring:"+compute.ceph.cinder_volumes_key+":key", '') %}
+
+{%- if cinder_volumes_key != '' %}
+
+/etc/secret_cinder.xml:
+  file.managed:
+  - source: salt://nova/files/secret_cinder.xml
+  - template: jinja
+
+ceph_virsh_secret_define_cinder:
+  cmd.run:
+  - name: "virsh secret-define --file /etc/secret_cinder.xml"
+  - unless: "virsh secret-list | grep {{ compute.ceph.cinder_secret_uuid }}"
+  - require:
+    - file: /etc/secret_cinder.xml
+
+ceph_virsh_secret_set_value_cinder:
+  cmd.run:
+  - name: "virsh secret-set-value --secret {{ compute.ceph.cinder_secret_uuid }} --base64 {{ cinder_volumes_key }} "
+  - unless: "virsh secret-get-value {{ compute.ceph.cinder_secret_uuid }} | grep {{ cinder_volumes_key }}"
+  - require:
+    - cmd: ceph_virsh_secret_define_cinder
+
+{% endif %}
+
+{% endif %}
+
 /etc/secret.xml:
   file.managed:
   - source: salt://nova/files/secret.xml
   - template: jinja
 
-ceph_virsh_secret_define:
+ceph_virsh_secret_define_nova:
   cmd.run:
   - name: "virsh secret-define --file /etc/secret.xml"
   - unless: "virsh secret-list | grep {{ compute.ceph.secret_uuid }}"
@@ -202,21 +231,21 @@
 
 {%- if client_cinder_key != '' %}
 
-ceph_virsh_secret_set_value:
+ceph_virsh_secret_set_value_nova:
   cmd.run:
   - name: "virsh secret-set-value --secret {{ compute.ceph.secret_uuid }} --base64 {{ client_cinder_key }} "
   - unless: "virsh secret-get-value {{ compute.ceph.secret_uuid }} | grep {{ client_cinder_key }}"
   - require:
-    - cmd: ceph_virsh_secret_define
+    - cmd: ceph_virsh_secret_define_nova
 
 {% else %}
 
-ceph_virsh_secret_set_value:
+ceph_virsh_secret_set_value_nova:
   cmd.run:
   - name: "virsh secret-set-value --secret {{ compute.ceph.secret_uuid }} --base64 {{ compute.ceph.client_cinder_key }} "
   - unless: "virsh secret-get-value {{ compute.ceph.secret_uuid }} | grep {{ compute.ceph.client_cinder_key }}"
   - require:
-    - cmd: ceph_virsh_secret_define
+    - cmd: ceph_virsh_secret_define_nova
 
 {% endif %}
 

nova/files/secret.xml

diff --git a/nova/files/secret.xml b/nova/files/secret.xml
index 19e55c8..aacd09e 100644
--- a/nova/files/secret.xml
+++ b/nova/files/secret.xml
@@ -4,4 +4,4 @@
   <usage type='ceph'>
     <name>client.{{ compute.ceph.get('rbd_user', 'cinder') }} secret</name>
   </usage>
-</secret>
+</secret>
\ No newline at end of file

nova/files/secret_cinder.xml

diff --git a/nova/files/secret_cinder.xml b/nova/files/secret_cinder.xml
new file mode 100644
index 0000000..01e4dda
--- /dev/null
+++ b/nova/files/secret_cinder.xml
@@ -0,0 +1,4 @@
+{%- from "nova/map.jinja" import compute with context %}
+<secret ephemeral='no' private='no'>
+  <uuid>{{ compute.ceph.cinder_secret_uuid }}</uuid>
+</secret>