X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fceph-cluster-config.yaml;h=33b18574abc54442f16ec36c52aff9c629295d2f;hb=1a04849fe81d671843e53a231211e2f773a275ae;hp=dab029f33672cfdf1c66cd08fdec88f2bd63603a;hpb=44a22fc61e24c2efc221edd7085c8f4d44b39fc0;p=apex-tripleo-heat-templates.git diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index dab029f3..33b18574 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: 2015-04-30 description: 'Ceph Cluster config data for Puppet' parameters: @@ -35,11 +35,32 @@ resources: - ',' - {get_param: ceph_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::admin_key: {get_param: ceph_admin_key} ceph::profile::params::mon_key: {get_param: ceph_mon_key} - # We would need a dedicated key for OSD - ceph::profile::params::bootstrap_osd_key: {get_param: ceph_mon_key} - ceph::profile::params::osds: '{"/srv/data": {}}' + # We should use a separated key for the non-admin clients + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.admin: { + secret: 'ADMIN_KEY', + mode: '0600', + cap_mon: 'allow *', + cap_osd: 'allow *', + cap_mds: 'allow *' + }, + client.bootstrap-osd: { + secret: 'ADMIN_KEY', + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + cap_mon: 'allow profile bootstrap-osd' + }, + client.openstack: { + secret: 'ADMIN_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + } + }" + params: + ADMIN_KEY: {get_param: ceph_admin_key} outputs: config_id: