diff options
author | Giulio Fidente <gfidente@redhat.com> | 2015-03-27 16:13:59 -0400 |
---|---|---|
committer | Giulio Fidente <gfidente@redhat.com> | 2015-03-27 18:36:10 -0400 |
commit | b0fea9137191704f0763cf2fd892570ec560fce9 (patch) | |
tree | 416120c1750d9dc9bd44be421785c4617dc8a82e /puppet/ceph-cluster-config.yaml | |
parent | fed9d001ccc92a6d3392cb959416596b6df83d99 (diff) |
Restructure Ceph/Puppet params to reflect changes in puppet-ceph
A change [1] in puppet-ceph offers more flexibility but breaks
backwards so we had to update our composition layer as well; we gain
control of the cephx keyring in the template though.
1. Ie6adbd601388ab52c37037004bd0ceef9fc41942
Change-Id: Ia8196849afce2969daa608828cec81ebe3ac96e1
Diffstat (limited to 'puppet/ceph-cluster-config.yaml')
-rw-r--r-- | puppet/ceph-cluster-config.yaml | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index dab029f3..e01bd19d 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -35,11 +35,33 @@ resources: - ',' - {get_param: ceph_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::admin_key: {get_param: ceph_admin_key} ceph::profile::params::mon_key: {get_param: ceph_mon_key} - # We would need a dedicated key for OSD - ceph::profile::params::bootstrap_osd_key: {get_param: ceph_mon_key} - ceph::profile::params::osds: '{"/srv/data": {}}' + ceph::profile::params::osds: "{/srv/data: {}}" + # We should use a separated key for the non-admin clients + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.admin: { + secret: 'ADMIN_KEY', + mode: '0600', + cap_mon: 'allow *', + cap_osd: 'allow *', + cap_mds: 'allow *' + }, + client.bootstrap-osd: { + secret: 'ADMIN_KEY', + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + cap_mon: 'allow profile bootstrap-osd' + }, + client.openstack: { + secret: 'ADMIN_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms' + } + }" + params: + ADMIN_KEY: {get_param: ceph_admin_key} outputs: config_id: |