Fixed value rbd.keyring not update

the value of `rbd.keyring` is protected by `creates` defined in `get-or-set virsh secret`, with this changes, allowing system to detect if the value of `rbd.keyring` is chnaged or not. If it's changed puppet will regenerated with required changes, or puppet will leave it untouched. Change-Id: Ic683f2488123d8d751996a4ba17770d703f38e40
2015-07-21 10:59:12 +08:00
parent 14b3267ccc
commit 32504c8fdb
2 changed files with 22 additions and 0 deletions
--- a/manifests/compute/rbd.pp
+++ b/manifests/compute/rbd.pp
@@ -81,6 +81,16 @@ class nova::compute::rbd (
      require => Class['::nova']
    }

+    # whenever `rbd_keyring` value changed,
+    # undefine the old secret and remove the file lock (/etc/nova/virsh.secret),
+    # then recreate secret with the new `rbd_keyring`,
+    # if there's no value change, leave it untouched.
+    exec { 'undefine-if-value-not-match virsh secret':
+      path    => ['/bin', '/usr/bin'],
+      command => "virsh secret-undefine --secret ${libvirt_rbd_secret_uuid} && rm -f /etc/nova/virsh.secret",
+      onlyif  => "virsh secret-dumpxml --secret ${libvirt_rbd_secret_uuid} 2>/dev/null | grep -q -v -w \"${rbd_keyring}\"",
+      require => File['/etc/nova/secret.xml']
+    } ->
    exec { 'get-or-set virsh secret':
      command => '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
      creates => '/etc/nova/virsh.secret',
--- a/spec/classes/nova_compute_rbd_spec.rb
+++ b/spec/classes/nova_compute_rbd_spec.rb
@@ -80,6 +80,12 @@ describe 'nova::compute::rbd' do
          "  <uuid>UUID</uuid>",
          "</secret>"
        ])
+        is_expected.to contain_exec('undefine-if-value-not-match virsh secret').with(
+          :path    => '["/bin", "/usr/bin"]',
+          :command => 'virsh secret-undefine --secret UUID && rm -f /etc/nova/virsh.secret',
+          :onlyif  => 'virsh secret-dumpxml --secret UUID 2>/dev/null | grep -q -v -w "client.rbd_test"',
+          :require => 'File[/etc/nova/secret.xml]'
+        )
        is_expected.to contain_exec('get-or-set virsh secret').with(
          :command =>  '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
          :creates => '/etc/nova/virsh.secret',
@@ -131,6 +137,12 @@ describe 'nova::compute::rbd' do
          "  <uuid>UUID</uuid>",
          "</secret>"
        ])
+        is_expected.to contain_exec('undefine-if-value-not-match virsh secret').with(
+          :path    => '["/bin", "/usr/bin"]',
+          :command => 'virsh secret-undefine --secret UUID && rm -f /etc/nova/virsh.secret',
+          :onlyif  => 'virsh secret-dumpxml --secret UUID 2>/dev/null | grep -q -v -w "client.rbd_test"',
+          :require => 'File[/etc/nova/secret.xml]'
+        )
        is_expected.to contain_exec('get-or-set virsh secret').with(
          :command =>  '/usr/bin/virsh secret-define --file /etc/nova/secret.xml | /usr/bin/awk \'{print $2}\' | sed \'/^$/d\' > /etc/nova/virsh.secret',
          :creates => '/etc/nova/virsh.secret',