CephAnsibleUpgradePlaybook:
type: string
description: Path to the ceph-ansible playbook to execute on upgrade
- default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml
+ default: /usr/share/ceph-ansible/infrastructure-playbooks/switch-from-non-containerized-to-containerized-ceph-daemons.yml
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: vms
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
default: openstack
type: string
+ CephRgwClientName:
+ default: radosgw
+ type: string
+ CephRgwKey:
+ description: The cephx key for the radosgw client. Can be created
+ with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
CephIPv6:
default: False
type: boolean
+ SwiftPassword:
+ description: The password for the swift service account
+ type: string
+ hidden: true
DockerCephDaemonImage:
description: image
type: string
- default: 'ceph/daemon:tag-build-master-jewel-centos-7'
conditions:
custom_registry_host:
if:
- custom_registry_host
- yaql:
- expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1]
+ expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: DockerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
- expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2]
+ expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: DockerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
ireallymeanit: 'yes'
fsid: { get_param: CephClusterFSID }
docker: true
+ ceph_release: jewel
ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]}
ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]}
ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
- - client
- {get_param: ManilaCephFSNativeCephFSAuthId}
key: {get_param: CephManilaClientKey}
- mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+ mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"'
mds_cap: "allow *"
osd_cap: "allow rw"
mode: "0644"
+ - name:
+ list_join:
+ - '.'
+ - - client
+ - {get_param: CephRgwClientName}
+ key: {get_param: CephRgwKey}
+ mon_cap: "allow rw"
+ osd_cap: "allow rwx"
+ mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
global:
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+ rgw_keystone_api_version: 3
+ rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ rgw_keystone_accepted_roles: 'Member, _member_, admin'
+ rgw_keystone_admin_domain: default
+ rgw_keystone_admin_project: service
+ rgw_keystone_admin_user: swift
+ rgw_keystone_admin_password: {get_param: SwiftPassword}
+ rgw_s3_auth_use_keystone: 'true'
ntp_service_enabled: false
generate_fsid: false
ip_version: