ceph-ansible/group_vars/clients.yml.sample

---
# Variables here are applicable to all host groups NOT roles

# This sample file generated by generate_group_vars_sample.sh

# Dummy variable to avoid error because ansible does not recognize the
# file as a good configuration file when no variable in it.
dummy:

###########
# GENERAL #
###########

#copy_admin_key: false

#user_config: false
#test:
#  name: "test"
#  pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
#  pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
#  rule_name: "replicated_rule"
#  type: "replicated"
#  erasure_profile: ""
#  expected_num_objects: ""
#test2:
#  name: "test2"
#  pg_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
#  pgp_num: "{{ hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num'] }}"
#  rule_name: "replicated_rule"
#  type: "replicated"
#  erasure_profile: ""
#  expected_num_objects: ""
#pools:
#  - "{{ test }}"
#  - "{{ test2 }}"

# Can add `mds_cap` attribute to override the default value which is '' for mds capabilities.
# To have have ansible setfacl the generated key for $user, set the acls var like so:
# acls: ["u:$user:r--"]
#
# Generate a keyring using ceph-authtool CLI or python.
# Eg:
#  $ ceph-authtool --gen-print-key
#  or
#  $ python2 -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)"
#
# To use a particular secret, you have to add 'key' to the dict below, so something like:
# - { name: client.test, key: "AQAin8tUMICVFBAALRHNrV0Z4MXupRw4v9JQ6Q==" ...
#
#keys:
#  - { name: client.test, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test" },  mode: "0600", acls: [] }
#  - { name: client.test2, caps: { mon: "allow r", osd: "allow class-read object_prefix rbd_children, allow rwx pool=test2" },  mode: "0600", acls: [] }