recipes/radosgw_users.rb (73 lines of code) (raw):
#
# Author:: Hans Chris Jones <chris.jones@lambdastack.io>
# Cookbook Name:: ceph
#
# Copyright 2017, Bloomberg Finance L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# NOTE: Create the admin user. These variables MUST exist for this to work. The default values can be found in
# the radosgw.rb attributes file. They can also be overridden in multiple places.
# Admin user MUST have caps set properly. Without full rights, no admin functions can occur via the admin restful calls.
node['ceph']['radosgw']['users'].each do |user|
# NOTE: Keys are always generated if the user is new! We do not want to ever store user credentials.
access_key = ceph_chef_secure_password_alphanum_upper(20)
secret_key = ceph_chef_secure_password(40)
if node['ceph']['pools']['radosgw']['federated_enable'] == false
ruby_block "initialize-radosgw-user-#{user['name']}" do
block do
max_buckets = if user.attribute?('max_buckets') && user['max_buckets'] > 0
"--max-buckets=#{user['max_buckets']}"
else
''
end
access_key = if user.attribute?('access_key') && !user['access_key'].to_s.strip.empty?
"#{user['access_key']}"
end
secret_key = if user.attribute?('secret_key') && !user['secret_key'].to_s.strip.empty?
"#{user['secret_key']}"
end
rgw_admin = JSON.parse(`radosgw-admin user create --display-name="#{user['name']}" --uid="#{user['uid']}" "#{max_buckets}" --access-key="#{access_key}" --secret="#{secret_key}"`)
if user.attribute?('admin_caps') && !user['admin_caps'].empty?
rgw_admin_cap = JSON.parse(`radosgw-admin caps add --uid="#{user['uid']}" --caps="#{user['admin_caps']}"`)
end
end
not_if "radosgw-admin user info --uid='#{user['uid']}'"
ignore_failure true
end
if user.attribute?('buckets')
user['buckets'].each do |bucket|
execute "create-bucket-#{bucket['name']}" do
command "radosgw-admin2 --user #{user['uid']} --endpoint #{node['ceph']['radosgw']['default_url']} --port #{node['ceph']['radosgw']['port']} --bucket #{bucket['name']} --action create"
ignore_failure true
end
end
end
else
# Loop through the instances
# NOTE: This process is very opinionated so make sure it follows what you're wanting before running it...
node['ceph']['pools']['radosgw']['federated_zone_instances'].each do |inst|
ruby_block "initialize-radosgw-user-#{user['name']}-#{inst['name']}" do
block do
max_buckets = if user.attribute?('max_buckets') && user['max_buckets'] > 0
"--max-buckets=#{user['max_buckets']}"
else
''
end
access_key = if user.attribute?('access_key') && !user['access_key'].to_s.strip.empty?
"#{user['access_key']}"
end
secret_key = if user.attribute?('secret_key') && !user['secret_key'].to_s.strip.empty?
"#{user['secret_key']}"
end
rgw_admin = JSON.parse(`sudo radosgw-admin user create --name client.radosgw.#{inst['region']}-#{inst['name']} --display-name="#{user['name']}" --uid="#{user['uid']}" "#{max_buckets}" --access-key="#{access_key}" --secret="#{secret_key}"`)
if user.attribute?('admin_caps') && !user['admin_caps'].empty?
rgw_admin_cap = JSON.parse(`sudo radosgw-admin caps add --name client.radosgw.#{inst['region']}-#{inst['name']} --uid="#{user['uid']}" --caps="#{user['admin_caps']}"`)
end
end
not_if "sudo radosgw-admin user info --name client.radosgw.#{inst['region']}-#{inst['name']} --uid='#{user['uid']}'"
ignore_failure true
end
if user.attribute?('buckets')
user['buckets'].each do |bucket|
execute "create-bucket-#{bucket['name']}" do
command "radosgw-admin2 --user #{user['uid']} --endpoint #{node['ceph']['radosgw']['default_url']} --port #{node['ceph']['radosgw']['port']} --bucket #{bucket['name']} -r #{inst['region']} -z #{inst['name']} --action create"
ignore_failure true
end
if bucket['acl'] == 'public'
execute "change-bucket-acl-#{bucket['name']}" do
command "radosgw-admin2 --user #{user['uid']} --endpoint #{node['ceph']['radosgw']['default_url']} --port #{node['ceph']['radosgw']['port']} --bucket #{bucket['name']} -r #{inst['region']} -z #{inst['name']} --action public"
ignore_failure true
end
end
end
end
end
end
end