summaryrefslogtreecommitdiffstats
path: root/puppet/services/ceph-base.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services/ceph-base.yaml')
-rw-r--r--puppet/services/ceph-base.yaml18
1 files changed, 17 insertions, 1 deletions
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index ce9f9b9d..f6573f6c 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -11,7 +11,7 @@ parameters:
type: string
hidden: true
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -61,6 +61,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
@@ -133,6 +141,14 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ MANILA_CLIENT_KEY:
+ mode: '0644'
+ secret: {get_param: CephManilaClientKey}
+ cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+ cap_mds: 'allow *'
+ cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
+ MANILA_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]