X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fceph-external.yaml;h=1459b851674c2ce59cf79bb1ed1f8c10a6a34ec1;hb=refs%2Fheads%2Fmaster;hp=65e6ea80ccbede6cdbc8c826e0308e21b540fd6e;hpb=0ff01e369c84232c439f98799a623f04f36b7f0c;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index 65e6ea80..1459b851 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -5,7 +5,7 @@ description: >
 
 parameters:
   CephClientKey:
-    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
   CephClientUserName:
@@ -33,6 +33,10 @@ parameters:
   NovaRbdPoolName:
     default: vms
     type: string
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -64,6 +68,14 @@ parameters:
                  image. Only applies to format 2 images. Set to '1' for Jewel
                  clients using older Ceph servers.
     type: string
+  ManilaCephFSNativeCephFSAuthId:
+    type: string
+    default: 'manila'
+  CephManilaClientKey:
+    default: ''
+    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
 
 outputs:
   role_data:
@@ -90,9 +102,17 @@ outputs:
                       CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
                       GLANCE_POOL: {get_param: GlanceRbdPoolName}
                       GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+              MANILA_CLIENT_KEY:
+                mode: '0644'
+                secret: {get_param: CephManilaClientKey}
+                cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+                cap_mds: 'allow *'
+                cap_osd: 'allow rw'
             - keys:
                 CEPH_CLIENT_KEY:
                   list_join: ['.', ['client', {get_param: CephClientUserName}]]
+                MANILA_CLIENT_KEY:
+                  list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
         ceph::profile::params::manage_repo: false
         # FIXME(gfidente): we should not have to list the packages explicitly in
         # the templates, but this should stay until the following is fixed: