1d5c7f637f
Ceph packages are currently failing to install due to [1]. This commit updates ceph_client/defaults/main.yml to use the latest Ceph signing key. Additionally, we add a new variable ceph_revoked_gpg_keys and task to ensure revoked keys get removed. [1] http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/ Change-Id: I3c3f69c0eb471982c314816ae90a69458e48ded6
87 lines
3.1 KiB
YAML
87 lines
3.1 KiB
YAML
---
|
|
# Copyright 2015, Serge van Ginderachter <serge@vanginderachter.be>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# to user Ceph in OSA, you need to
|
|
# - have the needed pools and a client user (for glance, cinder and/or nova)
|
|
# pre-provisioned in your ceph cluster; OSA assumes to have root access to
|
|
# the monitor hosts
|
|
# - configure / overrules following defaults in osa's user config
|
|
# - some ceph specific vars are (also) part of other role defaults:
|
|
# * glance
|
|
# * nova
|
|
# - cinder gets configured with ceph if there are cinder backends defined with
|
|
# the rbd driver (see openstack_user_config.yml.example)
|
|
|
|
# Ceph GPG Keys
|
|
ceph_gpg_keys:
|
|
- key_name: 'ceph'
|
|
keyserver: 'hkp://keyserver.ubuntu.com:80'
|
|
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
|
|
hash_id: '0xe84ac2c0460f3994'
|
|
|
|
# The apt-key command won't del a key when you give it the hash_id, so we have
|
|
# to use the short key ID here instead.
|
|
ceph_revoked_gpg_keys:
|
|
- '17ED316D'
|
|
|
|
# Ceph Repositories
|
|
ceph_apt_repo_url_region: "www" # or "eu" for Netherlands based mirror
|
|
ceph_stable_release: hammer
|
|
ceph_apt_repo_url: "http://{{ ceph_apt_repo_url_region }}.ceph.com/debian-{{ ceph_stable_release }}/"
|
|
ceph_apt_repo:
|
|
repo: "deb {{ ceph_apt_repo_url }} {{ ansible_lsb.codename }} main"
|
|
state: "present"
|
|
|
|
ceph_apt_pinned_packages: [{ package: "*", release: Inktank, priority: 1001 }]
|
|
|
|
# Ceph Authentication
|
|
cephx: true
|
|
|
|
# Ceph Monitors
|
|
# A list of the IP addresses for your Ceph monitors
|
|
ceph_mons: []
|
|
|
|
# Path to local ceph.conf file
|
|
# Leave this commented to obtain a ceph.conf from one of the monitors defined in ceph_mons
|
|
#ceph_conf_file: |
|
|
# [global]
|
|
# fsid = 4037aa5f-abde-4378-9470-f73dbd6ceaba
|
|
# mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local
|
|
# mon_host = 10.16.5.40,10.16.5.41,10.16.5.42
|
|
# auth_cluster_required = cephx
|
|
# auth_service_required = cephx
|
|
# auth_client_required = cephx
|
|
|
|
# Ceph client usernames for glance and cinder+nova
|
|
glance_ceph_client: glance
|
|
cinder_ceph_client: cinder
|
|
cinder_backup_ceph_client: cinder-backup
|
|
# by default we assume you use rbd for both cinder and nova, and as libvirt
|
|
# needs to access both volumes (cinder) as boot disks (nova) we default to
|
|
# reuse the cinder_ceph_client
|
|
# only need to change this if you'd use ceph for boot disks and not for volumes
|
|
nova_ceph_client: '{{ cinder_ceph_client }}'
|
|
# overruled in user_secrets:
|
|
nova_ceph_client_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
|
|
cephkeys_access_group: cephkeys
|
|
openstack_service_system_user: null
|
|
ceph_cinder_service_names:
|
|
- cinder-volume
|
|
- cinder-backup
|
|
ceph_nova_service_names:
|
|
- nova-compute
|
|
ceph_glance_service_names:
|
|
- glance-api
|