profiles: introducing cluster profiles

This commit introduces a new directory called "profiles" which contains some set of variables for a particular use case. These profiles provide guidance for certain scenarios such as: * configuring rgw with keystone v3 Signed-off-by: Sébastien Han <seb@redhat.com>
ceph · Jul 19, 2017 · fcba2c8 · fcba2c8
1 parent 92fc34e
commit fcba2c8
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 74 deletions.
diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
@@ -294,31 +294,6 @@ dummy:
 # https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
 #radosgw_civetweb_options: "port={{ radosgw_civetweb_bind_ip }}:{{ radosgw_civetweb_port }} num_threads={{ radosgw_civetweb_num_threads }}"
 #radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
-#radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
-#radosgw_keystone_api_version: 2 # API versions 2 and 3 are supported
-#radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
-# for admin_token method, define radosgw_keystone_admin_token
-# for auth_token method, define _user, _password, and _tenant
-#radosgw_keystone_auth_method: admin_token
-#radosgw_keystone_admin_token: password
-#radosgw_keystone_admin_user: username
-#radosgw_keystone_admin_password: password
-#radosgw_keystone_admin_tenant: tenant
-#radosgw_keystone_admin_domain: default
-#radosgw_keystone_accepted_roles: Member, _member_, admin
-#radosgw_keystone_token_cache_size: 10000
-#radosgw_keystone_revocation_internal: 900
-#radosgw_s3_auth_use_keystone: "true"
-#radosgw_nss_db_path: /var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss
-# Settings for the RGW usage logging described at http://docs.ceph.com/docs/jewel/man/8/radosgw/#usage-logging
-#radosgw_usage_log: false
-#radosgw_usage_log_tick_interval: 30
-#radosgw_usage_log_flush_threshold: 1024
-#radosgw_usage_max_shards: 32
-#radosgw_usage_max_user_shards: 1
-# Settings for static website hosting
-#radosgw_static_website: false
-#radosgw_dns_s3website_name: your.subdomain.tld # subdomain used by radosgw for website bucket hosting.
 # Rados Gateway options
 #email_address: foo@bar.com
 

diff --git a/profiles/rgw-keystone-v2 b/profiles/rgw-keystone-v2
@@ -0,0 +1,30 @@
+---
+# THIS FILE IS AN EXAMPLE THAT CONTAINS A SET OF VARIABLE FOR A PARTICULAR PURPOSE
+# GOAL: CONFIGURE RADOS GATEWAY WITH KEYSTONE V2
+#
+# The following variables should be added in your group_vars/rgws file
+# The double quotes are important, do NOT remove them.
+
+
+ceph_conf_overrides:
+  "client.rgw.{{ hostvars[inventory_hostname]['ansible_hostname'] }}":
+    "rgw keystone api version": "2"
+    "rgw keystone url": "http://192.168.0.1:35357"
+    "rgw keystone admin token": "password"
+    "rgw keystone admin tenant": "admin"
+    "rgw keystone accepted roles": "Member, _member_, admin"
+    "rgw keystone token cache size": "10000"
+    "rgw keystone revocation interval": "900"
+    "rgw s3 auth use keystone": "true"
+    "nss db path": "/var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss"
+
+
+# NOTE (leseb): to authentivate with Keystone you have two options:
+# * using a token (like shown above)
+#     - "rgw keystone admin token" = admin"
+#     - "rgw keystone token cache size" = 10000"
+#
+# * use credential:
+#     - "rgw keystone admin user" = "admin"
+#     - "rgw keystone admin password" = "password"
+#
diff --git a/profiles/rgw-keystone-v3 b/profiles/rgw-keystone-v3
@@ -0,0 +1,31 @@
+---
+# THIS FILE IS AN EXAMPLE THAT CONTAINS A SET OF VARIABLE FOR A PARTICULAR PURPOSE
+# GOAL: CONFIGURE RADOS GATEWAY WITH KEYSTONE V3
+#
+# The following variables should be added in your group_vars/rgws file
+# The double quotes are important, do NOT remove them.
+
+
+ceph_conf_overrides:
+  "client.rgw.{{ hostvars[inventory_hostname]['ansible_hostname'] }}":
+    "rgw keystone api version": "3"
+    "rgw keystone url": "http://192.168.0.1:35357"
+    "rgw keystone admin token": "password"
+    "rgw keystone admin project": "admin"
+    "rgw keystone admin domain": "default"
+    "rgw keystone accepted roles": "Member, _member_, admin"
+    "rgw keystone token cache size": "10000"
+    "rgw keystone revocation interval": "900"
+    "rgw s3 auth use keystone": "true"
+    "nss db path": "/var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss"
+
+
+# NOTE (leseb): to authentivate with Keystone you have two options:
+# * using a token (like shown above)
+#     - "rgw keystone admin token" = admin"
+#     - "rgw keystone token cache size" = 10000"
+#
+# * use credential:
+#     - "rgw keystone admin user" = "admin"
+#     - "rgw keystone admin password" = "password"
+#
diff --git a/roles/ceph-common/defaults/main.yml b/roles/ceph-common/defaults/main.yml
@@ -286,31 +286,6 @@ radosgw_civetweb_num_threads: 100
 # https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
 radosgw_civetweb_options: "port={{ radosgw_civetweb_bind_ip }}:{{ radosgw_civetweb_port }} num_threads={{ radosgw_civetweb_num_threads }}"
 radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
-#radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
-radosgw_keystone_api_version: 2 # API versions 2 and 3 are supported
-radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
-# for admin_token method, define radosgw_keystone_admin_token
-# for auth_token method, define _user, _password, and _tenant
-radosgw_keystone_auth_method: admin_token
-radosgw_keystone_admin_token: password
-radosgw_keystone_admin_user: username
-radosgw_keystone_admin_password: password
-radosgw_keystone_admin_tenant: tenant
-radosgw_keystone_admin_domain: default
-radosgw_keystone_accepted_roles: Member, _member_, admin
-radosgw_keystone_token_cache_size: 10000
-radosgw_keystone_revocation_internal: 900
-radosgw_s3_auth_use_keystone: "true"
-radosgw_nss_db_path: /var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss
-# Settings for the RGW usage logging described at http://docs.ceph.com/docs/jewel/man/8/radosgw/#usage-logging
-radosgw_usage_log: false
-radosgw_usage_log_tick_interval: 30
-radosgw_usage_log_flush_threshold: 1024
-radosgw_usage_max_shards: 32
-radosgw_usage_max_user_shards: 1
-# Settings for static website hosting
-radosgw_static_website: false
-radosgw_dns_s3website_name: your.subdomain.tld # subdomain used by radosgw for website bucket hosting.
 # Rados Gateway options
 email_address: foo@bar.com
 

diff --git a/roles/ceph-common/templates/ceph.conf.j2 b/roles/ceph-common/templates/ceph.conf.j2
@@ -127,34 +127,12 @@ host = {{ hostvars[host]['ansible_hostname'] }}
 {% for host in groups[rgw_group_name] %}
 {% if hostvars[host]['ansible_hostname'] is defined %}
 [client.rgw.{{ hostvars[host]['ansible_hostname'] }}]
-{% if radosgw_dns_name is defined %}
-rgw dns name = {{ radosgw_dns_name }}
-{% endif %}
 host = {{ hostvars[host]['ansible_hostname'] }}
 keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ hostvars[host]['ansible_hostname'] }}/keyring
 rgw socket path = /tmp/radosgw-{{ hostvars[host]['ansible_hostname'] }}.sock
 log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] }}.log
 rgw data = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ hostvars[host]['ansible_hostname'] }}
-rgw frontends = civetweb {{ radosgw_civetweb_options }}
-rgw resolve cname = {{ radosgw_resolve_cname | bool }}
-{% if radosgw_keystone %}
-rgw keystone url = {{ radosgw_keystone_url }}
-rgw keystone api version = {{ radosgw_keystone_api_version }}
-{% if radosgw_keystone_auth_method == 'admin_token' %}
-rgw keystone admin token = {{ radosgw_keystone_admin_token }}
-{% elif radosgw_keystone_auth_method == 'auth_token' %}
-rgw keystone admin user = {{ radosgw_keystone_admin_user }}
-rgw keystone admin password = {{ radosgw_keystone_admin_password }}
-rgw keystone admin tenant = {{ radosgw_keystone_admin_tenant }}
-rgw keystone admin domain = {{ radosgw_keystone_admin_domain }}
-{% endif %}
-rgw keystone accepted roles = {{ radosgw_keystone_accepted_roles }}
-rgw keystone token cache size = {{ radosgw_keystone_token_cache_size }}
-rgw keystone revocation interval = {{ radosgw_keystone_revocation_internal }}
-rgw s3 auth use keystone = {{ radosgw_s3_auth_use_keystone }}
-{% if radosgw_keystone_ssl | bool %}
-nss db path = {{ radosgw_nss_db_path }}
-{% endif %}
+rgw frontends = civetweb port={{ radosgw_civetweb_bind_ip }}:{{ radosgw_civetweb_port }} num_threads={{ radosgw_civetweb_num_threads }}
 {% endif %}
 {% if radosgw_usage_log | bool %}
 rgw enable usage log = true
@@ -167,7 +145,6 @@ rgw usage max user shards = {{ radosgw_usage_max_user_shards }}
 rgw enable static website = {{ radosgw_static_website }}
 rgw dns s3website name = {{ radosgw_dns_s3website_name }}
 {% endif %}
-{% endif %}
 {% endfor %}
 {% endif %}