/
mon.pp
190 lines (173 loc) · 5.67 KB
/
mon.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#
# Copyright (C) 2013 Cloudwatt <libre.licensing@cloudwatt.com>
# Copyright (C) 2013, 2014 iWeb Technologies Inc.
# Copyright (C) 2014 Nine Internet Solutions AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Author: Loic Dachary <loic@dachary.org>
# Author: David Moreau Simard <dmsimard@iweb.com>
# Author: David Gurtner <david@nine.ch>
#
# Installs and configures MONs (ceph monitors)
### == Parameters
# [*title*] The MON id.
# Mandatory. An alphanumeric string uniquely identifying the MON.
#
# [*ensure*] Installs ( present ) or remove ( absent ) a MON
# Optional. Defaults to present.
# If set to absent, it will stop the MON service and remove
# the associated data directory.
#
# [*public_addr*] The bind IP address.
# Optional. The IPv(4|6) address on which MON binds itself.
#
# [*cluster*] The ceph cluster
# Optional. Same default as ceph.
#
# [*authentication_type*] Activate or deactivate authentication
# Optional. Default to cephx.
# Authentication is activated if the value is 'cephx' and deactivated
# if the value is 'none'. If the value is 'cephx', at least one of
# key or keyring must be provided.
#
# [*key*] Authentication key for [mon.]
# Optional. $key and $keyring are mutually exclusive.
#
# [*keyring*] Path of the [mon.] keyring file
# Optional. $key and $keyring are mutually exclusive.
#
define ceph::mon (
$ensure = present,
$public_addr = undef,
$cluster = undef,
$authentication_type = 'cephx',
$key = undef,
$keyring = undef,
) {
# a puppet name translates into a ceph id, the meaning is different
$id = $name
if $cluster {
$cluster_name = $cluster
$cluster_option = "--cluster ${cluster_name}"
} else {
$cluster_name = 'ceph'
}
if $::operatingsystem == 'Ubuntu' {
$init = 'upstart'
Service {
name => "ceph-mon-${id}",
# workaround for bug https://projects.puppetlabs.com/issues/23187
provider => 'init',
start => "start ceph-mon id=${id}",
stop => "stop ceph-mon id=${id}",
status => "status ceph-mon id=${id}",
}
} elsif ($::operatingsystem == 'Debian') or ($::osfamily == 'RedHat') {
$init = 'sysvinit'
Service {
name => "ceph-mon-${id}",
start => "service ceph start mon.${id}",
stop => "service ceph stop mon.${id}",
status => "service ceph status mon.${id}",
}
} else {
fail("operatingsystem = ${::operatingsystem} is not supported")
}
$mon_service = "ceph-mon-${id}"
if $ensure == present {
$ceph_mkfs = "ceph-mon-mkfs-${id}"
if $authentication_type == 'cephx' {
if ! $key and ! $keyring {
fail("authentication_type ${authentication_type} requires either key or keyring to be set but both are undef")
}
if $key and $keyring {
fail("key (set to ${key}) and keyring (set to ${keyring}) are mutually exclusive")
}
if $key {
$keyring_path = "/tmp/ceph-mon-keyring-${id}"
file { $keyring_path:
mode => '0444',
content => "[mon.]\n\tkey = ${key}\n\tcaps mon = \"allow *\"\n",
}
File[$keyring_path] -> Exec[$ceph_mkfs]
} else {
$keyring_path = $keyring
}
} else {
$keyring_path = '/dev/null'
}
if $public_addr {
$public_addr_option = "--public_addr ${public_addr}"
}
Ceph_Config<||> ->
exec { $ceph_mkfs:
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
if [ ! -d \$mon_data ] ; then
mkdir -p \$mon_data
chown -h ceph:ceph \$mon_data
if ceph-mon ${cluster_option} \
--setuser ceph --setgroup ceph \
${public_addr_option} \
--mkfs \
--id ${id} \
--keyring ${keyring_path} ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
chown -h ceph:ceph \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
rm -fr \$mon_data
fi
else
if [ ! -f \$mon_data/done ] ; then
rm -fr \$mon_data
exit 1
fi
fi
",
logoutput => true,
}
->
# prevent automatic creation of the client.admin key by ceph-create-keys
exec { "ceph-mon-${cluster_name}.client.admin.keyring-${id}":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
touch /etc/ceph/${cluster_name}.client.admin.keyring",
} ->
service { $mon_service:
ensure => running,
}
if $authentication_type == 'cephx' {
if $key {
Exec[$ceph_mkfs] -> Exec["rm-keyring-${id}"]
exec { "rm-keyring-${id}":
command => "/bin/rm ${keyring_path}",
}
}
}
} else {
service { $mon_service:
ensure => stopped
}
->
exec { "remove-mon-${id}":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config | sed -n -e 's/mon_data = //p')
rm -fr \$mon_data
",
logoutput => true,
} -> Package<| tag == 'ceph' |>
}
}