Merge pull request #267 from leseb/rgw-keystone

Add support for Rados Gateway configuration with Keystone
2015-06-03 22:24:15 +02:00 · 2015-06-03 22:24:15 +02:00 · 26dba2eef2
parent a86439f2d2 bdd4cc4363
commit 26dba2eef2
5 changed files with 42 additions and 0 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -112,6 +112,14 @@ dummy:
 #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls
 #radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-radosgw/defaults/main.yml
 #radosgw_civetweb_port: 80
 #radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
 #radosgw_keystone_admin_token: password
 #radosgw_keystone_accepted_roles: Member, _member_, admin
 #radosgw_keystone_token_cache_size: 10000
 #radosgw_keystone_revocation_internal: 900
 #radosgw_s3_auth_use_keystone: "true"
 #radosgw_nss_db_path: /var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss
 ## REST API options
 #
--- a/roles/ceph-common/defaults/main.yml
+++ b/roles/ceph-common/defaults/main.yml
@ -127,6 +127,14 @@ radosgw: false # referenced in monitor role too.
 #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls
 radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-radosgw/defaults/main.yml
 radosgw_civetweb_port: 80
 radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
 radosgw_keystone_admin_token: password
 radosgw_keystone_accepted_roles: Member, _member_, admin
 radosgw_keystone_token_cache_size: 10000
 radosgw_keystone_revocation_internal: 900
 radosgw_s3_auth_use_keystone: "true"
 radosgw_nss_db_path: /var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss
 ## REST API options
 #
--- a/roles/ceph-common/templates/ceph.conf.j2
+++ b/roles/ceph-common/templates/ceph.conf.j2
@ -149,6 +149,15 @@
  {% if radosgw_frontend  == 'civetweb' %}
  rgw frontends = civetweb port={{ radosgw_civetweb_port }}
  {% endif %}
  {% if radosgw_keystone %}
  rgw keystone url = {{ radosgw_keystone_url }}
  rgw keystone admin token = {{ radosgw_keystone_admin_token }}
  rgw keystone accepted roles = {{ radosgw_keystone_accepted_roles }}
  rgw keystone token cache size = {{ radosgw_keystone_token_cache_size }}
  rgw keystone revocation interval = {{ radosgw_keystone_revocation_internal }}
  rgw s3 auth use keystone = {{ radosgw_s3_auth_use_keystone }}
  nss db path = {{ radosgw_nss_db_path }}
  {% endif %}
 {% endif %}
 {% endfor %}
 {% endif %}
--- a/roles/ceph-radosgw/tasks/main.yml
+++ b/roles/ceph-radosgw/tasks/main.yml
@ -21,6 +21,9 @@
    state=present
  when: ansible_os_family == 'RedHat' and not ceph_containerized_deployment
 - include: openstack-keystone.yml
  when: radosgw_keystone
 - include: start_radosgw.yml
  when: not ceph_containerized_deployment
--- a/roles/ceph-radosgw/tasks/openstack-keystone.yml
+++ b/roles/ceph-radosgw/tasks/openstack-keystone.yml
@ -0,0 +1,14 @@
 ---
 - name: create nss directory for Keystone certificates
  file: >
    path={{ radosgw_nss_db_path }}
    state=directory
    owner=root
    group=root
    mode=0644
 - name: create nss entries for Keystone certificates
  shell: "{{ item }}"
  with_items:
    - "openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey |certutil -d {{ radosgw_nss_db_path }} -A -n ca -t 'TCu,Cu,Tuw'"
    - "openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | certutil -A -d {{ radosgw_nss_db_path }} -n signing_cert -t 'P,P,P'"