Introduce CephExtraKeys
Introduce the CephExtraKeys parameter which may be used
have the newly deployed Ceph cluster create additional
keys which may be used by clients to access the cluster.
This parameter will useful for the multiple-external-ceph
blueprint because an operator would use CephExtraKeys to
create a cluster with a new key and that same key could
then be passed to a subsequent deployment to access the
same Ceph cluster. The alternative is to require the
operator to create this key manually between doing split
control plane deployments.
Change-Id: Ic47c2ad47e15e7e7bf56b300517e333f7ebd4013
Implements: blueprint multiple-external-ceph
(cherry picked from commit 182f77d913
)
This commit is contained in:
parent
bdc5508f70
commit
30bde6129c
|
@ -84,6 +84,14 @@ parameter_defaults:
|
|||
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
|
||||
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
|
||||
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
|
||||
CephExtraKeys:
|
||||
- name: "client.glance"
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "profile rbd"
|
||||
osd: "profile rbd pool=images"
|
||||
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
|
||||
mode: "0600"
|
||||
CephAnsiblePlaybookVerbosity: 1
|
||||
CephAnsibleEnvironmentVariables:
|
||||
ANSIBLE_SSH_RETRIES: '4'
|
||||
|
|
|
@ -216,7 +216,6 @@ parameters:
|
|||
ContainerImageRegistryCredentials:
|
||||
type: json
|
||||
hidden: true
|
||||
default: {}
|
||||
description: |
|
||||
Mapping of image registry hosts to login credentials. Must be in the following example format
|
||||
|
||||
|
@ -224,6 +223,22 @@ parameters:
|
|||
username: pa55word
|
||||
'192.0.2.1:8787':
|
||||
registry_username: password
|
||||
default: {}
|
||||
CephExtraKeys:
|
||||
type: json
|
||||
hidden: true
|
||||
description: |
|
||||
List of maps describing extra keys which will be created on the deployed
|
||||
Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each
|
||||
item in the list must be in the following example format
|
||||
- name: "client.glance"
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "profile rbd"
|
||||
osd: "profile rbd pool=images"
|
||||
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
|
||||
mode: "0600"
|
||||
default: []
|
||||
|
||||
parameter_groups:
|
||||
- label: deprecated
|
||||
|
@ -402,63 +417,65 @@ resources:
|
|||
application: openstack_gnocchi
|
||||
- {get_param: CephPools}
|
||||
openstack_keys: &openstack_keys
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
- - client
|
||||
- {get_param: CephClientUserName}
|
||||
key: {get_param: CephClientKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "profile rbd"
|
||||
osd:
|
||||
list_join:
|
||||
- ', '
|
||||
- repeat:
|
||||
template: 'profile rbd pool=<%pool%>'
|
||||
for_each:
|
||||
<%pool%>:
|
||||
list_concat_unique:
|
||||
- - {get_param: CinderRbdPoolName}
|
||||
- {get_param: CinderBackupRbdPoolName}
|
||||
- if:
|
||||
- equals: [{get_param: [RoleParameters, NovaRbdPoolName]}, '']
|
||||
- {get_param: NovaRbdPoolName}
|
||||
- {get_param: [RoleParameters, NovaRbdPoolName]}
|
||||
- {get_param: GlanceRbdPoolName}
|
||||
- if:
|
||||
- equals: [{get_param: GnocchiRbdPoolName}, '']
|
||||
- []
|
||||
- [{get_param: GnocchiRbdPoolName}]
|
||||
# CinderRbdExtraPools is a list (do not indent further)
|
||||
- {get_param: CinderRbdExtraPools}
|
||||
- yaql:
|
||||
data: {get_param: CephPools}
|
||||
expression: $.data.select($.name)
|
||||
mode: "0600"
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
- - client
|
||||
- {get_param: ManilaCephFSCephFSAuthId}
|
||||
key: {get_param: CephManilaClientKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "allow r, allow command 'auth del', allow command 'auth caps', allow command 'auth get', allow command 'auth get-or-create'"
|
||||
mds: "allow *"
|
||||
osd: "allow rw"
|
||||
mode: "0600"
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
- - client
|
||||
- {get_param: CephRgwClientName}
|
||||
key: {get_param: CephRgwKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "allow rw"
|
||||
osd: "allow rwx"
|
||||
mode: "0600"
|
||||
list_concat_unique:
|
||||
- - name:
|
||||
list_join:
|
||||
- '.'
|
||||
- - client
|
||||
- {get_param: CephClientUserName}
|
||||
key: {get_param: CephClientKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "profile rbd"
|
||||
osd:
|
||||
list_join:
|
||||
- ', '
|
||||
- repeat:
|
||||
template: 'profile rbd pool=<%pool%>'
|
||||
for_each:
|
||||
<%pool%>:
|
||||
list_concat_unique:
|
||||
- - {get_param: CinderRbdPoolName}
|
||||
- {get_param: CinderBackupRbdPoolName}
|
||||
- if:
|
||||
- equals: [{get_param: [RoleParameters, NovaRbdPoolName]}, '']
|
||||
- {get_param: NovaRbdPoolName}
|
||||
- {get_param: [RoleParameters, NovaRbdPoolName]}
|
||||
- {get_param: GlanceRbdPoolName}
|
||||
- if:
|
||||
- equals: [{get_param: GnocchiRbdPoolName}, '']
|
||||
- []
|
||||
- [{get_param: GnocchiRbdPoolName}]
|
||||
# CinderRbdExtraPools is a list (do not indent further)
|
||||
- {get_param: CinderRbdExtraPools}
|
||||
- yaql:
|
||||
data: {get_param: CephPools}
|
||||
expression: $.data.select($.name)
|
||||
mode: "0600"
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
- - client
|
||||
- {get_param: ManilaCephFSCephFSAuthId}
|
||||
key: {get_param: CephManilaClientKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "allow r, allow command 'auth del', allow command 'auth caps', allow command 'auth get', allow command 'auth get-or-create'"
|
||||
mds: "allow *"
|
||||
osd: "allow rw"
|
||||
mode: "0600"
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
- - client
|
||||
- {get_param: CephRgwClientName}
|
||||
key: {get_param: CephRgwKey}
|
||||
caps:
|
||||
mgr: "allow *"
|
||||
mon: "allow rw"
|
||||
osd: "allow rwx"
|
||||
mode: "0600"
|
||||
- {get_param: CephExtraKeys}
|
||||
keys: *openstack_keys
|
||||
ceph_conf_overrides:
|
||||
if:
|
||||
|
|
Loading…
Reference in New Issue