Merge "Fix cinder's cephx keyring file permissions" into stable/wallaby

This commit is contained in:
Zuul 2021-06-08 21:32:59 +00:00 committed by Gerrit Code Review
commit 902594d776
1 changed files with 30 additions and 20 deletions

View File

@ -87,23 +87,34 @@ parameters:
description: > description: >
The Ceph cluster name must be at least 1 character and contain only The Ceph cluster name must be at least 1 character and contain only
letters and numbers. letters and numbers.
CinderRbdMultiConfig: CephExternalMultiConfig:
type: json type: json
default: {} hidden: true
description: | description: |
Dictionary of settings when configuring multiple RBD backends. The List of maps describing extra overrides which will be applied when configuring
hash key is the backend name, and the value is a dictionary of parameter extra external Ceph clusters. If this list is non-empty, ceph-ansible will run
values unique to that backend. The following parameters are required, an extra count(list) times using the same parameters as the first run except
and must match the corresponding value defined in CephExternalMultiConfig. each parameter within each map will override the defaults. If the following
CephClusterName (must match the CephExternalMultiConfig entry's 'cluster') were used, the second run would configure the overcloud to also use the ceph2
CephClusterFSID (must match the CephExternalMultiConfig entry's 'fsid') cluster with all the previous parameters except /etc/ceph/ceph2.conf would have
The following parameters are optional, and override the corresponding a mon_host entry containing the value of external_cluster_mon_ips below, and
parameter's default value. not the default CephExternalMonHost. Subsequent ceph-ansible runs are restricted
CephClientUserName to just ceph clients. CephExternalMultiConfig may not be used to deploy additional
CinderRbdPoolName internal Ceph clusters within one Heat stack. The map for each list should contain
CinderRbdExtraPools not tripleo-heat-template parameters but ceph-ansible parameters.
CinderRbdAvailabilityZone - cluster: 'ceph2'
CinderRbdFlattenVolumeFromSnapshot fsid: 'e2cba068-5f14-4b0f-b047-acf375c0004a'
external_cluster_mon_ips: '172.18.0.5,172.18.0.6,172.18.0.7'
keys:
- name: "client.openstack"
caps:
mgr: "allow *"
mon: "profile rbd"
osd: "osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms, profile rbd pool=images"
key: "AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q=="
mode: "0600"
dashboard_enabled: false
default: []
conditions: conditions:
cvol_active_active_tls_enabled: cvol_active_active_tls_enabled:
@ -194,16 +205,15 @@ outputs:
owner: cinder:cinder owner: cinder:cinder
- repeat: - repeat:
template: template:
path: /etc/ceph/<%keyring%> path: /etc/ceph/<%cluster%>.client.*.keyring
owner: cinder:cinder owner: cinder:cinder
perm: '0600' perm: '0600'
for_each: for_each:
<%keyring%>: <%cluster%>:
yaql: yaql:
expression: let(u => $.data.default_user) -> $.data.multiconfig.values().select("{0}.client.{1}.keyring".format($.CephClusterName, $.get("CephClientUserName", $u))) expression: $.data.multiconfig.select($.cluster)
data: data:
default_user: {get_param: CephClientUserName} multiconfig: {get_param: CephExternalMultiConfig}
multiconfig: {get_param: CinderRbdMultiConfig}
cinder_volume_host_prep_tasks: cinder_volume_host_prep_tasks:
description: Host prep tasks for the cinder-volume service (HA or non-HA) description: Host prep tasks for the cinder-volume service (HA or non-HA)