Use a separate user for ceph-rgw rather than keystone admin user

If not, change admin user password will break ceph rgw service.

Change-Id: Ia872f6f1aa2d9917d3f5851e0edcffed61e71355
Closes-Bug: #1705929
This commit is contained in:
Jeffrey Zhang 2017-07-24 00:03:43 +08:00
parent ffc4fb3793
commit 1cf116cd6c
5 changed files with 24 additions and 3 deletions

View File

@ -35,6 +35,8 @@ swift_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_p
swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1" swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1"
swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ rgw_port }}/swift/v1" swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ rgw_port }}/swift/v1"
ceph_rgw_keystone_user: "ceph_rgw"
openstack_swift_auth: "{{ openstack_auth }}" openstack_swift_auth: "{{ openstack_auth }}"
#################### ####################

View File

@ -23,3 +23,16 @@
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'} - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'} - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'} - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
- name: Registering keystone ceph_rgw user
kolla_toolbox:
module_name: kolla_keystone_user
module_args:
project: "service"
user: "{{ ceph_rgw_keystone_user }}"
password: "{{ ceph_rgw_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ '{{ openstack_ceph_rgw_auth }}' }}"
module_extra_vars:
openstack_ceph_rgw_auth: "{{ openstack_swift_auth }}"

View File

@ -34,9 +34,9 @@ host = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['
rgw frontends = civetweb port={{ api_interface_address }}:{{ rgw_port }} rgw frontends = civetweb port={{ api_interface_address }}:{{ rgw_port }}
{% if enable_ceph_rgw_keystone | bool %} {% if enable_ceph_rgw_keystone | bool %}
rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
rgw_keystone_admin_user = {{ openstack_auth.username }} rgw_keystone_admin_user = {{ ceph_rgw_keystone_user }}
rgw_keystone_admin_password = {{ openstack_auth.password }} rgw_keystone_admin_password = {{ ceph_rgw_keystone_password }}
rgw_keystone_admin_project = {{ openstack_auth.project_name }} rgw_keystone_admin_project = service
rgw_keystone_admin_domain = default rgw_keystone_admin_domain = default
rgw_keystone_api_version = 3 rgw_keystone_api_version = 3
rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }} rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }}

View File

@ -5,6 +5,7 @@
# These options must be UUID4 values in string format # These options must be UUID4 values in string format
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX # XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
ceph_cluster_fsid: ceph_cluster_fsid:
ceph_rgw_keystone_password:
# for backward compatible consideration, rbd_secret_uuid is only used for nova, # for backward compatible consideration, rbd_secret_uuid is only used for nova,
# cinder_rbd_secret_uuid is used for cinder # cinder_rbd_secret_uuid is used for cinder
rbd_secret_uuid: rbd_secret_uuid:

View File

@ -0,0 +1,5 @@
---
upgrade:
- |
ceph_rgw_keystone_password is required in passwords.yml file. And ceph-rgw
depends on a separate user rather than keystone admin user now.