Add DefaultPasswords to composable services

[apex-tripleo-heat-templates.git] / puppet / services / ceph-base.yaml

heat_template_version: 2016-04-08

description: >
  Ceph base service. Shared by all Ceph services.

parameters:
  CephAdminKey:
    description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
    type: string
    hidden: true
  CephClientKey:
    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
    type: string
    hidden: true
  CephClientUserName:
    default: openstack
    type: string
  CephClusterFSID:
    type: string
    description: The Ceph cluster FSID. Must be a UUID.
  CephIPv6:
    default: False
    type: boolean
  CinderRbdPoolName:
    default: volumes
    type: string
  CinderBackupRbdPoolName:
    default: backups
    type: string
  GlanceRbdPoolName:
    default: images
    type: string
  GnocchiRbdPoolName:
    default: metrics
    type: string
  NovaRbdPoolName:
    default: vms
    type: string
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  # DEPRECATED options for compatibility with overcloud.yaml
  # This should be removed and manipulation of the ControllerServices list
  # used instead, but we need client support for that first
  ControllerEnableCephStorage:
    default: false
    description: Whether to deploy Ceph Storage (OSD) on the Controller
    type: boolean

parameter_groups:
- label: deprecated
  description: Do not use deprecated params, they will be removed.
  parameters:
  - ControllerEnableCephStorage

outputs:
  role_data:
    description: Role data for the Ceph base service.
    value:
      service_name: ceph_base
      config_settings:
        tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6}
        tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
        ceph::profile::params::osd_pool_default_min_size: 1
        ceph::profile::params::osds: {/srv/data: {}}
        ceph::profile::params::manage_repo: false
        ceph::profile::params::authentication_type: cephx
        ceph::profile::params::fsid: {get_param: CephClusterFSID}
        ceph::profile::params::client_keys:
          str_replace:
            template: "{
              client.admin: {
                secret: 'ADMIN_KEY',
                mode: '0600',
                cap_mon: 'allow *',
                cap_osd: 'allow *',
                cap_mds: 'allow *'
              },
              client.bootstrap-osd: {
                secret: 'ADMIN_KEY',
                keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
                cap_mon: 'allow profile bootstrap-osd'
              },
              client.CLIENT_USER: {
                secret: 'CLIENT_KEY',
                mode: '0644',
                cap_mon: 'allow r',
                cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
              }
            }"
            params:
              CLIENT_USER: {get_param: CephClientUserName}
              CLIENT_KEY: {get_param: CephClientKey}
              ADMIN_KEY: {get_param: CephAdminKey}
              NOVA_POOL: {get_param: NovaRbdPoolName}
              CINDER_POOL: {get_param: CinderRbdPoolName}
              CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
              GLANCE_POOL: {get_param: GlanceRbdPoolName}
              GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}