ceph-ansible/roles/ceph-client/defaults/main.yml

---
###########
# GENERAL #
###########

copy_admin_key: false

user_config: false
test:
  name: "test"
  pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
  pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
  rule_name: "replicated_rule"
  type: "replicated"
  erasure_profile: ""
  size: ""
test2:
  name: "test2"
  pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
  pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
  rule_name: "replicated_rule"
  type: "replicated"
  erasure_profile: ""
  size: ""
pools:
  - "{{ test }}"
  - "{{ test2 }}"

# Can add `mds_cap` attribute to override the default value which is '' for mds capabilities.
# To have have ansible setfacl the generated key for $user, set the acls var like so:
# acls: ["u:$user:r--"]
#
# Generate a keyring using ceph-authtool CLI or python.
# Eg:
#  $ ceph-authtool --gen-print-key
#  or
#  $ python2 -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)"
keys:
  - { name: client.test, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }
  - { name: client.test2, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-05-11 00:29:27 +08:00			`---`
			`###########`
			`# GENERAL #`
			`###########`

client: do not copy admin key by default Signed-off-by: Sébastien Han <seb@redhat.com> 2017-09-02 06:52:55 +08:00			`copy_admin_key: false`
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-05-11 00:29:27 +08:00
			`user_config: false`
client: implement proper pools creation Just like we did for the monitor and openstack_config we now have the ability to precisely create pools. Signed-off-by: Sébastien Han <seb@redhat.com> 2018-03-07 21:50:27 +08:00			`test:`
			`name: "test"`
			`pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"`
			`pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"`
			`rule_name: "replicated_rule"`
			`type: "replicated"`
			`erasure_profile: ""`
			`size: ""`
			`test2:`
			`name: "test2"`
			`pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"`
			`pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"`
			`rule_name: "replicated_rule"`
			`type: "replicated"`
			`erasure_profile: ""`
			`size: ""`
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-05-11 00:29:27 +08:00			`pools:`
client: implement proper pools creation Just like we did for the monitor and openstack_config we now have the ability to precisely create pools. Signed-off-by: Sébastien Han <seb@redhat.com> 2018-03-07 21:50:27 +08:00			`- "{{ test }}"`
			`- "{{ test2 }}"`
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-05-11 00:29:27 +08:00
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2017-07-13 23:39:35 +08:00			# Can add `mds_cap` attribute to override the default value which is '' for mds capabilities.
Allow user to define ACLs for OpenStack keys The keys and openstack_keys structure now supports an optional key called acls whose value is a list of strings one could pass to setfacl. The ansible ACL module applies the ACLs to all openstack keys with this property. Fixes: #1688 2017-07-20 06:20:18 +08:00			`# To have have ansible setfacl the generated key for $user, set the acls var like so:`
			`# acls: ["u:$user:r--"]`
client: don't try to generate keys the entrypoint to generate users keyring is `ceph-authtool`, therefore, it can expand the `$(ceph-authtool --gen-print-key)` inside the container. Users must generate a keyring themselves. This commit also adds a check to ensure keyring are properly filled when `user_config: true`. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2017-12-12 18:25:26 +08:00			`#`
			`# Generate a keyring using ceph-authtool CLI or python.`
			`# Eg:`
			`# $ ceph-authtool --gen-print-key`
client: don't make `osd_pool_default_pg_num` mandatory making `osd_pool_default_pg_num` mandatory is a bit agressive and is unrelated when you just want to create users keyrings. Closes: #2241 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2017-12-12 18:28:36 +08:00			`# or`
client: don't try to generate keys the entrypoint to generate users keyring is `ceph-authtool`, therefore, it can expand the `$(ceph-authtool --gen-print-key)` inside the container. Users must generate a keyring themselves. This commit also adds a check to ensure keyring are properly filled when `user_config: true`. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2017-12-12 18:25:26 +08:00			`# $ python2 -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)"`
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-05-11 00:29:27 +08:00			`keys:`
client: don't try to generate keys the entrypoint to generate users keyring is `ceph-authtool`, therefore, it can expand the `$(ceph-authtool --gen-print-key)` inside the container. Users must generate a keyring themselves. This commit also adds a check to ensure keyring are properly filled when `user_config: true`. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2017-12-12 18:25:26 +08:00			`- { name: client.test, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }`
			`- { name: client.test2, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }`