#!/usr/bin/env python
# Copyright 2018 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import re
import subprocess # nosec
DOCUMENTATION = '''
---
module: kolla_ceph_keyring
short_description: >
Module for update ceph client keyring caps in kolla.
description:
- A module used to update ceph client keyring caps in kolla.
options:
name:
description:
- the client name in ceph
required: True
type: str
container_name:
description:
- the ceph mon container name
required: True
default: ceph_mon
type: str
caps:
description:
- the ceph auth caps
required: True
type: dict
author: Jeffrey Zhang
'''
EXAMPLES = '''
- name: configure admin client caps
kolla_ceph_keyring:
name: client.admin
container_name: ceph_mon
caps:
mds: 'allow *'
mon: 'allow *'
osd: 'allow *'
mgr: 'allow *'
'''
enoent_re = re.compile(r"\bENOENT\b")
class CephKeyring(object):
def __init__(self, name, caps, container_name='ceph_mon'):
self.name = name
self.caps = caps
self.container_name = container_name
self.changed = False
self.message = None
def _run(self, cmd):
_prefix = ['docker', 'exec', self.container_name]
cmd = _prefix + cmd
proc = subprocess.Popen(cmd, # nosec
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = proc.communicate()
retcode = proc.poll()
if retcode != 0:
output = 'stdout: "%s", stderr: "%s"' % (stdout, stderr)
raise subprocess.CalledProcessError(retcode, cmd, output)
return stdout
def _format_caps(self):
caps = []
for obj in sorted(self.caps):
caps.extend([obj, self.caps[obj]])
return caps
def parse_stdout(self, stdout):
keyring = json.loads(stdout)
# there should be only one element
return keyring[0]
def ensure_keyring(self):
try:
stdout = self.get_keyring()
except subprocess.CalledProcessError as e:
if e.returncode != 2 or not enoent_re.search(e.output):
# this is not a missing keyring case
raise
# keyring doesn't exsit, try to create it
stdout = self.create_keyring()
self.changed = True
self.message = 'ceph keyring for %s is created' % self.name
keyring = self.parse_stdout(stdout)
if keyring['caps'] != self.caps:
self.update_caps()
stdout = self.get_keyring()
keyring = self.parse_stdout(stdout)
self.changed = True
self.message = 'ceph keyring for %s is updated' % self.name
self.keyring = keyring
return self.keyring
def get_keyring(self):
ceph_cmd = ['ceph', '--format', 'json', 'auth', 'get', self.name]
return self._run(ceph_cmd)
def update_caps(self):
ceph_cmd = ['ceph', '--format', 'json', 'auth', 'caps', self.name]
caps = self._format_caps()
ceph_cmd.extend(caps)
self._run(ceph_cmd)
def create_keyring(self):
ceph_cmd = ['ceph', '--format', 'json', 'auth',
'get-or-create', self.name]
caps = self._format_caps()
ceph_cmd.extend(caps)
return self._run(ceph_cmd)
def main():
specs = dict(
name=dict(type='str', required=True),
container_name=dict(type='str', default='ceph_mon'),
caps=dict(type='dict', required=True)
)
module = AnsibleModule(argument_spec=specs) # noqa
params = module.params
ceph_keyring = CephKeyring(params['name'],
params['caps'],
params['container_name'])
try:
keyring = ceph_keyring.ensure_keyring()
module.exit_json(changed=ceph_keyring.changed,
keyring=keyring,
message=ceph_keyring.message)
except subprocess.CalledProcessError as ex:
msg = ('Failed to call command: %s returncode: %s output: %s' %
(ex.cmd, ex.returncode, ex.output))
module.fail_json(msg=msg)
from ansible.module_utils.basic import * # noqa
if __name__ == "__main__":
main()