Merge "Uses new format for CephX keys caps"

2018-06-15 06:43:35 +00:00 · 2018-06-15 06:43:35 +00:00 · a3a3180f94
parent 4fb30dd5ec c0fc85f306
commit a3a3180f94
1 changed files with 30 additions and 27 deletions
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@ -252,26 +252,27 @@ resources:
              - - client
                - {get_param: CephClientUserName}
            key: {get_param: CephClientKey}
-            mgr_cap: "allow *"
-            mon_cap: "allow r"
-            osd_cap:
-              str_replace:
-                template: 'allow class-read object_prefix rbd_children, allow rwx pool=CEPH_CLIENT_POOLS'
-                params:
-                  CEPH_CLIENT_POOLS:
-                    list_join:
-                      - ', allow rwx pool='
-                      - list_concat_unique:
-                        - - {get_param: CinderRbdPoolName}
-                          - {get_param: CinderBackupRbdPoolName}
-                          - {get_param: NovaRbdPoolName}
-                          - {get_param: GlanceRbdPoolName}
-                          - {get_param: GnocchiRbdPoolName}
-                        # CinderRbdExtraPools is a list (do not indent further)
-                        - {get_param: CinderRbdExtraPools}
-                        - yaql:
-                            data: {get_param: CephPools}
-                            expression: $.data.select($.name)
+            caps:
+              mgr: "allow *"
+              mon: "allow r"
+              osd:
+                str_replace:
+                  template: 'allow class-read object_prefix rbd_children, allow rwx pool=CEPH_CLIENT_POOLS'
+                  params:
+                    CEPH_CLIENT_POOLS:
+                      list_join:
+                        - ', allow rwx pool='
+                        - list_concat_unique:
+                          - - {get_param: CinderRbdPoolName}
+                            - {get_param: CinderBackupRbdPoolName}
+                            - {get_param: NovaRbdPoolName}
+                            - {get_param: GlanceRbdPoolName}
+                            - {get_param: GnocchiRbdPoolName}
+                          # CinderRbdExtraPools is a list (do not indent further)
+                          - {get_param: CinderRbdExtraPools}
+                          - yaql:
+                              data: {get_param: CephPools}
+                              expression: $.data.select($.name)
            mode: "0600"
          - name:
              list_join:
@ -279,10 +280,11 @@ resources:
              - - client
                - {get_param: ManilaCephFSNativeCephFSAuthId}
            key: {get_param: CephManilaClientKey}
-            mgr_cap: "allow *"
-            mon_cap: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
-            mds_cap: "allow *"
-            osd_cap: "allow rw"
+            caps:
+              mgr: "allow *"
+              mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+              mds: "allow *"
+              osd: "allow rw"
            mode: "0600"
          - name:
              list_join:
@ -290,9 +292,10 @@ resources:
              - - client
                - {get_param: CephRgwClientName}
            key: {get_param: CephRgwKey}
-            mgr_cap: "allow *"
-            mon_cap: "allow rw"
-            osd_cap: "allow rwx"
+            caps:
+              mgr: "allow *"
+              mon: "allow rw"
+              osd: "allow rwx"
            mode: "0600"
          keys: *openstack_keys
          pools: []