set ganesha idmap.conf file path and overrides
Traditionally, Ganesha consumes /etc/idmapd.conf, which controls
mapping of user/owner identities under NFSv4+. With containerized service
deployment, this file has beenan immutable part of the container image
and could not be modified.
Recently ceph-ansible was modified to allow the user to set the path
for idmapd.conf and to override ini settings in this file by supplying
json configuration for the overrides in the same way that it can be
supplied for ceph.conf overrides [1]. Also, the default path setting
for the idmapd.conf file is /etc/ganesha/idmap.conf, which already is
reflected into containerized ganesha under /etc/ganesha, solving the
immutability issue. If no overrides are supplied, the file put in this
location will match that originally frozen into the container, so there
is no issue here with backwards compatibility.
This change exposes parameters for idmap.conf file path and override
contents in TripleO and passes them into ceph-ansible. It also sets up
these parameters for cephadm. Cephadm support for OpenStack Ganesha
is WIP so there will likely need to be a followup patch to make these
effective when cephadm replaces ceph ansible.
[1] https://github.com/ceph/ceph-ansible/pull/6422
Change-Id: I422e49f0027efbbb25256d8b4718eb0aa78d90a4
(cherry picked from commit 9a42686dc7
)
This commit is contained in:
parent
fc352f94f2
commit
b2a8641a5c
|
@ -30,6 +30,13 @@ parameters:
|
||||||
ManilaCephFSCephFSAuthId:
|
ManilaCephFSCephFSAuthId:
|
||||||
type: string
|
type: string
|
||||||
default: 'manila'
|
default: 'manila'
|
||||||
|
ManilaCephFSNFSIdmapConf:
|
||||||
|
type: string
|
||||||
|
default: '/etc/ganesha/idmap.conf'
|
||||||
|
ManilaCephFSNFSIdmapOverrides:
|
||||||
|
type: json
|
||||||
|
description: Extra config settings to dump into idmap.conf
|
||||||
|
default: {}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
CephBase:
|
CephBase:
|
||||||
|
@ -123,6 +130,8 @@ outputs:
|
||||||
ceph_nfs_rados_backend: true
|
ceph_nfs_rados_backend: true
|
||||||
ceph_nfs_disable_caching: true
|
ceph_nfs_disable_caching: true
|
||||||
ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
|
ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
|
||||||
|
ceph_nfs_idmap_conf: {get_param: ManilaCephFSNFSIdmapConf}
|
||||||
|
ceph_nfs_idmap_overrides: {get_param: ManilaCephFSNFSIdmapOverrides}
|
||||||
- name: generate ceph-ansible group vars nfss
|
- name: generate ceph-ansible group vars nfss
|
||||||
copy:
|
copy:
|
||||||
dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml"
|
dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml"
|
||||||
|
|
|
@ -33,6 +33,13 @@ parameters:
|
||||||
ManilaCephFSCephFSAuthId:
|
ManilaCephFSCephFSAuthId:
|
||||||
type: string
|
type: string
|
||||||
default: 'manila'
|
default: 'manila'
|
||||||
|
ManilaCephFSNFSIdmapConf:
|
||||||
|
type: string
|
||||||
|
default: '/etc/ganesha/idmap.conf'
|
||||||
|
ManilaCephFSNFSIdmapOverrides:
|
||||||
|
type: json
|
||||||
|
description: Extra config settings to dump into idmap.conf
|
||||||
|
default: {}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
CephBase:
|
CephBase:
|
||||||
|
|
|
@ -20,6 +20,10 @@ parameter_defaults:
|
||||||
# (users mount shares directly from ceph cluster), or nfs-ganesha backend -
|
# (users mount shares directly from ceph cluster), or nfs-ganesha backend -
|
||||||
# 'NFS' (users mount shares through nfs-ganesha server)
|
# 'NFS' (users mount shares through nfs-ganesha server)
|
||||||
ManilaCephFSCephFSProtocolHelperType: 'NFS'
|
ManilaCephFSCephFSProtocolHelperType: 'NFS'
|
||||||
|
# Use ManilaCephFSNFSIdmapConf to change the path of the idmap.conf file consumed by ganesha
|
||||||
|
ManilaCephFSNFSIdmapConf: '/etc/ganesha/idmap.conf'
|
||||||
|
# Use ManilaCephFSNFSIdmapOverrides to overide ini configuration in the idmap.conf file
|
||||||
|
ManilaCephFSNFSIdmapOverrides: {}
|
||||||
# Uncomment the following and set them appropriately if the Ceph cluster is
|
# Uncomment the following and set them appropriately if the Ceph cluster is
|
||||||
# external and you need to use a specific keyring/key and pool to access the
|
# external and you need to use a specific keyring/key and pool to access the
|
||||||
# CephFS share
|
# CephFS share
|
||||||
|
|
Loading…
Reference in New Issue