Allow customization of Ceph client user

Previously we enforced the Ceph user used by the OpenStack clients
to be named 'openstack', this change allows for customization
of such a name.

Change-Id: Idef3e1ed4e8e21b645081869b8d6fad2329bdc60

diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index f22967f..7f5b508 100644 (file)
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -14,10 +14,12 @@ parameter_defaults:
   CinderEnableRbdBackend: true
   GlanceBackend: rbd
   # If the Ceph pools which host VMs, Volumes and Images do not match these
-  # names, edit the following as needed.
+  # names OR the client keyring to use is not named 'openstack',  edit the
+  # following as needed.
   NovaRbdPoolName: vms
   CinderRbdPoolName: volumes
   GlanceRbdPoolName: images
+  CephClientUserName: openstack
 
   # finally we disable the Cinder LVM backend
   CinderEnableIscsiBackend: false

diff --git a/os-apply-config/ceph-cluster-config.yaml b/os-apply-config/ceph-cluster-config.yaml
index 4e435ff..115de08 100644 (file)
--- a/os-apply-config/ceph-cluster-config.yaml
+++ b/os-apply-config/ceph-cluster-config.yaml
@@ -13,7 +13,7 @@ parameters:
   ceph_client_key:
     default: ''
     type: string
-    description: Ceph key used to create the 'openstack' user keyring.
+    description: Ceph key used to create the client user keyring.
   ceph_fsid:
     default: ''
     type: string
@@ -36,6 +36,9 @@ parameters:
   GlanceRbdPoolName:
     default: images
     type: string
+  CephClientUserName:
+    default: openstack
+    type: string
 
 resources:
   CephClusterConfigImpl:

diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 5e54a62..96198c3 100644 (file)
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -13,7 +13,7 @@ parameters:
   ceph_client_key:
     default: ''
     type: string
-    description: Ceph key used to create the 'openstack' user keyring.
+    description: Ceph key used to create the client user keyring.
   ceph_fsid:
     default: ''
     type: string
@@ -36,6 +36,9 @@ parameters:
   GlanceRbdPoolName:
     default: images
     type: string
+  CephClientUserName:
+    default: openstack
+    type: string
 
 resources:
   CephClusterConfigImpl:
@@ -74,7 +77,7 @@ resources:
                         keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
                         cap_mon: 'allow profile bootstrap-osd'
                       },
-                      client.openstack: {
+                      client.CLIENT_USER: {
                         secret: 'ADMIN_KEY',
                         mode: '0644',
                         cap_mon: 'allow r',
@@ -82,6 +85,7 @@ resources:
                       }
                     }"
                     params:
+                      CLIENT_USER: {get_param: CephClientUserName}
                       ADMIN_KEY: {get_param: ceph_admin_key}
                       NOVA_POOL: {get_param: NovaRbdPoolName}
                       CINDER_POOL: {get_param: CinderRbdPoolName}
@@ -89,6 +93,14 @@ resources:
                 nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
                 cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
                 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+                nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+                glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+                nova::compute::rbd::rbd_keyring:
+                  list_join:
+                  - '.'
+                  - - 'client'
+                    - {get_param: CephClientUserName}
+                ceph_client_user_name: {get_param: CephClientUserName}
                 ceph_pools:
                   - {get_param: CinderRbdPoolName}
                   - {get_param: NovaRbdPoolName}

diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index fadc8a0..7cefc24 100644 (file)
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -38,6 +38,9 @@ parameters:
   GlanceRbdPoolName:
     default: images
     type: string
+  CephClientUserName:
+    default: openstack
+    type: string
 
 resources:
   CephClusterConfigImpl:
@@ -56,7 +59,7 @@ resources:
                 ceph::profile::params::client_keys:
                   str_replace:
                     template: "{
-                      client.openstack: {
+                      client.CLIENT_USER: {
                         secret: 'CLIENT_KEY',
                         mode: '0644',
                         cap_mon: 'allow r',
@@ -64,6 +67,7 @@ resources:
                       }
                     }"
                     params:
+                      CLIENT_USER: {get_param: CephClientUserName}
                       CLIENT_KEY: {get_param: ceph_client_key}
                       NOVA_POOL: {get_param: NovaRbdPoolName}
                       CINDER_POOL: {get_param: CinderRbdPoolName}
@@ -71,6 +75,14 @@ resources:
                 nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
                 cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
                 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+                nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+                glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName}
+                nova::compute::rbd::rbd_keyring:
+                  list_join:
+                  - '.'
+                  - - 'client'
+                    - {get_param: CephClientUserName}
+                ceph_client_user_name: {get_param: CephClientUserName}
                 ceph_pools:
                   - {get_param: CinderRbdPoolName}
                   - {get_param: NovaRbdPoolName}

diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 659008a..173020f 100644 (file)
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -10,8 +10,6 @@ nova::compute::vnc_enabled: true
 nova::compute::libvirt::vncserver_listen: '0.0.0.0'
 nova::compute::libvirt::migration_support: true
 
-nova::compute::rbd::libvirt_rbd_user: 'openstack'
-nova::compute::rbd::rbd_keyring: 'client.openstack'
 nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
 
 ceilometer::agent::auth::auth_tenant_name: 'service'

diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 2150bab..cd82554 100644 (file)
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -49,8 +49,9 @@ if $rbd_ephemeral_storage or $rbd_persistent_storage {
   include ::ceph::profile::client
 
   $client_keys = hiera('ceph::profile::params::client_keys')
+  $client_user = join(['client.', hiera('ceph_client_user_name')])
   class { '::nova::compute::rbd':
-    libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'],
+    libvirt_rbd_secret_key => $client_keys[$client_user]['secret'],
   }
 }
 

diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index f5b69f7..523e489 100644 (file)
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -327,7 +327,7 @@ if hiera('step') >= 3 {
 
     cinder::backend::rbd { $cinder_rbd_backend :
       rbd_pool        => hiera('cinder_rbd_pool_name'),
-      rbd_user        => 'openstack',
+      rbd_user        => hiera('ceph_client_user_name'),
       rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
       require         => $cinder_pool_requires,
     }

diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 153b25e..5641fba 100644 (file)
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -703,7 +703,7 @@ if hiera('step') >= 3 {
 
     cinder::backend::rbd { $cinder_rbd_backend :
       rbd_pool        => hiera('cinder_rbd_pool_name'),
-      rbd_user        => 'openstack',
+      rbd_user        => hiera('ceph_client_user_name'),
       rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
       require         => $cinder_pool_requires,
     }