Fixed value rbd.keyring not update
the value of `rbd.keyring` is protected by `creates` defined in `get-or-set virsh secret`, with this changes, allowing system to detect if the value of `rbd.keyring` is chnaged or not. If it's changed puppet will regenerated with required changes, or puppet will leave it untouched. Change-Id: Ic683f2488123d8d751996a4ba17770d703f38e40
This commit is contained in:
guessi
@@ -81,6 +81,16 @@ class nova::compute::rbd (
|
|||||||
require => Class['::nova']
|
require => Class['::nova']
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# whenever `rbd_keyring` value changed,
|
||||||
|
# undefine the old secret and remove the file lock (/etc/nova/virsh.secret),
|
||||||
|
# then recreate secret with the new `rbd_keyring`,
|
||||||
|
# if there's no value change, leave it untouched.
|
||||||
|
exec { 'undefine-if-value-not-match virsh secret':
|
||||||
|
path => ['/bin', '/usr/bin'],
|
||||||
|
command => "virsh secret-undefine --secret ${libvirt_rbd_secret_uuid} && rm -f /etc/nova/virsh.secret",
|
||||||
|
onlyif => "virsh secret-dumpxml --secret ${libvirt_rbd_secret_uuid} 2>/dev/null | grep -q -v -w \"${rbd_keyring}\"",
|
||||||
|
require => File['/etc/nova/secret.xml']
|
||||||
|
} ->
|
||||||
exec { 'get-or-set virsh secret':
|
exec { 'get-or-set virsh secret':
|
||||||
command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
|
command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
|
||||||
creates => '/etc/nova/virsh.secret',
|
creates => '/etc/nova/virsh.secret',
|
||||||
|
|||||||
@@ -80,6 +80,12 @@ describe 'nova::compute::rbd' do
|
|||||||
" <uuid>UUID</uuid>",
|
" <uuid>UUID</uuid>",
|
||||||
"</secret>"
|
"</secret>"
|
||||||
])
|
])
|
||||||
|
is_expected.to contain_exec('undefine-if-value-not-match virsh secret').with(
|
||||||
|
:path => '["/bin", "/usr/bin"]',
|
||||||
|
:command => 'virsh secret-undefine --secret UUID && rm -f /etc/nova/virsh.secret',
|
||||||
|
:onlyif => 'virsh secret-dumpxml --secret UUID 2>/dev/null | grep -q -v -w "client.rbd_test"',
|
||||||
|
:require => 'File[/etc/nova/secret.xml]'
|
||||||
|
)
|
||||||
is_expected.to contain_exec('get-or-set virsh secret').with(
|
is_expected.to contain_exec('get-or-set virsh secret').with(
|
||||||
:command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
|
:command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
|
||||||
:creates => '/etc/nova/virsh.secret',
|
:creates => '/etc/nova/virsh.secret',
|
||||||
@@ -131,6 +137,12 @@ describe 'nova::compute::rbd' do
|
|||||||
" <uuid>UUID</uuid>",
|
" <uuid>UUID</uuid>",
|
||||||
"</secret>"
|
"</secret>"
|
||||||
])
|
])
|
||||||
|
is_expected.to contain_exec('undefine-if-value-not-match virsh secret').with(
|
||||||
|
:path => '["/bin", "/usr/bin"]',
|
||||||
|
:command => 'virsh secret-undefine --secret UUID && rm -f /etc/nova/virsh.secret',
|
||||||
|
:onlyif => 'virsh secret-dumpxml --secret UUID 2>/dev/null | grep -q -v -w "client.rbd_test"',
|
||||||
|
:require => 'File[/etc/nova/secret.xml]'
|
||||||
|
)
|
||||||
is_expected.to contain_exec('get-or-set virsh secret').with(
|
is_expected.to contain_exec('get-or-set virsh secret').with(
|
||||||
:command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
|
:command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
|
||||||
:creates => '/etc/nova/virsh.secret',
|
:creates => '/etc/nova/virsh.secret',
|
||||||
|
|||||||
Reference in New Issue
Block a user