Merge "[radosgw, upgrades] Fix for radosgw keyring path and user"
diff --git a/README.rst b/README.rst
index 8509a3b..74ac462 100644
--- a/README.rst
+++ b/README.rst
@@ -525,10 +525,11 @@
...
-Ceph manage keyring keys
+Ceph manage clients keyring keys
------------------------
-Keyrings are dynamically generated unless specified by the following pillar.
+Keyrings are dynamically generated unless specified by the manage_keyring pillar.
+This settings has no effect on admin keyring.
.. code-block:: yaml
@@ -543,6 +544,21 @@
mon: "allow r"
osd: "allow class-read object_prefix rdb_children, allow rwx pool=images"
+Ceph manage admin keyring
+--------------------------
+To use pre-defined admin key add manage_admin_keyring and admin keyring definition to ceph mon nodes in cluster_model/ceph/mon.yml
+
+ceph:
+ common:
+ manage_admin_keyring: true
+ keyring:
+ admin:
+ caps:
+ mds: "allow *"
+ mgr: "allow *"
+ mon: "allow *"
+ osd: "allow *"
+ key: AACf3ulZFFPNDxAAd2DWds3aEkHh4IklZVgIaQ==
Specify alternative keyring path and username
diff --git a/ceph/common.sls b/ceph/common.sls
index b445355..964dff7 100644
--- a/ceph/common.sls
+++ b/ceph/common.sls
@@ -37,6 +37,20 @@
{%- if common.keyring is defined and common.keyring.admin is defined %}
+{%- if common.get("manage_admin_keyring", False) %}
+
+ceph_create_keyring_admin:
+ cmd.run:
+ - name: "ceph-authtool --create-keyring {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.admin.keyring --add-key {{ common.keyring.admin.key }} -n client.admin {%- for cap_name, cap in common.keyring.admin.caps.iteritems() %} --cap {{ cap_name }} '{{ cap }}' {%- endfor %}"
+ - unless: "test -f {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.admin.keyring"
+ - require:
+ {% if not common.get('container_mode', False) %}
+ - pkg: common_packages
+ {%- endif %}
+ - file: common_config
+
+{%- else %}
+
ceph_create_keyring_admin:
cmd.run:
- name: "ceph-authtool --create-keyring {{ common.prefix_dir }}/etc/ceph/{{ common.get('cluster_name', 'ceph') }}.client.admin.keyring --gen-key -n client.admin {%- for cap_name, cap in common.keyring.admin.caps.iteritems() %} --cap {{ cap_name }} '{{ cap }}' {%- endfor %}"
@@ -49,6 +63,8 @@
{%- endif %}
+{%- endif %}
+
{%- for node_name, node_grains in salt['mine.get']('ceph:common:keyring:admin', 'grains.items', 'pillar').iteritems() %}
{%- if node_grains.ceph is defined and node_grains.ceph.ceph_keyring is defined and node_grains.ceph.ceph_keyring.admin is defined and node_grains.ceph.get('fsid', '') == common.fsid %}