Fix for manage_keyring behavior.
- code refactoring to simplify syntax
- admin keyring is managed by managed_keyring state
- if caps for admin keyring are defined, use old logic
- grains are not used during keyring management as expected now
- doc fix
Prod-Related: PROD-32112
Change-Id: I90b13e3dc57d2da394f166165100870e09e6ada3
diff --git a/README.rst b/README.rst
index f178dd3..a41eb28 100644
--- a/README.rst
+++ b/README.rst
@@ -526,39 +526,48 @@
Ceph manage clients keyring keys
-------------------------
+--------------------------------
Keyrings are dynamically generated unless specified by the manage_keyring pillar.
-This settings has no effect on admin keyring.
+This settings has effect on admin keyring only if caps are not defined.
.. code-block:: yaml
ceph:
+ setup:
+ enabled: true
common:
manage_keyring: true
keyring:
+ admin:
+ key: AACf3ulZFFPNDxAAd2DWds3aEkHh4IklZVgIaQ==
+ mode: 600
glance:
name: images
key: AACf3ulZFFPNDxAAd2DWds3aEkHh4IklZVgIaQ==
+ user: glance
caps:
mon: "allow r"
osd: "allow class-read object_prefix rdb_children, allow rwx pool=images"
Ceph manage admin keyring
---------------------------
-To use pre-defined admin key add manage_admin_keyring and admin keyring definition to ceph mon nodes in cluster_model/ceph/mon.yml
+-------------------------
+To use pre-defined admin key add manage_admin_keyring and admin keyring definition to
+ceph mon nodes in cluster_model/ceph/mon.yml
-ceph:
- common:
- manage_admin_keyring: true
- keyring:
- admin:
- caps:
- mds: "allow *"
- mgr: "allow *"
- mon: "allow *"
- osd: "allow *"
- key: AACf3ulZFFPNDxAAd2DWds3aEkHh4IklZVgIaQ==
+.. code-block:: yaml
+
+ ceph:
+ common:
+ manage_admin_keyring: true
+ keyring:
+ admin:
+ caps:
+ mds: "allow *"
+ mgr: "allow *"
+ mon: "allow *"
+ osd: "allow *"
+ key: AACf3ulZFFPNDxAAd2DWds3aEkHh4IklZVgIaQ==
Specify alternative keyring path and username