Use a separate user for ceph-rgw rather than keystone admin user
If not, change admin user password will break ceph rgw service. Change-Id: Ia872f6f1aa2d9917d3f5851e0edcffed61e71355 Closes-Bug: #1705929
This commit is contained in:
parent
ffc4fb3793
commit
1cf116cd6c
@ -35,6 +35,8 @@ swift_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_p
|
|||||||
swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1"
|
swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1"
|
||||||
swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ rgw_port }}/swift/v1"
|
swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ rgw_port }}/swift/v1"
|
||||||
|
|
||||||
|
ceph_rgw_keystone_user: "ceph_rgw"
|
||||||
|
|
||||||
openstack_swift_auth: "{{ openstack_auth }}"
|
openstack_swift_auth: "{{ openstack_auth }}"
|
||||||
|
|
||||||
####################
|
####################
|
||||||
|
@ -23,3 +23,16 @@
|
|||||||
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
|
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
|
||||||
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
|
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
|
||||||
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
|
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
|
||||||
|
|
||||||
|
- name: Registering keystone ceph_rgw user
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: kolla_keystone_user
|
||||||
|
module_args:
|
||||||
|
project: "service"
|
||||||
|
user: "{{ ceph_rgw_keystone_user }}"
|
||||||
|
password: "{{ ceph_rgw_keystone_password }}"
|
||||||
|
role: "admin"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
auth: "{{ '{{ openstack_ceph_rgw_auth }}' }}"
|
||||||
|
module_extra_vars:
|
||||||
|
openstack_ceph_rgw_auth: "{{ openstack_swift_auth }}"
|
||||||
|
@ -34,9 +34,9 @@ host = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['
|
|||||||
rgw frontends = civetweb port={{ api_interface_address }}:{{ rgw_port }}
|
rgw frontends = civetweb port={{ api_interface_address }}:{{ rgw_port }}
|
||||||
{% if enable_ceph_rgw_keystone | bool %}
|
{% if enable_ceph_rgw_keystone | bool %}
|
||||||
rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
|
rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
|
||||||
rgw_keystone_admin_user = {{ openstack_auth.username }}
|
rgw_keystone_admin_user = {{ ceph_rgw_keystone_user }}
|
||||||
rgw_keystone_admin_password = {{ openstack_auth.password }}
|
rgw_keystone_admin_password = {{ ceph_rgw_keystone_password }}
|
||||||
rgw_keystone_admin_project = {{ openstack_auth.project_name }}
|
rgw_keystone_admin_project = service
|
||||||
rgw_keystone_admin_domain = default
|
rgw_keystone_admin_domain = default
|
||||||
rgw_keystone_api_version = 3
|
rgw_keystone_api_version = 3
|
||||||
rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }}
|
rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }}
|
||||||
|
@ -5,6 +5,7 @@
|
|||||||
# These options must be UUID4 values in string format
|
# These options must be UUID4 values in string format
|
||||||
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
|
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
|
||||||
ceph_cluster_fsid:
|
ceph_cluster_fsid:
|
||||||
|
ceph_rgw_keystone_password:
|
||||||
# for backward compatible consideration, rbd_secret_uuid is only used for nova,
|
# for backward compatible consideration, rbd_secret_uuid is only used for nova,
|
||||||
# cinder_rbd_secret_uuid is used for cinder
|
# cinder_rbd_secret_uuid is used for cinder
|
||||||
rbd_secret_uuid:
|
rbd_secret_uuid:
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
ceph_rgw_keystone_password is required in passwords.yml file. And ceph-rgw
|
||||||
|
depends on a separate user rather than keystone admin user now.
|
Loading…
Reference in New Issue
Block a user