Merge pull request #292 from Cray-HPE/develop

Release 1.24.1 for CSM 1.6

CHANGELOG.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.24.1] - 2024-08-12
+
+### Fixed
+
+- CASMPET-7175: iSCSI SBPS: radosgw-admin cmd fails with "auth: unable to find a keyring..."
+  part of s3fs mount for boot images (boot-images bucket)
+      - fixed CFS play to create s3 access/ secret key on master node followed by mounting
+        s3 boot images with this s3 key on worker nodes.
+
 ## [1.24.0] - 2024-08-09
 
 ### Fixed
@@ -479,7 +488,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Ansible playbook for applying csm packages to Compute and Application nodes
 
-[Unreleased]: https://github.com/Cray-HPE/csm-config/compare/1.24.0...HEAD
+[Unreleased]: https://github.com/Cray-HPE/csm-config/compare/1.24.1...HEAD
+
+[1.24.1]: https://github.com/Cray-HPE/csm-config/compare/1.24.0...1.24.1
 
 [1.24.0]: https://github.com/Cray-HPE/csm-config/compare/1.23.0...1.24.0
 

ansible/roles/csm.sbps.mount_s3_images/files/create_s3_acess_secret_key.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# MIT License
+#
+# (C) Copyright 2024 Hewlett Packard Enterprise Development LP
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+
+set -euo pipefail
+
+# Generate s3 key with s3 access key id and secret key
+s3_user=ISCSI-SBPS
+s3_key=$(radosgw-admin user info --uid "${s3_user}" |jq -r '.keys[]|.access_key +":"+ .secret_key')
+
+# echo s3 key to stdout to be picked by next task in the playbook
+echo "$s3_key"
+

ansible/roles/csm.sbps.mount_s3_images/files/mount_s3_boot_images.sh

@@ -25,14 +25,14 @@
 
 set -euo pipefail
 
-s3_user=ISCSI-SBPS
+# Mount s3 boot images (boot-images bucket) with
+# new s3 user (ISCSI-SBPS) read only policy.
 s3_bucket=boot-images
 s3fs_mount_dir=/var/lib/cps-local/boot-images
 filename=.iscsi-sbps.s3fs
 passwd_file="${HOME}/${filename}"
 
-radosgw-admin user info --uid "${s3_user}" |jq -r '.keys[]|.access_key +":"+ .secret_key' > "${passwd_file}"
 chmod 600 "${passwd_file}"
-
 mkdir -pv "${s3fs_mount_dir}"
-s3fs "${s3_bucket}" "${s3fs_mount_dir}" -o "passwd_file=${passwd_file},url=http://rgw-vip.nmn,use_path_request_style"
+
+s3fs "${s3_bucket}" "${s3fs_mount_dir}" -o "passwd_file=${passwd_file},url=http://rgw-vip.nmn,use_path_request_style" -o nonempty

ansible/roles/csm.sbps.mount_s3_images/tasks/main.yml

@@ -23,9 +23,27 @@
 #
 ---
 
-#  Clear LIO configuration and save 
-#  Set LIO IQN (and default TGT1)
-#  Delete LIO default portal
+#  mount s3 boot images (boot-images bucket)
+#  with new s3 user read only policy using new
+#  s3 access/ secret key.
+
+# Create s3 access/ secret key file for s3 user (ISCSI-SBPS) on master node
+- name: create_s3_acess_secret_key
+  script: "create_s3_acess_secret_key.sh"
+  register: create_s3_acess_secret_key
+  changed_when: create_s3_acess_secret_key.rc == 0
+  delegate_to: localhost
+
+# Create/ update s3 key file (with s3 access key id + s3 secret key) on each worker node
+- name: Update s3 key file on each worker node
+  lineinfile:
+    path: "/root/.iscsi-sbps.s3fs"
+    line: "{{ create_s3_acess_secret_key.stdout | trim }}"
+    state: present
+    create: yes
+
+# mount s3 boot images (boot-images bucket) with
+# new s3 user read only policy on worker nodes
 - name: mount_s3_boot_images
   script: "mount_s3_boot_images.sh"
   register: mount_s3_boot_images