1 files changed, 30 insertions, 2 deletions

diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index bf2c86c4..18d3e6a3 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -100,6 +100,14 @@ parameters:
   CephClientUserName:
     default: openstack
     type: string
+  CephRgwClientName:
+    default: radosgw
+    type: string
+  CephRgwKey:
+    description: The cephx key for the radosgw client. Can be created
+                 with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
   CephPoolDefaultSize:
     description: default minimum replication for RBD copies
     type: number
@@ -115,10 +123,13 @@ parameters:
   CephIPv6:
     default: False
     type: boolean
+  SwiftPassword:
+    description: The password for the swift service account
+    type: string
+    hidden: true
   DockerCephDaemonImage:
     description: image
     type: string
-    default: 'ceph/daemon:tag-build-master-jewel-centos-7'
 
 conditions:
   custom_registry_host:
@@ -241,16 +252,33 @@ outputs:
               - - client
                 - {get_param: ManilaCephFSNativeCephFSAuthId}
             key: {get_param: CephManilaClientKey}
-            mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+            mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"'
             mds_cap: "allow *"
             osd_cap: "allow rw"
             mode: "0644"
+          - name:
+              list_join:
+              - '.'
+              - - client
+                - {get_param: CephRgwClientName}
+            key: {get_param: CephRgwKey}
+            mon_cap: "allow rw"
+            osd_cap: "allow rwx"
+            mode: "0644"
           keys: *openstack_keys
           pools: []
           ceph_conf_overrides:
             global:
               osd_pool_default_size: {get_param: CephPoolDefaultSize}
               osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+              rgw_keystone_api_version: 3
+              rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+              rgw_keystone_accepted_roles: 'Member, _member_, admin'
+              rgw_keystone_admin_domain: default
+              rgw_keystone_admin_project: service
+              rgw_keystone_admin_user: swift
+              rgw_keystone_admin_password: {get_param: SwiftPassword}
+              rgw_s3_auth_use_keystone: 'true'
           ntp_service_enabled: false
           generate_fsid: false
           ip_version: