Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Use heat inputs for network port settings
[apex-tripleo-heat-templates.git] / puppet / ceph-cluster-config.yaml
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index dab029f..33b1857 100644 (file)
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2014-10-16
+heat_template_version: 2015-04-30
 description: 'Ceph Cluster config data for Puppet'
 
 parameters:
@@ -35,11 +35,32 @@ resources:
                   - ','
                   - {get_param: ceph_mon_ips}
                 ceph::profile::params::fsid: {get_param: ceph_fsid}
-                ceph::profile::params::admin_key: {get_param: ceph_admin_key}
                 ceph::profile::params::mon_key: {get_param: ceph_mon_key}
-                # We would need a dedicated key for OSD
-                ceph::profile::params::bootstrap_osd_key: {get_param: ceph_mon_key}
-                ceph::profile::params::osds: '{"/srv/data": {}}'
+                # We should use a separated key for the non-admin clients
+                ceph::profile::params::client_keys:
+                  str_replace:
+                    template: "{
+                      client.admin: {
+                        secret: 'ADMIN_KEY',
+                        mode: '0600',
+                        cap_mon: 'allow *',
+                        cap_osd: 'allow *',
+                        cap_mds: 'allow *'
+                      },
+                      client.bootstrap-osd: {
+                        secret: 'ADMIN_KEY',
+                        keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
+                        cap_mon: 'allow profile bootstrap-osd'
+                      },
+                      client.openstack: {
+                        secret: 'ADMIN_KEY',
+                        mode: '0644',
+                        cap_mon: 'allow r',
+                        cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images'
+                      }
+                    }"
+                    params:
+                      ADMIN_KEY: {get_param: ceph_admin_key}
 
 outputs:
   config_id: