--- # You can override vars by using host or group vars ########### # GENERAL # ########### fetch_directory: fetch/ mon_group_name: mons # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT fsid: "{{ cluster_uuid.stdout }}" monitor_secret: "{{ monitor_keyring.stdout }}" admin_secret: 'admin_secret' # CephFS cephfs_data: cephfs_data cephfs_metadata: cephfs_metadata cephfs: cephfs # Secure your cluster # This will set the following flags on all the pools: # * nosizechange # * nopgchange # * nodelete secure_cluster: false secure_cluster_flags: - nopgchange - nodelete - nosizechange # Enable the Calamari-backed REST API on a Monitor calamari: false # Enable debugging for Calamari calamari_debug: false ############# # crush rules ############# crush_rule_config: false crush_rule_hdd: name: HDD root: HDD type: rack default: true crush_rule_ssd: name: SSD root: SSD type: host default: false crush_rules: - "{{ crush_rule_hdd }}" - "{{ crush_rule_ssd }}" ############# # OPENSTACK # ############# openstack_config: false openstack_glance_pool: name: images pg_num: "{{ osd_pool_default_pg_num }}" rule_name: "" openstack_cinder_pool: name: volumes pg_num: "{{ osd_pool_default_pg_num }}" rule_name: "" openstack_nova_pool: name: vms pg_num: "{{ osd_pool_default_pg_num }}" rule_name: "" openstack_cinder_backup_pool: name: backups pg_num: "{{ osd_pool_default_pg_num }}" rule_name: "" openstack_gnocchi_pool: name: metrics pg_num: "{{ osd_pool_default_pg_num }}" rule_name: "" openstack_pools: - "{{ openstack_glance_pool }}" - "{{ openstack_cinder_pool }}" - "{{ openstack_nova_pool }}" - "{{ openstack_cinder_backup_pool }}" - "{{ openstack_gnocchi_pool }}" # The value for 'key' can be a pre-generated key, # e.g key: "AQDC2UxZH4yeLhAAgTaZb+4wDUlYOsr1OfZSpQ==" # By default, keys will be auto-generated. openstack_keys: - { name: client.glance, key: "$(ceph-authtool --gen-print-key)", mon_cap: "mon 'allow r'", osd_cap: "osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_glance_pool.name }}'" } - { name: client.cinder, key: "$(ceph-authtool --gen-print-key)", mon_cap: "mon 'allow r'", osd_cap: "osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_cinder_pool.name }}, allow rwx pool={{ openstack_nova_pool.name }}, allow rx pool={{ openstack_glance_pool.name }}'" } - { name: client.cinder-backup, key: "$(ceph-authtool --gen-print-key)", mon_cap: "mon 'allow r'", osd_cap: "osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_cinder_backup_pool.name }}'" } - { name: client.gnocchi, key: "$(ceph-authtool --gen-print-key)", mon_cap: "mon 'allow r'", osd_cap: "osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_gnocchi_pool.name }}'" } - { name: client.openstack, key: "$(ceph-authtool --gen-print-key)", mon_cap: "mon 'allow r'", osd_cap: "osd 'allow class-read object_prefix rbd_children, allow rwx pool=images, allow rwx pool=vms, allow rwx pool=volumes, allow rwx pool=backups'" } ########## # DOCKER # ########## docker_exec_cmd: ceph_mon_docker_subnet: "{{ public_network }}"# subnet of the monitor_interface # ceph_mon_docker_extra_env: # # Use this variable to add extra env configuration to run your mon container. # If you want to set a custom admin keyring you can set this variable like following: # ceph_mon_docker_extra_env: -e CLUSTER={{ cluster }} -e FSID={{ fsid }} -e MON_NAME={{ monitor_name }} -e ADMIN_SECRET={{ admin_secret }} ceph_mon_docker_extra_env: -e CLUSTER={{ cluster }} -e FSID={{ fsid }} -e MON_NAME={{ monitor_name }} mon_docker_privileged: false mon_docker_net_host: true ceph_config_keys: [] # DON'T TOUCH ME