diff options
-rw-r--r-- | environments/puppet-ceph-external.yaml | 4 | ||||
-rw-r--r-- | os-apply-config/ceph-cluster-config.yaml | 5 | ||||
-rw-r--r-- | puppet/ceph-cluster-config.yaml | 16 | ||||
-rw-r--r-- | puppet/extraconfig/ceph/ceph-external-config.yaml | 14 | ||||
-rw-r--r-- | puppet/hieradata/compute.yaml | 2 | ||||
-rw-r--r-- | puppet/manifests/overcloud_compute.pp | 3 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 2 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 2 |
8 files changed, 38 insertions, 10 deletions
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index f22967f4..7f5b5080 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -14,10 +14,12 @@ parameter_defaults: CinderEnableRbdBackend: true GlanceBackend: rbd # If the Ceph pools which host VMs, Volumes and Images do not match these - # names, edit the following as needed. + # names OR the client keyring to use is not named 'openstack', edit the + # following as needed. NovaRbdPoolName: vms CinderRbdPoolName: volumes GlanceRbdPoolName: images + CephClientUserName: openstack # finally we disable the Cinder LVM backend CinderEnableIscsiBackend: false diff --git a/os-apply-config/ceph-cluster-config.yaml b/os-apply-config/ceph-cluster-config.yaml index 4e435ffb..115de085 100644 --- a/os-apply-config/ceph-cluster-config.yaml +++ b/os-apply-config/ceph-cluster-config.yaml @@ -13,7 +13,7 @@ parameters: ceph_client_key: default: '' type: string - description: Ceph key used to create the 'openstack' user keyring. + description: Ceph key used to create the client user keyring. ceph_fsid: default: '' type: string @@ -36,6 +36,9 @@ parameters: GlanceRbdPoolName: default: images type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 5e54a621..96198c3f 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -13,7 +13,7 @@ parameters: ceph_client_key: default: '' type: string - description: Ceph key used to create the 'openstack' user keyring. + description: Ceph key used to create the client user keyring. ceph_fsid: default: '' type: string @@ -36,6 +36,9 @@ parameters: GlanceRbdPoolName: default: images type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -74,7 +77,7 @@ resources: keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', cap_mon: 'allow profile bootstrap-osd' }, - client.openstack: { + client.CLIENT_USER: { secret: 'ADMIN_KEY', mode: '0644', cap_mon: 'allow r', @@ -82,6 +85,7 @@ resources: } }" params: + CLIENT_USER: {get_param: CephClientUserName} ADMIN_KEY: {get_param: ceph_admin_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} @@ -89,6 +93,14 @@ resources: nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index fadc8a00..7cefc24b 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -38,6 +38,9 @@ parameters: GlanceRbdPoolName: default: images type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -56,7 +59,7 @@ resources: ceph::profile::params::client_keys: str_replace: template: "{ - client.openstack: { + client.CLIENT_USER: { secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', @@ -64,6 +67,7 @@ resources: } }" params: + CLIENT_USER: {get_param: CephClientUserName} CLIENT_KEY: {get_param: ceph_client_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} @@ -71,6 +75,14 @@ resources: nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 659008a5..173020f8 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -10,8 +10,6 @@ nova::compute::vnc_enabled: true nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true -nova::compute::rbd::libvirt_rbd_user: 'openstack' -nova::compute::rbd::rbd_keyring: 'client.openstack' nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 4c927569..cd41cc79 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -49,8 +49,9 @@ if $rbd_ephemeral_storage or $rbd_persistent_storage { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') + $client_user = join(['client.', hiera('ceph_client_user_name')]) class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'], + libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], } } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 695cb519..f1c24f0d 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -327,7 +327,7 @@ if hiera('step') >= 3 { cinder::backend::rbd { $cinder_rbd_backend : rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => 'openstack', + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), require => $cinder_pool_requires, } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 91bc1b14..3edd7ded 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -703,7 +703,7 @@ if hiera('step') >= 3 { cinder::backend::rbd { $cinder_rbd_backend : rbd_pool => hiera('cinder_rbd_pool_name'), - rbd_user => 'openstack', + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), require => $cinder_pool_requires, } |