-heat_template_version: 2016-04-08
+heat_template_version: pike
description: >
Ceph base service. Shared by all Ceph services.
type: string
hidden: true
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
- CephIPv6:
- default: False
- type: boolean
CinderRbdPoolName:
default: volumes
type: string
NovaRbdPoolName:
default: vms
type: string
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
DefaultPasswords:
default: {}
type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
value:
service_name: ceph_base
config_settings:
- tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6}
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
- ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::osds: {/srv/data: {}}
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ # FIXME(gfidente): we should not have to list the packages explicitly in the templates,
+ # but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed
+ ceph::params::packages:
+ - ceph-base
+ - ceph-mon
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
str_replace:
template: "NETWORK_subnet"
params:
- NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
- ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]}
+ NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
+ ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
- str_replace:
- template: "{
- client.admin: {
- secret: 'ADMIN_KEY',
- mode: '0600',
- cap_mon: 'allow *',
- cap_osd: 'allow *',
+ map_replace:
+ - client.admin:
+ secret: {get_param: CephAdminKey}
+ mode: '0600'
+ cap_mon: 'allow *'
+ cap_osd: 'allow *'
cap_mds: 'allow *'
- },
- client.bootstrap-osd: {
- secret: 'ADMIN_KEY',
- keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
+ client.bootstrap-osd:
+ secret: {get_param: CephAdminKey}
+ keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
cap_mon: 'allow profile bootstrap-osd'
- },
- client.CLIENT_USER: {
- secret: 'CLIENT_KEY',
- mode: '0644',
- cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
- }
- }"
- params:
- CLIENT_USER: {get_param: CephClientUserName}
- CLIENT_KEY: {get_param: CephClientKey}
- ADMIN_KEY: {get_param: CephAdminKey}
- NOVA_POOL: {get_param: NovaRbdPoolName}
- CINDER_POOL: {get_param: CinderRbdPoolName}
- CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
- GLANCE_POOL: {get_param: GlanceRbdPoolName}
- GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ CEPH_CLIENT_KEY:
+ secret: {get_param: CephClientKey}
+ mode: '0644'
+ cap_mon: 'allow r'
+ cap_osd:
+ str_replace:
+ template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
+ params:
+ NOVA_POOL: {get_param: NovaRbdPoolName}
+ CINDER_POOL: {get_param: CinderRbdPoolName}
+ CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
+ GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ MANILA_CLIENT_KEY:
+ mode: '0644'
+ secret: {get_param: CephManilaClientKey}
+ cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+ cap_mds: 'allow *'
+ cap_osd: 'allow rw'
+ - keys:
+ CEPH_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: CephClientUserName}]]
+ MANILA_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
+ service_config_settings:
+ ceph_osd:
+ ceph::params::packages:
+ - ceph-base
+ - ceph-mon
+ - ceph-osd