diff options
| author | tone-zhang <tone.zhang@linaro.org> | 2017-07-03 05:38:25 +0000 |
|---|---|---|
| committer | Yibo Cai <yibo.cai@linaro.org> | 2017-07-04 04:37:57 +0000 |
| commit | 391ccb4103e706e4f00c12427ae6513846444fd8 (patch) | |
| tree | c0d9a10979258de885ee5ec7ebc2e3f9b596d810 /ansible/roles/ceph/tasks/rgw.yml | |
| parent | 91a4337f60a7b7909065951506c574b6bdff5ad0 (diff) | |
Ansible: Enable Ceph rgw role
To support OpenStack object storage with Ceph, the "Ceph rgw" role
in ERP reference architecture has been added.
In the patch, the object storage is based on Ceph rgw.
Change-Id: If3a42d4407fcd963917f50d5b9f0ea16332fba5e
Diffstat (limited to 'ansible/roles/ceph/tasks/rgw.yml')
| -rw-r--r-- | ansible/roles/ceph/tasks/rgw.yml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ansible/roles/ceph/tasks/rgw.yml b/ansible/roles/ceph/tasks/rgw.yml new file mode 100644 index 0000000..032e7e8 --- /dev/null +++ b/ansible/roles/ceph/tasks/rgw.yml @@ -0,0 +1,40 @@ +- name: Create radosgw key + template: src=rgw_keyring dest=/etc/ceph/ceph.client.radosgw.{{rgw_host}}.keyring + +- name: Authrize the rgw keyring + shell: ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.{{rgw_host}} -i /etc/ceph/ceph.client.radosgw.{{rgw_host}}.keyring + ignore_errors: False + +- name: Generate Keystone SSL key + shell: keystone-manage pki_setup --keystone-user keystone --keystone-group keystone + ignore_errors: False + +- name: Create SSL key path in Ceph + file: + path: /etc/ceph/nss + mode: 0775 + state: directory + +- name: Copy ca.pem + shell: cp /etc/keystone/ssl/certs/ca.pem /etc/ceph/nss/ca.pem + ignore_errors: False + +- name: Copy signing_cert.pem + shell: cp /etc/keystone/ssl/certs/signing_cert.pem /etc/ceph/nss/signing_cert.pem + ignore_errors: False + +- name: Install libnss3-tools + apt: + name: libnss3-tools + state: present + +- name: Synchronize Keystone SSL key with Ceph rgw step1 + shell: openssl x509 -in /etc/ceph/nss/ca.pem -pubkey | certutil -d /etc/ceph/nss -A -n ca -t "TCu,Cu,Tuw" + ignore_errors: False + +- name: Synchronize Keystone SSL key with Ceph rgw step2 + shell: openssl x509 -in /etc/ceph/nss/signing_cert.pem -pubkey | certutil -A -d /etc/ceph/nss -n signing_cert -t "P,P,P" + ignore_errors: False + +- name: Enable Ceph rgw service and running + service: name=radosgw.service enabled=yes state=started |