Build ganesha idmap.conf file path and apply overrides

As per [1] tripleo-heat-templates now has two parameters that are
supposed to define the location of the idmap.conf file and some
overrides that can be applied via config_template.
This change adds the idmap template and the required tasks to make
it properly rendered in a given location.

[1] https://review.opendev.org/773999

Change-Id: I2b118e6e2184e70d5bccb4ab3cdb7e868ac731e2
This commit is contained in:
Francesco Pantano 2021-06-08 09:55:16 +02:00
parent 2364a067dd
commit 3ff9aaa682
No known key found for this signature in database
GPG Key ID: 0458D4D1F41BD75C
4 changed files with 151 additions and 0 deletions

View File

@ -50,3 +50,5 @@ tripleo_cephadm_internal_tls_enabled: false
tripleo_cephadm_nfs_rados_export_index: 'ganesha-export-index'
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_certs: /etc/pki/tls
tripleo_cephadm_idmap_conf: "/etc/ganesha/idmap.conf"
tripleo_cephadm_idmap_overrides: {}

View File

@ -65,6 +65,17 @@
dest: /etc/ganesha/ganesha.conf
become: true
- name: generate ganesha idmap.conf file
action: config_template
args:
src: "idmap.conf.j2"
dest: "{{ tripleo_cephadm_idmap_conf }}"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ tripleo_cephadm_idmap_overrides }}"
config_type: ini
- name: Render ganesha systemd unit
template:
src: ceph-nfs.service.j2

View File

@ -34,6 +34,7 @@ RADOS_URLS {
NFSv4 {
RecoveryBackend = 'rados_kv';
IdmapConf = "{{ tripleo_cephadm_idmap_conf }}";
}
RADOS_KV {
ceph_conf = '/etc/ceph/{{ tripleo_cephadm_cluster }}.conf';

View File

@ -0,0 +1,137 @@
[General]
#Verbosity = 0
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
#Domain = local.domain.edu
# In multi-domain environments, some NFS servers will append the identity
# management domain to the owner and owner_group in lieu of a true NFSv4
# domain. This option can facilitate lookups in such environments. If
# set to a value other than "none", the nsswitch plugin will first pass
# the name to the password/group lookup function without stripping the
# domain off. If that mapping fails then the plugin will try again using
# the old method (comparing the domain in the string to the Domain value,
# stripping it if it matches, and passing the resulting short name to the
# lookup function). Valid values are "user", "group", "both", and
# "none". The default is "none".
#No-Strip = none
# Winbind has a quirk whereby doing a group lookup in UPN format
# (e.g. staff@americas.example.com) will cause the group to be
# displayed prefixed with the full domain in uppercase
# (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios
# name format (e.g. AMERICAS\staff). Setting this option to true
# causes the name to be reformatted before passing it to the group
# lookup function in order to work around this. This setting is
# ignored unless No-Strip is set to either "both" or "group".
# The default is "false".
#Reformat-Group = false
# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
# local realm, such that <user>@REALM.A can be assumed to
# be the same user as <user>@REALM.B
# If not specified, the default local realm is the domain name,
# which defaults to the host's DNS domain name,
# translated to upper-case.
# Note that if this value is specified, the local realm name
# must be included in the list!
#Local-Realms =
[Mapping]
#Nobody-User = nobody
#Nobody-Group = nobody
[Translation]
# Translation Method is an comma-separated, ordered list of
# translation methods that can be used. Distributed methods
# include "nsswitch", "umich_ldap", and "static". Each method
# is a dynamically loadable plugin library.
# New methods may be defined and inserted in the list.
# The default is "nsswitch".
#Method = nsswitch
# Optional. This is a comma-separated, ordered list of
# translation methods to be used for translating GSS
# authenticated names to ids.
# If this option is omitted, the same methods as those
# specified in "Method" are used.
#GSS-Methods = <alternate method list for translating GSS names>
#-------------------------------------------------------------------#
# The following are used only for the "static" Translation Method.
#-------------------------------------------------------------------#
[Static]
# A "static" list of GSS-Authenticated names to
# local user name mappings
#someuser@REALM = localuser
#-------------------------------------------------------------------#
# The following are used only for the "umich_ldap" Translation Method.
#-------------------------------------------------------------------#
[UMICH_SCHEMA]
# server information (REQUIRED)
LDAP_server = ldap-server.local.domain.edu
# the default search base (REQUIRED)
LDAP_base = dc=local,dc=domain,dc=edu
#-----------------------------------------------------------#
# The remaining options have defaults (as shown)
# and are therefore not required.
#-----------------------------------------------------------#
# whether or not to perform canonicalization on the
# name given as LDAP_server
#LDAP_canonicalize_name = true
# absolute search base for (people) accounts
#LDAP_people_base = <LDAP_base>
# absolute search base for groups
#LDAP_group_base = <LDAP_base>
# Set to true to enable SSL - anything else is not enabled
#LDAP_use_ssl = false
# You must specify a CA certificate location if you enable SSL
#LDAP_ca_cert = /etc/ldapca.cert
# Objectclass mapping information
# Mapping for the person (account) object class
#NFSv4_person_objectclass = NFSv4RemotePerson
# Mapping for the nfsv4name attribute the person object
#NFSv4_name_attr = NFSv4Name
# Mapping for the UID number
#NFSv4_uid_attr = UIDNumber
# Mapping for the GSSAPI Principal name
#GSS_principal_attr = GSSAuthName
# Mapping for the account name attribute (usually uid)
# The value for this attribute must match the value of
# the group member attribute - NFSv4_member_attr
#NFSv4_acctname_attr = uid
# Mapping for the group object class
#NFSv4_group_objectclass = NFSv4RemoteGroup
# Mapping for the GID attribute
#NFSv4_gid_attr = GIDNumber
# Mapping for the Group NFSv4 name
#NFSv4_group_attr = NFSv4Name
# Mapping for the Group member attribute (usually memberUID)
# The value of this attribute must match the value of NFSv4_acctname_attr
#NFSv4_member_attr = memberUID