2016-05-11 00:29:27 +08:00
|
|
|
---
|
|
|
|
###########
|
|
|
|
# GENERAL #
|
|
|
|
###########
|
|
|
|
|
2018-04-11 23:15:29 +08:00
|
|
|
# Even though Client nodes should not have the admin key
|
|
|
|
# at their disposal, some people might want to have it
|
|
|
|
# distributed on Client nodes. Setting 'copy_admin_key' to 'true'
|
|
|
|
# will copy the admin key to the /etc/ceph/ directory
|
2017-09-02 06:52:55 +08:00
|
|
|
copy_admin_key: false
|
2016-05-11 00:29:27 +08:00
|
|
|
|
|
|
|
user_config: false
|
2018-03-07 21:50:27 +08:00
|
|
|
test:
|
|
|
|
name: "test"
|
|
|
|
pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
|
|
|
|
pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
|
|
|
|
rule_name: "replicated_rule"
|
2018-04-25 23:33:35 +08:00
|
|
|
type: 1
|
2018-03-07 21:50:27 +08:00
|
|
|
erasure_profile: ""
|
2018-03-26 04:36:27 +08:00
|
|
|
expected_num_objects: ""
|
2018-10-01 23:11:13 +08:00
|
|
|
size: ""
|
2018-03-07 21:50:27 +08:00
|
|
|
test2:
|
|
|
|
name: "test2"
|
|
|
|
pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
|
|
|
|
pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
|
|
|
|
rule_name: "replicated_rule"
|
2018-04-25 23:33:35 +08:00
|
|
|
type: 1
|
2018-03-07 21:50:27 +08:00
|
|
|
erasure_profile: ""
|
2018-03-26 04:36:27 +08:00
|
|
|
expected_num_objects: ""
|
2018-10-01 23:11:13 +08:00
|
|
|
size: ""
|
2016-05-11 00:29:27 +08:00
|
|
|
pools:
|
2018-03-07 21:50:27 +08:00
|
|
|
- "{{ test }}"
|
|
|
|
- "{{ test2 }}"
|
2016-05-11 00:29:27 +08:00
|
|
|
|
2017-12-12 18:25:26 +08:00
|
|
|
# Generate a keyring using ceph-authtool CLI or python.
|
|
|
|
# Eg:
|
|
|
|
# $ ceph-authtool --gen-print-key
|
2017-12-12 18:28:36 +08:00
|
|
|
# or
|
2017-12-12 18:25:26 +08:00
|
|
|
# $ python2 -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)"
|
2018-04-04 22:22:36 +08:00
|
|
|
#
|
|
|
|
# To use a particular secret, you have to add 'key' to the dict below, so something like:
|
|
|
|
# - { name: client.test, key: "AQAin8tUMICVFBAALRHNrV0Z4MXupRw4v9JQ6Q==" ...
|
2018-06-25 21:12:56 +08:00
|
|
|
|
2016-05-11 00:29:27 +08:00
|
|
|
keys:
|
2018-06-25 21:12:56 +08:00
|
|
|
- { name: client.test, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test" }, mode: "{{ ceph_keyring_permissions }}" }
|
|
|
|
- { name: client.test2, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test2" }, mode: "{{ ceph_keyring_permissions }}" }
|