summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/ceph-base.yaml18
-rw-r--r--puppet/services/ceph-external.yaml18
-rw-r--r--puppet/services/ceph-mds.yaml12
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml1
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml1
-rw-r--r--puppet/services/manila-backend-cephfs.yaml9
-rw-r--r--puppet/services/nova-compute.yaml2
-rw-r--r--puppet/services/nova-libvirt.yaml2
8 files changed, 48 insertions, 15 deletions
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index ce9f9b9d..f6573f6c 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -11,7 +11,7 @@ parameters:
type: string
hidden: true
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -61,6 +61,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
@@ -133,6 +141,14 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ MANILA_CLIENT_KEY:
+ mode: '0644'
+ secret: {get_param: CephManilaClientKey}
+ cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+ cap_mds: 'allow *'
+ cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
+ MANILA_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index 97e44159..1459b851 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -68,6 +68,14 @@ parameters:
image. Only applies to format 2 images. Set to '1' for Jewel
clients using older Ceph servers.
type: string
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
outputs:
role_data:
@@ -94,9 +102,17 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ MANILA_CLIENT_KEY:
+ mode: '0644'
+ secret: {get_param: CephManilaClientKey}
+ cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+ cap_mds: 'allow *'
+ cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
+ MANILA_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
ceph::profile::params::manage_repo: false
# FIXME(gfidente): we should not have to list the packages explicitly in
# the templates, but this should stay until the following is fixed:
diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml
index c561ea0e..ad799edb 100644
--- a/puppet/services/ceph-mds.yaml
+++ b/puppet/services/ceph-mds.yaml
@@ -35,6 +35,15 @@ parameters:
with ceph-authtool --gen-print-key.
type: string
hidden: true
+ ManilaCephFSDataPoolName:
+ default: manila_data
+ type: string
+ ManilaCephFSMetadataPoolName:
+ default: manila_metadata
+ type: string
+ ManilaCephFSNativeShareBackendName:
+ default: cephfs
+ type: string
resources:
CephBase:
@@ -60,5 +69,8 @@ outputs:
'112 ceph_mds':
dport:
- '6800-7300'
+ ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
+ ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
+ ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config: |
include ::tripleo::profile::base::ceph::mds
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 642685a8..e0173d88 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -86,7 +86,6 @@ outputs:
- - {get_param: HAProxyInternalTLSKeysDirectory}
- '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
- postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
for_each:
NETWORK: {get_attr: [HAProxyNetworks, value]}
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index b2766c44..14d171dc 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -71,7 +71,6 @@ outputs:
- - {get_param: HAProxyInternalTLSKeysDirectory}
- '/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
- postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
metadata_settings:
- service: haproxy
diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml
index 9d6b508b..9207d99f 100644
--- a/puppet/services/manila-backend-cephfs.yaml
+++ b/puppet/services/manila-backend-cephfs.yaml
@@ -52,12 +52,6 @@ parameters:
ManilaCephFSNativeCephFSEnableSnapshots:
type: boolean
default: false
- ManilaCephFSDataPoolName:
- default: manila_data
- type: string
- ManilaCephFSMetadataPoolName:
- default: manila_metadata
- type: string
# (jprovazn) default value is set to assure this templates works with an
# external ceph too (user/key is created only when ceph is deployed by
# TripleO)
@@ -81,7 +75,4 @@ outputs:
manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey}
- ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
- ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
- ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config:
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 36866a3a..22a743e0 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -37,7 +37,7 @@ parameters:
default: openstack
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index e1fe5aa9..df9e88fb 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -34,7 +34,7 @@ parameters:
default: openstack
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID: