1cb646e7d1
Depends-On: I78bffe6764e9cbb16b2a615be766c910ba5d4e48 Change-Id: I112f2d9137f00ab2d0c246b6c0b52e4a546d648a
40 lines
1.2 KiB
Smarty
40 lines
1.2 KiB
Smarty
#!/bin/bash
|
|
|
|
{{/*
|
|
Copyright 2017 The Openstack-Helm Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
set -ex
|
|
export HOME=/tmp
|
|
|
|
KEYRING=/etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring
|
|
{{- if .Values.conf.ceph.cinder.keyring }}
|
|
cat > ${KEYRING} <<EOF
|
|
[client.{{ .Values.conf.ceph.cinder.user }}]
|
|
key = {{ .Values.conf.ceph.cinder.keyring }}
|
|
EOF
|
|
{{- else }}
|
|
if ! [ "x${CEPH_CINDER_USER}" == "xadmin" ]; then
|
|
#NOTE(Portdirect): Determine proper privs to assign keyring
|
|
#NOTE(JCL): Restrict permissions to what is needed. So MON Read only and RBD access.
|
|
ceph auth get-or-create client.${CEPH_CINDER_USER} \
|
|
mon "profile rbd" \
|
|
osd "profile rbd" \
|
|
-o ${KEYRING}
|
|
|
|
rm -f /etc/ceph/ceph.client.admin.keyring
|
|
fi
|
|
{{- end }}
|