Merge "Fixes ceph key import failures"

diff --git a/build/overcloud-full.sh b/build/overcloud-full.sh
index 7ed57d0..a4006c4 100755 (executable)
--- a/build/overcloud-full.sh
+++ b/build/overcloud-full.sh
@@ -145,6 +145,8 @@ LIBGUESTFS_BACKEND=direct $VIRT_CUSTOMIZE \
     --install python-etcd,puppet-etcd \
     --install patch \
     --install docker,kubelet,kubeadm,kubectl,kubernetes-cni \
+    --upload ${BUILD_ROOT}/patches/puppet-ceph.patch:/etc/puppet/modules/ceph/ \
+    --run-command "cd /etc/puppet/modules/ceph && patch -p1 < puppet-ceph.patch" \
     -a overcloud-full_build.qcow2
 
     # upload and install barometer packages

diff --git a/build/patches/puppet-ceph.patch b/build/patches/puppet-ceph.patch
new file mode 100644 (file)
index 0000000..18bf9ee
--- /dev/null
+++ b/build/patches/puppet-ceph.patch
@@ -0,0 +1,76 @@
+From 99a0bcc818ed801f6cb9e07a9904ee40e624bdab Mon Sep 17 00:00:00 2001
+From: Tim Rozet <trozet@redhat.com>
+Date: Mon, 5 Mar 2018 17:03:00 -0500
+Subject: [PATCH] Fixes ceph key import failures by adding multiple attempts
+
+Signed-off-by: Tim Rozet <trozet@redhat.com>
+---
+ manifests/key.pp | 42 +++++++++++++++++-------------------------
+ 1 file changed, 17 insertions(+), 25 deletions(-)
+
+diff --git a/manifests/key.pp b/manifests/key.pp
+index 911df1a..d47a4c3 100644
+--- a/manifests/key.pp
++++ b/manifests/key.pp
+@@ -123,22 +123,6 @@ define ceph::key (
+     }
+   }
+ 
+-  # ceph-authtool --add-key is idempotent, will just update pre-existing keys
+-  exec { "ceph-key-${name}":
+-    command   => "/bin/true # comment to satisfy puppet syntax requirements
+-set -ex
+-ceph-authtool ${keyring_path} --name '${name}' --add-key '${secret}' ${caps}",
+-    unless    => "/bin/true # comment to satisfy puppet syntax requirements
+-set -x
+-NEW_KEYRING=\$(mktemp)
+-ceph-authtool \$NEW_KEYRING --name '${name}' --add-key '${secret}' ${caps}
+-diff -N \$NEW_KEYRING ${keyring_path}
+-rv=\$?
+-rm \$NEW_KEYRING
+-exit \$rv",
+-    require   => [ File[$keyring_path], ],
+-    logoutput => true,
+-  }
+ 
+   if $inject {
+ 
+@@ -162,18 +146,26 @@ exit \$rv",
+     exec { "ceph-injectkey-${name}":
+       command   => "/bin/true # comment to satisfy puppet syntax requirements
+ set -ex
++cat ${keyring_path}
++ceph-authtool ${keyring_path} --name '${name}' --add-key '${secret}' ${caps}
++cat ${keyring_path}
+ ceph ${cluster_option} ${inject_id_option} ${inject_keyring_option} auth import -i ${keyring_path}",
+-      unless    => "/bin/true # comment to satisfy puppet syntax requirements
+-set -x
+-OLD_KEYRING=\$(mktemp)
+-ceph ${cluster_option} ${inject_id_option} ${inject_keyring_option} auth get ${name} -o \$OLD_KEYRING || true
+-diff -N \$OLD_KEYRING ${keyring_path}
+-rv=$?
+-rm \$OLD_KEYRING
+-exit \$rv",
+-      require   => [ Class['ceph'], Exec["ceph-key-${name}"], ],
++      require   => [ File[$keyring_path], Class['ceph'] ],
+       logoutput => true,
++      tries     => 6,
++      try_sleep => 10
+     }
+ 
++  } else {
++
++    # ceph-authtool --add-key is idempotent, will just update pre-existing keys
++    exec { "ceph-key-${name}":
++      command   => "/bin/true # comment to satisfy puppet syntax requirements
++set -ex
++ceph-authtool ${keyring_path} --name '${name}' --add-key '${secret}' ${caps}
++cat ${keyring_path}",
++      require   => [ File[$keyring_path], ],
++      logoutput => true,
++    }
+   }
+ }
+-- 
+2.14.3
+