diff options
author | tone-zhang <tone.zhang@linaro.org> | 2017-07-03 05:38:25 +0000 |
---|---|---|
committer | Yibo Cai <yibo.cai@linaro.org> | 2017-07-04 04:37:57 +0000 |
commit | 391ccb4103e706e4f00c12427ae6513846444fd8 (patch) | |
tree | c0d9a10979258de885ee5ec7ebc2e3f9b596d810 | |
parent | 91a4337f60a7b7909065951506c574b6bdff5ad0 (diff) |
Ansible: Enable Ceph rgw role
To support OpenStack object storage with Ceph, the "Ceph rgw" role
in ERP reference architecture has been added.
In the patch, the object storage is based on Ceph rgw.
Change-Id: If3a42d4407fcd963917f50d5b9f0ea16332fba5e
-rw-r--r-- | ansible/roles/ceph/tasks/main.yml | 5 | ||||
-rw-r--r-- | ansible/roles/ceph/tasks/rgw.yml | 40 | ||||
-rw-r--r-- | ansible/roles/ceph/templates/ceph.conf | 20 | ||||
-rw-r--r-- | ansible/roles/ceph/templates/rgw_keyring | 5 |
4 files changed, 70 insertions, 0 deletions
diff --git a/ansible/roles/ceph/tasks/main.yml b/ansible/roles/ceph/tasks/main.yml index c045800..f3f2dec 100644 --- a/ansible/roles/ceph/tasks/main.yml +++ b/ansible/roles/ceph/tasks/main.yml @@ -1,6 +1,9 @@ - name: Install Ceph package: name=ceph state=present +- name: Install Ceph rgw + package: name=radosgw state=present + - name: Copy ceph.conf template: src=ceph.conf dest=/etc/ceph/ @@ -34,3 +37,5 @@ when: "{{osd}}"} - {include: mon.yml, when: "{{mon}}"} +- {include: rgw.yml, + when: "{{rgw}}"} diff --git a/ansible/roles/ceph/tasks/rgw.yml b/ansible/roles/ceph/tasks/rgw.yml new file mode 100644 index 0000000..032e7e8 --- /dev/null +++ b/ansible/roles/ceph/tasks/rgw.yml @@ -0,0 +1,40 @@ +- name: Create radosgw key + template: src=rgw_keyring dest=/etc/ceph/ceph.client.radosgw.{{rgw_host}}.keyring + +- name: Authrize the rgw keyring + shell: ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.{{rgw_host}} -i /etc/ceph/ceph.client.radosgw.{{rgw_host}}.keyring + ignore_errors: False + +- name: Generate Keystone SSL key + shell: keystone-manage pki_setup --keystone-user keystone --keystone-group keystone + ignore_errors: False + +- name: Create SSL key path in Ceph + file: + path: /etc/ceph/nss + mode: 0775 + state: directory + +- name: Copy ca.pem + shell: cp /etc/keystone/ssl/certs/ca.pem /etc/ceph/nss/ca.pem + ignore_errors: False + +- name: Copy signing_cert.pem + shell: cp /etc/keystone/ssl/certs/signing_cert.pem /etc/ceph/nss/signing_cert.pem + ignore_errors: False + +- name: Install libnss3-tools + apt: + name: libnss3-tools + state: present + +- name: Synchronize Keystone SSL key with Ceph rgw step1 + shell: openssl x509 -in /etc/ceph/nss/ca.pem -pubkey | certutil -d /etc/ceph/nss -A -n ca -t "TCu,Cu,Tuw" + ignore_errors: False + +- name: Synchronize Keystone SSL key with Ceph rgw step2 + shell: openssl x509 -in /etc/ceph/nss/signing_cert.pem -pubkey | certutil -A -d /etc/ceph/nss -n signing_cert -t "P,P,P" + ignore_errors: False + +- name: Enable Ceph rgw service and running + service: name=radosgw.service enabled=yes state=started diff --git a/ansible/roles/ceph/templates/ceph.conf b/ansible/roles/ceph/templates/ceph.conf index 65f0be2..bb0dcaf 100644 --- a/ansible/roles/ceph/templates/ceph.conf +++ b/ansible/roles/ceph/templates/ceph.conf @@ -23,3 +23,23 @@ keyring = /etc/ceph/ceph.client.nova.keyring [client.cinder] keyring = /etc/ceph/ceph.client.cinder.keyring + +[client.radosgw.{{rgw_host}}] +host={{rgw_host}} +keyring=/etc/ceph/ceph.client.radosgw.{{rgw_host}}.keyring +rgw socket path=/tmp/radosgw.sock +log file=/var/log/ceph/radosgw.{{rgw_host}}.log +rgw dns name={{rgw_host}} +rgw keystone url=http://{{keystone_host}}:5000 +rgw keystone api version=3 +rgw keystone admin user={{swift_user}} +rgw keystone admin password={{swift_pass}} +rgw keystone admin domain=default +rgw keystone admin project=service +rgw keystone accepted roles=SwiftOperator,admin,anotherrole,ResellerAdmin,service,_member_,Member +rgw keystone token cache size=4096 +rgw keystone revocation interval=2 +rgw keystone implicit tenants=true +rgw s3 auth use keystone=true +rgw keystone verify ssl=false +nss db path=/etc/ceph/nss diff --git a/ansible/roles/ceph/templates/rgw_keyring b/ansible/roles/ceph/templates/rgw_keyring new file mode 100644 index 0000000..53fb0ca --- /dev/null +++ b/ansible/roles/ceph/templates/rgw_keyring @@ -0,0 +1,5 @@ +[client.radosgw.{{rgw_host}}] + key = {{ceph_admin_pass}} + caps mds = "allow *" + caps mon = "allow *" + caps osd = "allow *" |