aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--puppet/ceph-cluster-config.yaml30
-rw-r--r--puppet/hieradata/ceph.yaml2
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp3
-rw-r--r--puppet/manifests/overcloud_compute.pp6
-rw-r--r--puppet/manifests/overcloud_controller.pp10
5 files changed, 26 insertions, 25 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index dab029f3..e01bd19d 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -35,11 +35,33 @@ resources:
- ','
- {get_param: ceph_mon_ips}
ceph::profile::params::fsid: {get_param: ceph_fsid}
- ceph::profile::params::admin_key: {get_param: ceph_admin_key}
ceph::profile::params::mon_key: {get_param: ceph_mon_key}
- # We would need a dedicated key for OSD
- ceph::profile::params::bootstrap_osd_key: {get_param: ceph_mon_key}
- ceph::profile::params::osds: '{"/srv/data": {}}'
+ ceph::profile::params::osds: "{/srv/data: {}}"
+ # We should use a separated key for the non-admin clients
+ ceph::profile::params::client_keys:
+ str_replace:
+ template: "{
+ client.admin: {
+ secret: 'ADMIN_KEY',
+ mode: '0600',
+ cap_mon: 'allow *',
+ cap_osd: 'allow *',
+ cap_mds: 'allow *'
+ },
+ client.bootstrap-osd: {
+ secret: 'ADMIN_KEY',
+ keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
+ cap_mon: 'allow profile bootstrap-osd'
+ },
+ client.openstack: {
+ secret: 'ADMIN_KEY',
+ mode: '0644',
+ cap_mon: 'allow r',
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms'
+ }
+ }"
+ params:
+ ADMIN_KEY: {get_param: ceph_admin_key}
outputs:
config_id:
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml
index a908b43b..e43b0da5 100644
--- a/puppet/hieradata/ceph.yaml
+++ b/puppet/hieradata/ceph.yaml
@@ -6,8 +6,6 @@ ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
-ceph_openstack_default_cap_mon: 'allow r'
-ceph_openstack_default_cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms'
ceph_pools:
- volumes
- vms
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index c0f19e23..ce2ab3af 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -28,8 +28,5 @@ if count(hiera('ntp::servers')) > 0 {
include ::ntp
}
-class { 'ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members'))
-}
include ::ceph::profile::client
include ::ceph::profile::osd \ No newline at end of file
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index eef468da..c9c87848 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -46,12 +46,6 @@ $nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false)
if $nova_enable_rbd_backend {
include ::ceph::profile::client
include ::nova::compute::rbd
- ceph::key { 'client.openstack' :
- secret => hiera('ceph::profile::params::mon_key'),
- cap_mon => hiera('ceph_openstack_default_cap_mon'),
- cap_osd => hiera('ceph_openstack_default_cap_osd'),
- user => 'nova',
- }
}
include ::nova::compute::libvirt
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 41363039..1c88bae3 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -166,16 +166,6 @@ if hiera('step') >= 2 {
include ::ceph::profile::mon
}
- if $cinder_enable_rbd_backend {
- ceph::key { 'client.openstack' :
- secret => hiera('ceph::profile::params::mon_key'),
- cap_mon => hiera('ceph_openstack_default_cap_mon'),
- cap_osd => hiera('ceph_openstack_default_cap_osd'),
- user => 'cinder',
- inject => 'true',
- }
- }
-
} #END STEP 2
if hiera('step') >= 3 {