Merge "Set file mode permission for Ceph keyrings in containers"
This commit is contained in:
commit
5da47d2e4f
@ -257,7 +257,8 @@ outputs:
|
||||
- {get_param: GnocchiRbdPoolName}
|
||||
# CinderRbdExtraPools is a list (do not indent further)
|
||||
- {get_param: CinderRbdExtraPools}
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
acls: ["u:165:r"] # uid of cinder user
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
@ -267,7 +268,7 @@ outputs:
|
||||
mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"'
|
||||
mds_cap: "allow *"
|
||||
osd_cap: "allow rw"
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
- name:
|
||||
list_join:
|
||||
- '.'
|
||||
@ -276,7 +277,7 @@ outputs:
|
||||
key: {get_param: CephRgwKey}
|
||||
mon_cap: "allow rw"
|
||||
osd_cap: "allow rwx"
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
keys: *openstack_keys
|
||||
pools: []
|
||||
ceph_conf_overrides:
|
||||
|
@ -40,6 +40,9 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
@ -101,6 +104,13 @@ outputs:
|
||||
- path: /var/log/cinder
|
||||
owner: cinder:cinder
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: cinder:cinder
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
step_3:
|
||||
cinder_backup_init_logs:
|
||||
|
@ -49,6 +49,9 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
@ -111,6 +114,13 @@ outputs:
|
||||
- path: /var/log/cinder
|
||||
owner: cinder:cinder
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: cinder:cinder
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
step_3:
|
||||
cinder_volume_init_logs:
|
||||
|
@ -65,6 +65,9 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
@ -133,6 +136,13 @@ outputs:
|
||||
- path: /var/lib/glance
|
||||
owner: glance:glance
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: glance:glance
|
||||
perm: '0600'
|
||||
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
config_files:
|
||||
|
@ -43,6 +43,9 @@ parameters:
|
||||
default: 128
|
||||
description: Number of storage sacks to create.
|
||||
type: number
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
@ -97,6 +100,13 @@ outputs:
|
||||
- path: /var/log/gnocchi
|
||||
owner: gnocchi:gnocchi
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: gnocchi:gnocchi
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
# db sync runs before permissions set by kolla_config
|
||||
step_2:
|
||||
|
@ -36,6 +36,9 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
@ -90,6 +93,13 @@ outputs:
|
||||
- path: /var/log/gnocchi
|
||||
owner: gnocchi:gnocchi
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: gnocchi:gnocchi
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
step_5:
|
||||
gnocchi_metricd:
|
||||
|
@ -36,6 +36,9 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
@ -90,6 +93,13 @@ outputs:
|
||||
- path: /var/log/gnocchi
|
||||
owner: gnocchi:gnocchi
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: gnocchi:gnocchi
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
step_5:
|
||||
gnocchi_statsd:
|
||||
|
@ -36,6 +36,9 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
ManilaCephClientUserName:
|
||||
default: manila
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
@ -90,6 +93,13 @@ outputs:
|
||||
- path: /var/log/manila
|
||||
owner: manila:manila
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: ManilaCephClientUserName}
|
||||
owner: manila:manila
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
step_4:
|
||||
manila_share:
|
||||
|
@ -49,6 +49,9 @@ parameters:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
@ -122,6 +125,13 @@ outputs:
|
||||
- path: /var/lib/nova
|
||||
owner: nova:nova
|
||||
recurse: true
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: nova:nova
|
||||
perm: '0600'
|
||||
docker_config:
|
||||
step_4:
|
||||
nova_compute:
|
||||
|
@ -68,6 +68,9 @@ parameters:
|
||||
CephClusterFSID:
|
||||
type: string
|
||||
description: The Ceph cluster FSID. Must be a UUID.
|
||||
CephClientUserName:
|
||||
default: openstack
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
|
||||
@ -148,6 +151,14 @@ outputs:
|
||||
dest: "/etc/ceph/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path:
|
||||
str_replace:
|
||||
template: /etc/ceph/ceph.client.USER.keyring
|
||||
params:
|
||||
USER: {get_param: CephClientUserName}
|
||||
owner: nova:nova
|
||||
perm: '0600'
|
||||
/var/lib/kolla/config_files/nova_virtlogd.json:
|
||||
command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf
|
||||
config_files:
|
||||
|
Loading…
x
Reference in New Issue
Block a user