diff --git a/glance/templates/bin/_ceph-admin-keyring.sh.tpl b/glance/templates/bin/_ceph-admin-keyring.sh.tpl new file mode 100644 index 0000000000..f3c0a521db --- /dev/null +++ b/glance/templates/bin/_ceph-admin-keyring.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cat < /etc/ceph/ceph.client.admin.keyring +[client.admin] +{{- if .Values.conf.ceph.admin_keyring }} + key = {{ .Values.conf.ceph.admin_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/glance/templates/bin/_ceph-keyring.sh.tpl b/glance/templates/bin/_ceph-keyring.sh.tpl index aa3a3e842d..f02b294e40 100644 --- a/glance/templates/bin/_ceph-keyring.sh.tpl +++ b/glance/templates/bin/_ceph-keyring.sh.tpl @@ -21,11 +21,7 @@ export HOME=/tmp cat < /etc/ceph/ceph.client.${RBD_STORE_USER}.keyring [client.${RBD_STORE_USER}] -{{- if .Values.conf.ceph.keyring }} - key = {{ .Values.conf.ceph.keyring }} -{{- else }} key = $(cat /tmp/client-keyring) -{{- end }} EOF exit 0 diff --git a/glance/templates/bin/_storage-init.sh.tpl b/glance/templates/bin/_storage-init.sh.tpl index 91522eaba2..dd64749107 100644 --- a/glance/templates/bin/_storage-init.sh.tpl +++ b/glance/templates/bin/_storage-init.sh.tpl @@ -36,11 +36,16 @@ elif [ "x$STORAGE_BACKEND" == "xrbd" ]; then } ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} - #NOTE(Portdirect): Determine proper privs to assign keyring - ceph auth get-or-create client.${RBD_POOL_USER} \ - mon "allow *" \ - osd "allow *" \ - -o ${KEYRING} + if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then + KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/') + echo $KEYSTR > ${KEYRING} + else + #NOTE(Portdirect): Determine proper privs to assign keyring + ceph auth get-or-create client.${RBD_POOL_USER} \ + mon "allow *" \ + osd "allow *" \ + -o ${KEYRING} + fi ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0) cat > ${SECRET} <