openstack-ansible/inventory/group_vars/all/ceph.yml
Jonathan Rosser f7412424fc Add ceph client key for immutable object cache
Change-Id: I0aca5b587541d10a73365b754f218f0e7cff6e13
2023-05-15 08:48:03 +00:00

61 lines
3.6 KiB
YAML

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ceph_client_package_state: "{{ package_state }}"
## ceph-ansible configuration
mon_group_name: ceph-mon
mgr_group_name: "{{ mon_group_name }}"
osd_group_name: ceph-osd
rgw_group_name: ceph-rgw
mds_group_name: ceph-mds
nfs_group_name: ceph-nfs
ceph_origin: "{{ (ansible_facts['distribution'] | lower == 'ubuntu' and ansible_facts['distribution_version'] | lower == '22.04') | ternary('distro', 'repository') }}"
ceph_pkg_source: "{{ (ansible_facts['distribution'] | lower == 'ubuntu' and ansible_facts['distribution_version'] | lower == '22.04') | ternary('distro', 'ceph') }}"
ceph_repository: community
# The _stable_release var is used by both the OSA ceph_client role and the
# ceph-ansible roles. It is defaulted in ceph_client but set here to keep the
# OSA/ceph-ansible integrations in sync.
ceph_stable_release: quincy
fetch_directory: "{{ openstack_config_dir }}/ceph-fetch/"
# tries to create /var/log/ceph as a directory and fails if the log link already
# exists. we handle the log dir creation so this is not something we need
# ceph-common to prepare for us.
rbd_client_directories: false
# Configure the ceph-mons host list for the OSA ceph_client role
# The role will connect to one of these mons (first available) in order to
# download a copy of the cluster's ceph.conf.
ceph_mons: "{{ groups[mon_group_name] }}"
# Provide a variable which can be overidden by a deployer to specify a list of
# dicts describing RadosGW provisioned by means other than OpenStack-Ansible.
# The ip_addr should be accessible by the haproxy internal interface.
# - name: ceph-rgw-name
# ip_addr: x.x.x.x
ceph_rgws: []
# NOTE(jrosser) temporary overrides, see
# https://github.com/ceph/ceph-ansible/pull/4329
# https://github.com/ceph/ceph-ansible/issues/2296
openstack_keys:
- { name: client.glance, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool={{ openstack_glance_pool.name }}"}, mode: "0600" }
- { name: client.cinder, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_glance_pool.name }}"}, mode: "0600" }
- { name: client.cinder-backup, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_cinder_backup_pool.name }}"}, mode: "0600" }
- { name: client.gnocchi, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_gnocchi_pool.name }}"}, mode: "0600", }
- { name: client.manila, caps: { mon: "allow r", mgr: "allow rw", osd: "allow rw pool={{ openstack_cephfs_data_pool.name }}"}, mode: "0600", }
- { name: client.openstack, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_glance_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_cinder_backup_pool.name }}"}, mode: "0600" }
- { name: client.immutable-object-cache, caps: { mon: "allow r", osd: "profile rbd-read-only"}, mode: "0600" }