- - ','
- - {get_param: ceph_mon_ips}
- ceph::profile::params::fsid: {get_param: ceph_fsid}
- ceph::profile::params::mon_key: {get_param: ceph_mon_key}
- # We should use a separated key for the non-admin clients
- ceph::profile::params::client_keys:
- str_replace:
- template: "{
- client.admin: {
- secret: 'ADMIN_KEY',
- mode: '0600',
- cap_mon: 'allow *',
- cap_osd: 'allow *',
- cap_mds: 'allow *'
- },
- client.bootstrap-osd: {
- secret: 'ADMIN_KEY',
- keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
- cap_mon: 'allow profile bootstrap-osd'
- },
- client.openstack: {
- secret: 'ADMIN_KEY',
- mode: '0644',
- cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images'
- }
- }"
- params:
- ADMIN_KEY: {get_param: ceph_admin_key}