diff options
| -rw-r--r-- | puppet/ceph-cluster-config.yaml | 30 | ||||
| -rw-r--r-- | puppet/hieradata/ceph.yaml | 2 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_cephstorage.pp | 3 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 6 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 10 |
5 files changed, 26 insertions, 25 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index dab029f3..e01bd19d 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -35,11 +35,33 @@ resources: - ',' - {get_param: ceph_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::admin_key: {get_param: ceph_admin_key} ceph::profile::params::mon_key: {get_param: ceph_mon_key} - # We would need a dedicated key for OSD - ceph::profile::params::bootstrap_osd_key: {get_param: ceph_mon_key} - ceph::profile::params::osds: '{"/srv/data": {}}' + ceph::profile::params::osds: "{/srv/data: {}}" + # We should use a separated key for the non-admin clients + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.admin: { + secret: 'ADMIN_KEY', + mode: '0600', + cap_mon: 'allow *', + cap_osd: 'allow *', + cap_mds: 'allow *' + }, + client.bootstrap-osd: { + secret: 'ADMIN_KEY', + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + cap_mon: 'allow profile bootstrap-osd' + }, + client.openstack: { + secret: 'ADMIN_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms' + } + }" + params: + ADMIN_KEY: {get_param: ceph_admin_key} outputs: config_id: diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index a908b43b..e43b0da5 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -6,8 +6,6 @@ ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx -ceph_openstack_default_cap_mon: 'allow r' -ceph_openstack_default_cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms' ceph_pools: - volumes - vms diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index c0f19e23..ce2ab3af 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -28,8 +28,5 @@ if count(hiera('ntp::servers')) > 0 { include ::ntp } -class { 'ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')) -} include ::ceph::profile::client include ::ceph::profile::osd
\ No newline at end of file diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index d02725ab..58834039 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -53,12 +53,6 @@ $nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false) if $nova_enable_rbd_backend { include ::ceph::profile::client include ::nova::compute::rbd - ceph::key { 'client.openstack' : - secret => hiera('ceph::profile::params::mon_key'), - cap_mon => hiera('ceph_openstack_default_cap_mon'), - cap_osd => hiera('ceph_openstack_default_cap_osd'), - user => 'nova', - } } include ::nova::compute::libvirt diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index b08769ad..08f06a98 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -151,16 +151,6 @@ if hiera('step') >= 2 { include ::ceph::profile::mon } - if $cinder_enable_rbd_backend { - ceph::key { 'client.openstack' : - secret => hiera('ceph::profile::params::mon_key'), - cap_mon => hiera('ceph_openstack_default_cap_mon'), - cap_osd => hiera('ceph_openstack_default_cap_osd'), - user => 'cinder', - inject => 'true', - } - } - } #END STEP 2 if hiera('step') >= 3 { |