From cdcbb4a9f71fb05e8eab71fdeb66a2708f466ec4 Mon Sep 17 00:00:00 2001
From: Jaesang Lee <jaesang_lee@sk.com>
Date: Fri, 19 Jan 2018 19:01:52 +0900
Subject: [PATCH] Use ceph-admin-keyring to execute storage_init script in
 Cinder.

Like a glance, gnocchi, ceph-admin-keyring script should be needed when
execute storage_init.sh in cinder.

Change-Id: I5ab1b474de7cc0a9f80642502d74d1d1f156dea5
Closes-bug: 1744207
---
 .../templates/bin/_ceph-admin-keyring.sh.tpl  | 31 +++++++++++++++++++
 cinder/templates/bin/_ceph-keyring.sh.tpl     |  4 ---
 cinder/templates/configmap-bin.yaml           |  2 ++
 cinder/templates/job-backup-storage-init.yaml |  9 ++----
 cinder/templates/job-storage-init.yaml        |  9 ++----
 cinder/values.yaml                            |  2 +-
 6 files changed, 40 insertions(+), 17 deletions(-)
 create mode 100644 cinder/templates/bin/_ceph-admin-keyring.sh.tpl

diff --git a/cinder/templates/bin/_ceph-admin-keyring.sh.tpl b/cinder/templates/bin/_ceph-admin-keyring.sh.tpl
new file mode 100644
index 0000000000..f3c0a521db
--- /dev/null
+++ b/cinder/templates/bin/_ceph-admin-keyring.sh.tpl
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+export HOME=/tmp
+
+cat <<EOF > /etc/ceph/ceph.client.admin.keyring
+[client.admin]
+{{- if .Values.conf.ceph.admin_keyring }}
+    key = {{ .Values.conf.ceph.admin_keyring }}
+{{- else }}
+    key = $(cat /tmp/client-keyring)
+{{- end }}
+EOF
+
+exit 0
diff --git a/cinder/templates/bin/_ceph-keyring.sh.tpl b/cinder/templates/bin/_ceph-keyring.sh.tpl
index f27075331b..4673bd192b 100644
--- a/cinder/templates/bin/_ceph-keyring.sh.tpl
+++ b/cinder/templates/bin/_ceph-keyring.sh.tpl
@@ -21,11 +21,7 @@ export HOME=/tmp
 
 cat <<EOF > /etc/ceph/ceph.client.${RBD_USER}.keyring
 [client.${RBD_USER}]
-{{- if .Values.conf.ceph.cinder_keyring }}
-    key = {{ .Values.conf.ceph.cinder_keyring }}
-{{- else }}
     key = $(cat /tmp/client-keyring)
-{{- end }}
 EOF
 
 exit 0
diff --git a/cinder/templates/configmap-bin.yaml b/cinder/templates/configmap-bin.yaml
index 28a43fcb0b..75be206268 100644
--- a/cinder/templates/configmap-bin.yaml
+++ b/cinder/templates/configmap-bin.yaml
@@ -47,6 +47,8 @@ data:
 {{ tuple "bin/_cinder-volume.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   ceph-keyring.sh: |+
 {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  ceph-admin-keyring.sh: |+
+{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   volume-usage-audit.sh: |+
 {{ tuple "bin/_volume-usage-audit.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   backup-storage-init.sh: |+
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index d1bdac328c..e9601ec32b 100644
--- a/cinder/templates/job-backup-storage-init.yaml
+++ b/cinder/templates/job-backup-storage-init.yaml
@@ -72,16 +72,13 @@ spec:
           securityContext:
             runAsUser: 0
           command:
-            - /tmp/ceph-keyring.sh
-          env:
-            - name: RBD_USER
-              value: "admin"
+            - /tmp/ceph-admin-keyring.sh
           volumeMounts:
             - name: etcceph
               mountPath: /etc/ceph
             - name: cinder-bin
-              mountPath: /tmp/ceph-keyring.sh
-              subPath: ceph-keyring.sh
+              mountPath: /tmp/ceph-admin-keyring.sh
+              subPath: ceph-admin-keyring.sh
               readOnly: true
             - name: ceph-keyring
               mountPath: /tmp/client-keyring
diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
index 3c30b1354f..b5dc7de1ae 100644
--- a/cinder/templates/job-storage-init.yaml
+++ b/cinder/templates/job-storage-init.yaml
@@ -72,16 +72,13 @@ spec:
           securityContext:
             runAsUser: 0
           command:
-            - /tmp/ceph-keyring.sh
-          env:
-            - name: RBD_USER
-              value: "admin"
+            - /tmp/ceph-admin-keyring.sh
           volumeMounts:
             - name: etcceph
               mountPath: /etc/ceph
             - name: cinder-bin
-              mountPath: /tmp/ceph-keyring.sh
-              subPath: ceph-keyring.sh
+              mountPath: /tmp/ceph-admin-keyring.sh
+              subPath: ceph-admin-keyring.sh
               readOnly: true
             - name: ceph-keyring
               mountPath: /tmp/client-keyring
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 4d0cb7995a..519cd359e8 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -414,7 +414,7 @@ conf:
     override:
     append:
     monitors: []
-    cinder_keyring: null
+    admin_keyring: null
   cinder:
     DEFAULT:
       use_syslog: false