Faidon has uploaded a new change for review.
https://gerrit.wikimedia.org/r/78791
Change subject: ceph: add ensure param to ceph::key
......................................................................
ceph: add ensure param to ceph::key
Removing a key is as easy as adding it. Add an ensure parameter and act
on it. While at it, also add docs for the whole definition.
Change-Id: I91ceb378142cb36dc3ccd400e020be4d24691334
---
M modules/ceph/manifests/key.pp
1 file changed, 55 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/91/78791/1
diff --git a/modules/ceph/manifests/key.pp b/modules/ceph/manifests/key.pp
index addfec7..fffa0eb 100644
--- a/modules/ceph/manifests/key.pp
+++ b/modules/ceph/manifests/key.pp
@@ -1,3 +1,38 @@
+# Definition: ceph::key
+#
+# This class adds or removes a Ceph auth key and stores it in the filesystem.
+#
+# Parameters:
+# $keyring
+# Filename of the keyring file where the key will be stored.
+# $caps,
+# Capabilities that the auth key will have.
+# $cluster
+# Defaults to ceph. Name of the Ceph cluster.
+# $owner
+# Defaults to root. Owner username of the keyring file.
+# $group
+# Defaults to root. Owner groupname of the keyring file.
+# $mode
+# Defaults to 0600. File mode in octal.
+# $ensure
+# Defaults to present.
+#
+# Actions:
+# Creates or deletes the key with "ceph auth"
+# Creates a keyring file with that key on the filesystem
+#
+# Requires:
+# Class[ceph]
+#
+# Sample Usage:
+# ceph::key { 'test':
+# ensure => present,
+# cluster => 'ceph',
+# keyring => '/srv/myapp/ceph.key',
+# caps => 'mon "allow r" osd "allow rwx"',
+# }
+
define ceph::key(
$keyring,
$caps,
@@ -5,22 +40,33 @@
$owner='root',
$group='root',
$mode='0600',
+ $ensure='present',
) {
# ping-pong trickery to securely do permissions, puppet has no umask on
exec
file { $keyring:
- ensure => present,
+ ensure => $ensure,
mode => '0600',
owner => 'root',
group => 'root',
+ backup => false,
}
- exec { "ceph key ${name}":
- command => "/usr/bin/ceph \
- --cluster=${cluster} \
- auth get-or-create client.${name} \
- ${caps} \
- > ${keyring}",
- unless => "/usr/bin/test -s ${keyring}",
- require => File[$keyring],
+ if $ensure == 'present' {
+ exec { "ceph key ${name}":
+ command => "/usr/bin/ceph --cluster=${cluster} \
+ auth get-or-create client.${name} \
+ ${caps} \
+ > ${keyring}",
+ unless => "/usr/bin/test -s ${keyring}",
+ require => File[$keyring],
+ }
+ } elsif $ensure == 'absent' {
+ exec { "ceph key ${name}":
+ command => "/usr/bin/ceph --cluster=${cluster} \
+ auth del client.${name}",
+ onlyif => "/usr/bin/ceph auth print-key client.${name}",
+ }
+ } else {
+ fail("ceph::key ensure parameter must be absent or present")
}
}
--
To view, visit https://gerrit.wikimedia.org/r/78791
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I91ceb378142cb36dc3ccd400e020be4d24691334
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
