aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKeith Schincke <keith.schincke@gmail.com>2016-12-01 13:37:12 -0500
committerGiulio Fidente <gfidente@redhat.com>2017-01-09 18:31:33 +0100
commitbbf13fe1d5dd242ce370afbdb7bb13db77d53d7f (patch)
tree40a737c43b78d9c24bd7ee66346945bdf54d7f08
parent17fbadba7df13df3df5c263e27fd55d561a6b576 (diff)
Add support for not using admin_token in Ceph/RGW
This patch add the option for using Keyston V3 authention with the Ceph/RGW service instead of using the admin_token Change-Id: I42861afcac221478dcb68be13b6dbc2533a7f158
-rw-r--r--manifests/profile/base/ceph/rgw.pp37
-rw-r--r--releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml5
-rw-r--r--spec/classes/tripleo_profile_base_ceph_rgw_spec.rb11
-rw-r--r--spec/fixtures/hieradata/default.yaml7
4 files changed, 51 insertions, 9 deletions
diff --git a/manifests/profile/base/ceph/rgw.pp b/manifests/profile/base/ceph/rgw.pp
index 2ecca52..8443de0 100644
--- a/manifests/profile/base/ceph/rgw.pp
+++ b/manifests/profile/base/ceph/rgw.pp
@@ -29,6 +29,10 @@
# [*keystone_admin_token*]
# The keystone admin token
#
+# [*rgw_keystone_version*] The api version for keystone.
+# Possible values 'v2.0', 'v3'
+# Optional. Default is 'v2.0'
+#
# [*keystone_url*]
# The internal or admin url for keystone
#
@@ -44,9 +48,10 @@ class tripleo::profile::base::ceph::rgw (
$keystone_admin_token,
$keystone_url,
$rgw_key,
- $civetweb_bind_ip = '127.0.0.1',
- $civetweb_bind_port = '8080',
- $step = hiera('step'),
+ $civetweb_bind_ip = '127.0.0.1',
+ $civetweb_bind_port = '8080',
+ $rgw_keystone_version = 'v2.0',
+ $step = hiera('step'),
) {
include ::tripleo::profile::base::ceph
@@ -58,7 +63,8 @@ class tripleo::profile::base::ceph::rgw (
include ::ceph::profile::base
ceph::rgw { $rgw_name:
frontend_type => 'civetweb',
- rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}"
+ rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}",
+ user => 'ceph',
}
ceph::key { "client.${rgw_name}":
secret => $rgw_key,
@@ -69,11 +75,24 @@ class tripleo::profile::base::ceph::rgw (
}
if $step >= 4 {
- ceph::rgw::keystone { $rgw_name:
- rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
- use_pki => false,
- rgw_keystone_admin_token => $keystone_admin_token,
- rgw_keystone_url => $keystone_url,
+ if $rgw_keystone_version == 'v2.0' {
+ ceph::rgw::keystone { $rgw_name:
+ rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
+ use_pki => false,
+ rgw_keystone_admin_token => $keystone_admin_token,
+ rgw_keystone_url => $keystone_url,
+ user => 'ceph',
+ }
+ }
+ else
+ {
+ ceph::rgw::keystone { $rgw_name:
+ rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
+ use_pki => false,
+ rgw_keystone_url => $keystone_url,
+ rgw_keystone_version => $rgw_keystone_version,
+ user => 'ceph',
+ }
}
}
}
diff --git a/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml b/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml
new file mode 100644
index 0000000..6159415
--- /dev/null
+++ b/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Add support for configuring Ceph RGW to use
+ keystone V3 service authentication instead
+ of admin token authentication
diff --git a/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
index 88f971b..4ebf521 100644
--- a/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
@@ -85,6 +85,17 @@ describe 'tripleo::profile::base::ceph::rgw' do
)
end
end
+
+ context 'with step 4 and keystone v3' do
+ let(:params) { default_params.merge({ :step => 4, :rgw_keystone_version => 'v3' }) }
+ it 'should include rgw configuration' do
+ is_expected.to contain_ceph__rgw__keystone('radosgw.gateway').with(
+ :rgw_keystone_accepted_roles => ["admin", "_member_", "Member"],
+ :use_pki => false,
+ :rgw_keystone_url => 'url'
+ )
+ end
+ end
end
on_supported_os.each do |os, facts|
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index d63fc76..b09e914 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -14,6 +14,13 @@ barbican::keystone::authtoken::password: 'password'
ceilometer::keystone::authtoken::password: 'password'
# ceph related items
ceph::profile::params::mon_key: 'password'
+# NOTE(gfidente): we want to use keystone v3 API for RGW so the following are
+# needed to comply with the if condition:
+# https://github.com/openstack/puppet-ceph/blob/master/manifests/rgw/keystone.pp#L111
+ceph::profile::params::rgw_keystone_admin_domain: 'keystone_domain'
+ceph::profile::params::rgw_keystone_admin_project: 'keystone_project'
+ceph::profile::params::rgw_keystone_admin_user: 'keystone_admin_user'
+ceph::profile::params::rgw_keystone_admin_password: 'keystone_admin_password'
# cinder related items
cinder::rabbit_password: 'password'
cinder::keystone::authtoken::password: 'password'