Restructure Ceph/Puppet params to reflect changes in puppet-ceph

A change [1] in puppet-ceph offers more flexibility but breaks backwards so we had to update our composition layer as well; we gain control of the cephx keyring in the template though. 1. Ie6adbd601388ab52c37037004bd0ceef9fc41942 Change-Id: Ia8196849afce2969daa608828cec81ebe3ac96e1
author: Giulio Fidente <gfidente@redhat.com> 2015-03-27 16:13:59 -0400
committer: Giulio Fidente <gfidente@redhat.com> 2015-03-27 18:36:10 -0400
commit: b0fea9137191704f0763cf2fd892570ec560fce9 (patch)
tree: 416120c1750d9dc9bd44be421785c4617dc8a82e /puppet/ceph-cluster-config.yaml
parent: fed9d001ccc92a6d3392cb959416596b6df83d99 (diff)
1 files changed, 26 insertions, 4 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index dab029f3..e01bd19d 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -35,11 +35,33 @@ resources:
                   - ','
                   - {get_param: ceph_mon_ips}
                 ceph::profile::params::fsid: {get_param: ceph_fsid}
-                ceph::profile::params::admin_key: {get_param: ceph_admin_key}
                 ceph::profile::params::mon_key: {get_param: ceph_mon_key}
-                # We would need a dedicated key for OSD
-                ceph::profile::params::bootstrap_osd_key: {get_param: ceph_mon_key}
-                ceph::profile::params::osds: '{"/srv/data": {}}'
+                ceph::profile::params::osds: "{/srv/data: {}}"
+                # We should use a separated key for the non-admin clients
+                ceph::profile::params::client_keys:
+                  str_replace:
+                    template: "{
+                      client.admin: {
+                        secret: 'ADMIN_KEY',
+                        mode: '0600',
+                        cap_mon: 'allow *',
+                        cap_osd: 'allow *',
+                        cap_mds: 'allow *'
+                      },
+                      client.bootstrap-osd: {
+                        secret: 'ADMIN_KEY',
+                        keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
+                        cap_mon: 'allow profile bootstrap-osd'
+                      },
+                      client.openstack: {
+                        secret: 'ADMIN_KEY',
+                        mode: '0644',
+                        cap_mon: 'allow r',
+                        cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms'
+                      }
+                    }"
+                    params:
+                      ADMIN_KEY: {get_param: ceph_admin_key}
 
 outputs:
   config_id:
author	Giulio Fidente <gfidente@redhat.com>	2015-03-27 16:13:59 -0400
committer	Giulio Fidente <gfidente@redhat.com>	2015-03-27 18:36:10 -0400
commit	b0fea9137191704f0763cf2fd892570ec560fce9 (patch)
tree	416120c1750d9dc9bd44be421785c4617dc8a82e /puppet/ceph-cluster-config.yaml
parent	fed9d001ccc92a6d3392cb959416596b6df83d99 (diff)