diff --git a/defaults/main.yml b/defaults/main.yml index 1651811..4af65dc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,10 +3,12 @@ kube_context: config_file: action: provision namespace: openstack -service_account: default +service_account: openstack privileged_service_account: openstack-priv database_password: weakpassword -cinder_db_password: cinderpass +cinder_db_password: cinderpassword + +cluster: kubernetes hiera_data: {} hiera_data_file: '' @@ -17,4 +19,53 @@ cinder_config: database: connection: "mysql+pymysql://root:weakpassword@mariadb:3306/cinder" +mariadb_root: root +mariadb_root_password: weakpassword + +cinder_user: cinder +cinder_password: cinderpassword + +rabbimq_user: guest +rabbitmq_password: rabbitmqpassword + +auth_strategy: noauth + +cinder_config: + DEFAULT: + public_bind_host: "0.0.0.0" + database: + connection: "mysql+pymysql://root:weakpassword@mariadb:3306/cinder" + +cinder_rbd_user_name: cinder +role_name: cinder + +# Backends +# Array to remember enabled backends. enabled_backends: [] + +# +cinder_enable_iscsi_backend: false +cinder_enable_rbd_backend: false +cinder_enable_xtremio_backend: false +cinder_enable_netapp_backend: false +# +# Xtremio +xtremio: + max_over_subscription_ratio: 40 + use_multipath_for_image_xfer: true + volume_backend_name: xtremio + volume_driver: cinder.volume.drivers.emc.xtremio.XtremIOISCSIDriver + san_ip: + xtremio_cluster_name: + san_login: + san_password: + image_volume_cache_enabled: +# +# Ceph +ceph: + cinder_rbd_pool_name: cinder_volumes + cinder_rbd_user_name: cinder + client_key: + ceph_authentication_type: cephx + ceph_mon_host: + diff --git a/tasks/backends/iscsi.yml b/tasks/backends/iscsi.yml index 0bf4b00..d19c488 100644 --- a/tasks/backends/iscsi.yml +++ b/tasks/backends/iscsi.yml @@ -88,7 +88,7 @@ - name: Create Cinder Volume Deployment - k8s_apps_v1beta1_deployment: + k8s_v1beta2_deployment: name: cinder-volume-iscsi namespace: "{{ namespace }}" service_account_name: '{{ privileged_service_account }}' @@ -163,7 +163,7 @@ - name: iscsid securityContext: privileged: true - image: tripleomaster/centos-binary-iscsid:current-tripleo + image: tripleoupstream/centos-binary-iscsid:latest volumeMounts: - mountPath: /etc/localtime name: host-etc-localtime diff --git a/tasks/backends/rbd.yml b/tasks/backends/rbd.yml index 5e5a483..6daf99b 100644 --- a/tasks/backends/rbd.yml +++ b/tasks/backends/rbd.yml @@ -9,15 +9,26 @@ src: "/tmp/ceph.conf" register: "ceph_conf" -- name: Create cinder-volume-rbd configmaps +- name: Generate client keyring file + config_template: + src: rbd/keyring.j2 + dest: /tmp/keyring + config_type: ini + +- name: Read configs into memory + slurp: + src: "/tmp/keyring" + register: "keyring" + +- name: Create cinder-volume-ceph configmaps ignore_errors: yes k8s_v1_config_map: - name: cinder-volume-rbd + name: cinder-volume-ceph namespace: "{{ namespace }}" state: present debug: yes labels: - service: cinder-volume-rbd + service: cinder-volume-ceph data: config.json: | { @@ -32,8 +43,14 @@ { "source": "/var/lib/kolla/config_files/ceph.conf", "dest": "/etc/ceph/ceph.conf", - "owner": "root", + "owner": "cinder", "perm": "0644" + }, + { + "source": "/var/lib/kolla/config_files/keyring", + "dest": "/etc/ceph/keyring", + "owner": "cinder", + "perm": "0600" } ], "permissions": [ @@ -56,27 +73,25 @@ ceph.conf: | {{ceph_conf['content'] | b64decode}} + keyring: | + {{keyring['content'] | b64decode}} - name: Create Cinder Volume Deployment - k8s_apps_v1beta1_deployment: - name: cinder-volume-rbd + openshift_v1_deployment_config: + name: cinder-volume-ceph namespace: "{{ namespace }}" service_account_name: "{{ service_account }}" labels: - app: cinder-volume-rbd - service: cinder-volume-rbd + app: cinder-volume-ceph + service: cinder-volume-ceph replicas: 1 spec_template_metadata_labels: - app: cinder-volume-rbd - service: cinder-volume-rbd + app: cinder-volume-ceph + service: cinder-volume-ceph + containers: - name: cinder-volume image: tripleomaster/centos-binary-cinder-volume:current-tripleo - volumeMounts: - - name: kolla-config - mountPath: /var/lib/kolla/config_files/ - - name: ceph-client-cinder-keyring - mountPath: /etc/ceph/ceph.client.cinder.keyring env: - name: TZ value: UTC @@ -84,12 +99,12 @@ value: COPY_ALWAYS - name: KOLLA_KUBERNETES value: "" + + volumeMounts: + - name: kolla-config + mountPath: /var/lib/kolla/config_files + volumes: - name: kolla-config - config_map: - name: cinder-volume-rbd - - name: ceph-client-cinder-keyring - secret: - secretName: ceph-client-cinder-keyring - - + configMap: + name: cinder-volume-ceph diff --git a/tasks/backends/xtremio.yml b/tasks/backends/xtremio.yml index 3a96b53..82cbbba 100644 --- a/tasks/backends/xtremio.yml +++ b/tasks/backends/xtremio.yml @@ -37,7 +37,7 @@ {{cinder_conf['content'] | b64decode}} - name: Create Cinder Volume Deployment - k8s_apps_v1beta1_deployment: + openshift_v1_deployment_config: name: cinder-volume-xtremio namespace: "{{ namespace }}" service_account_name: "{{ service_account }}" diff --git a/tasks/cinder-api.yml b/tasks/cinder-api.yml index f87e1b7..0894338 100644 --- a/tasks/cinder-api.yml +++ b/tasks/cinder-api.yml @@ -107,4 +107,38 @@ - name: kolla-config config_map: name: cinder-api + when: cluster == "kubernetes" +- name: Create Cinder-api Deployment + openshift_v1_deployment_config: + name: cinder-api + namespace: "{{ namespace }}" + service_account_name: "{{ service_account }}" + labels: + app: cinder-api + service: cinder-api + replicas: 1 + spec_template_metadata_labels: + app: cinder-api + service: cinder-api + containers: + - name: cinder-api + image: tripleomaster/centos-binary-cinder-api:current-tripleo + ports: + - container_port: 8776 + protocol: TCP + env: + - name: TZ + value: UTC + - name: KOLLA_CONFIG_STRATEGY + value: COPY_ALWAYS + - name: KOLLA_KUBERNETES + value: "" + volume_mounts: + - name: kolla-config + mountPath: /var/lib/kolla/config_files/ + volumes: + - name: kolla-config + config_map: + name: cinder-api + when: cluster == "openshift" diff --git a/tasks/cinder-scheduler.yml b/tasks/cinder-scheduler.yml index a4fead1..1374874 100644 --- a/tasks/cinder-scheduler.yml +++ b/tasks/cinder-scheduler.yml @@ -65,4 +65,35 @@ - name: kolla-config config_map: name: cinder-scheduler + when: cluster == "kubernetes" +- name: create cinder-scheduler deployment + openshift_v1_deployment_config: + name: cinder-scheduler + namespace: "{{ namespace }}" + service_account_name: "{{ service_account }}" + labels: + app: cinder-scheduler + service: cinder-scheduler + replicas: 1 + spec_template_metadata_labels: + app: cinder-scheduler + service: cinder-scheduler + containers: + - name: cinder-scheduler + image: tripleomaster/centos-binary-cinder-scheduler:current-tripleo + env: + - name: TZ + value: UTC + - name: KOLLA_CONFIG_STRATEGY + value: COPY_ALWAYS + - name: KOLLA_KUBERNETES + value: "" + volume_mounts: + - name: kolla-config + mountPath: /var/lib/kolla/config_files/ + volumes: + - name: kolla-config + config_map: + name: cinder-scheduler + when: cluster == "openshift" diff --git a/tasks/cinder-volume.yml b/tasks/cinder-volume.yml index 124c8a0..279862d 100644 --- a/tasks/cinder-volume.yml +++ b/tasks/cinder-volume.yml @@ -2,10 +2,10 @@ # backend configmap to its corresponding cinder-volume pod - include: backends/iscsi.yml - when: result.conf_dict['cinder_enable_iscsi_backend'] + when: cinder_enable_iscsi_backend - include: backends/rbd.yml - when: result.conf_dict['cinder_enable_rbd_backend'] + when: cinder_enable_rbd_backend - include: backends/xtremio.yml - when: result.conf_dict['dellemc_xtremio_iscsi_backend'] + when: cinder_enable_xtremio_backend - include: backends/netapp.yml - when: result.conf_dict['cinder_enable_netapp_backend'] + when: cinder_enable_netapp_backend diff --git a/tasks/deprovision.yml b/tasks/deprovision.yml index 5eb1f72..33a8742 100644 --- a/tasks/deprovision.yml +++ b/tasks/deprovision.yml @@ -19,43 +19,47 @@ - name: Delete cinder-api deployment k8s_apps_v1beta1_deployment: name: cinder-api - namespace: openstack + namespace: {{ namespace }} state: absent + when: cluster == "kubernetes" - name: Delete cinder-scheduler deployment k8s_apps_v1beta1_deployment: name: cinder-scheduler - namespace: openstack + namespace: {{ namespace }} state: absent + when: cluster == "kubernetes" - name: Delete cinder-volume deployment k8s_apps_v1beta1_deployment: name: cinder-volume - namespace: openstack + namespace: {{ namespace }} state: absent - name: Delete cinder service k8s_v1_service: name: cinder - namespace: openstack + namespace: {{ namespace }} state: absent - name: Delete cinder configmaps ignore_errors: yes k8s_v1_config_map: name: cinder-volume - namespace: openstack + namespace: {{ namespace }} state: absent + - name: Delete cinder configmaps ignore_errors: yes k8s_v1_config_map: name: cinder-scheduler - namespace: openstack + namespace: {{ namespace }} state: absent + - name: Delete cinder configmaps ignore_errors: yes k8s_v1_config_map: name: cinder-api - namespace: openstack + namespace: {{ namespace }} state: absent debug: yes diff --git a/tasks/enabled_backends.yml b/tasks/enabled_backends.yml index 2f2e154..d65e50f 100644 --- a/tasks/enabled_backends.yml +++ b/tasks/enabled_backends.yml @@ -2,20 +2,20 @@ - name: Append backend to enable_backends list set_fact: enabled_backends: "{{ enabled_backends }} + [ 'tripleo_ceph' ]" - when: result.conf_dict['cinder_enable_rbd_backend'] + when: cinder_enable_rbd_backend - name: Append backend to enable_backends list set_fact: enabled_backends: "{{ enabled_backends }} + [ 'tripleo_iscsi' ]" - when: result.conf_dict['cinder_enable_iscsi_backend'] + when: cinder_enable_iscsi_backend - name: Append backend to enable_backends list set_fact: enabled_backends: "{{ enabled_backends }} + [ 'xtremio' ]" - when: result.conf_dict['dellemc_xtremio_iscsi_backend'] + when: cinder_enable_xtremio_backend - name: Append backend to enable_backends list set_fact: enabled_backends: "{{ enabled_backends }} + [ 'tripleo_netapp' ]" - when: result.conf_dict['cinder_enable_netapp_backend'] + when: cinder_enable_netapp_backend diff --git a/tasks/init-jobs.yml b/tasks/init-jobs.yml index 24fea3e..0eb9e6b 100644 --- a/tasks/init-jobs.yml +++ b/tasks/init-jobs.yml @@ -1,44 +1,8 @@ -# List of init jobs for the pod go here -- name: Create cinder-init-job configmaps - ignore_errors: yes - k8s_v1_config_map: - name: cinder-init-job - namespace: "{{ namespace }}" - state: present - debug: yes - data: - config.json: | - { - "command": "cinder-scheduler --config-file /etc/cinder/cinder.conf", - "config_files": [ - { - "source": "/var/lib/kolla/config_files/cinder.conf", - "dest": "/etc/cinder/cinder.conf", - "owner": "cinder", - "perm": "0600" - } - ], - "permissions": [ - { - "path": "/var/lib/cinder", - "owner": "cinder:cinder", - "recurse": true - }, - { - "path": "/var/log/kolla/cinder", - "owner": "cinder:cinder", - "recurse": true - } - ] - } - - cinder.conf: | - {{cinder_conf['content'] | b64decode}} - - name: Create Cinder Database k8s_v1_job: name: cinder-create-db namespace: "{{ namespace }}" + service_account_name: "{{ service_account }}" restart_policy: OnFailure containers: - name: cinder-create-db @@ -54,7 +18,7 @@ name='cinder'" env: - name: DATABASE_PASSWORD - value: "{{ database_password }}" + value: "{{ mariadb_root_password }}" - name: "TZ" value: "UTC" register: db_create @@ -63,6 +27,7 @@ k8s_v1_job: name: cinder-create-user namespace: "{{ namespace }}" + service_account_name: "{{ service_account }}" restart_policy: OnFailure containers: - name: cinder-create-db @@ -82,9 +47,9 @@ append_privs='yes'" env: - name: CINDER_DATABASE_PASSWORD - value: "{{ cinder_db_password }}" + value: "{{ cinder_password }}" - name: DATABASE_PASSWORD - value: "{{database_password}}" + value: "{{mariadb_root_password}}" - name: "TZ" value: "UTC" when: db_create|succeeded @@ -94,12 +59,12 @@ k8s_v1_job: name: cinder-create-tables namespace: "{{ namespace }}" + service_account_name: "{{ service_account }}" restart_policy: OnFailure containers: - name: cinder-create-db image: tripleomaster/centos-binary-cinder-api:current-tripleo image_pull_policy: IfNotPresent -# command: ["/usr/bin/cinder-manage", "db", "sync"] env: - name: KOLLA_KUBERNETES value: "" @@ -115,16 +80,7 @@ volumes: - name: kolla-config config_map: - name: cinder-init-job + name: cinder-scheduler when: db_create|succeeded register: cinder_bootstrap -# Remove the init-job configmap. -- name: Delete cinder-init-job configmaps - ignore_errors: yes - k8s_v1_config_map: - name: cinder-init-job - namespace: "{{namespace}}" - state: absent - when: cinder_bootstrap|succeeded - diff --git a/tasks/provision.yml b/tasks/provision.yml index b7cefaa..cad5a4e 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -1,19 +1,18 @@ - +-- - include: hiera.yml - include: enabled_backends.yml - name: Generate config files - config_template: + template: src: cinder.conf.j2 dest: /tmp/cinder.conf - config_overrides: '{{cinder_config}}' - config_type: ini - name: Read configs into memory slurp: src: "/tmp/cinder.conf" register: "cinder_conf" +- include: config_maps.yml - include: init-jobs.yml - include: cinder-api.yml - include: cinder-scheduler.yml diff --git a/templates/cinder-volume-config.yml.j2 b/templates/cinder-volume-config.yml.j2 index e0a7692..32832fa 100644 --- a/templates/cinder-volume-config.yml.j2 +++ b/templates/cinder-volume-config.yml.j2 @@ -4,17 +4,17 @@ config_files: dest: "/etc/cinder/cinder.conf" owner: cinder perm: '0600' -{% if result.conf_dict['cinder_enable_rbd_backend'] %} +{% if cinder_enable_rbd_backend %} - source: "/var/lib/kolla/config_files/ceph.conf" dest: "/etc/ceph/ceph.conf" owner: root perm: '0644' -- source: "/var/lib/kolla/config_files/ceph.client.{{result.conf_dict['cinder_rbd_user_name']}}.keyring" - dest: "/etc/ceph/ceph.client.{{result.conf_dict['cinder_rbd_user_name']}}.keyring" +- source: "/var/lib/kolla/config_files/ceph.client.{{cinder_rbd_user_name}}.keyring" + dest: "/etc/ceph/ceph.client.{{cinder_rbd_user_name}}.keyring" owner: root perm: '0644' {% endif %} -{% if result.conf_dict['cinder_enable_iscsi_backend'] %} +{% if cinder_enable_iscsi_backend %} - source: "/var/lib/kolla/config_files/lvm.conf" dest: "/etc/lvm/lvm.conf" owner: root @@ -27,4 +27,3 @@ permissions: - path: "/var/log/kolla/cinder" owner: cinder:cinder recurse: true - diff --git a/templates/cinder.conf.j2 b/templates/cinder.conf.j2 index 6270927..40e7802 100644 --- a/templates/cinder.conf.j2 +++ b/templates/cinder.conf.j2 @@ -1,50 +1,42 @@ [DEFAULT] -glance_api_servers={{result.conf_dict['DEFAULT']['glance_api_servers']}} -glance_api_version={{result.conf_dict['DEFAULT']['glance_api_version']}} -enable_v3_api=True -storage_availability_zone=nova -default_availability_zone=nova -auth_strategy={{result.conf_dict['DEFAULT']['auth_strategy']}} -enabled_backends={{ enabled_backends | join(",") }} -nova_catalog_info=compute:nova:internalURL -nova_catalog_admin_info=compute:nova:adminURL -scheduler_driver=cinder.scheduler.filter_scheduler.FilterScheduler -osapi_volume_listen=0.0.0.0 -osapi_volume_workers=2 -log_dir=/var/log/cinder -transport_url=rabbit://{{result.conf_dict['oslo_messaging_rabbit']['rabbit_userid']}}:{{result.conf_dict['oslo_messaging_rabbit']['rabbit_password']}}@rabbitmq:{{result.conf_dict['oslo_messaging_rabbit']['rabbit_port']}}/?ssl=0 -rpc_backend=rabbit -control_exchange=openstack -api_paste_config=/etc/cinder/api-paste.ini - -[database] -connection=mysql+pymysql://{{result.conf_dict['database']['user']}}:{{result.conf_dict['database']['password']}}@{{result.conf_dict['database']['host']}}:3306/{{result.conf_dict['database']['dbname']}} -max_retries=-1 -db_max_retries=-1 - -[oslo_concurrency] -lock_path=/var/lib/cinder/tmp +enable_v3_api = true +glance_api_servers = none +enabled_backends = {{ enabled_backends | join(",") }} +glance_api_version = 2 +log_dir = /var/log/cinder +osapi_volume_listen = 0.0.0.0 +scheduler_driver = cinder.scheduler.filter_scheduler.FilterScheduler +nova_catalog_info = compute:nova:internalURL +api_paste_config = /etc/cinder/api-paste.ini +transport_url = rabbit://{{ rabbitmq_user }}:{{rabbitmq_password }}@rabbitmq:5672/?ssl=0 +public_bind_host = 0.0.0.0 +auth_strategy = {{ auth_strategy }} [oslo_messaging_notifications] -driver=messagingv2 -transport_url=rabbit://{{result.conf_dict['oslo_messaging_rabbit']['rabbit_userid']}}:{{result.conf_dict['oslo_messaging_rabbit']['rabbit_password']}}@rabbitmq:{{result.conf_dict['oslo_messaging_rabbit']['rabbit_port']}}/?ssl=0 +transport_url = rabbit://{{ rabbitmq_user }}:{{ rabbitmq_password }}@rabbitmq:5672/?ssl=0 +driver = messagingv2 -[oslo_messaging_rabbit] -ssl={{result.conf_dict['oslo_messaging_rabbit']['rabbit_use_ssl']}} -rabbit_port={{result.conf_dict['oslo_messaging_rabbit']['rabbit_port']}} -rabbit_userid={{result.conf_dict['oslo_messaging_rabbit']['rabbit_userid']}} -rabbit_password={{result.conf_dict['oslo_messaging_rabbit']['rabbit_password']}} -heartbeat_timeout_threshold={{result.conf_dict['oslo_messaging_rabbit']['rabbit_heartbeat_timeout_threshold']}} +[database] +db_max_retries = -1 +host = mariadb +max_retries = -1 +connection = mysql+pymysql://{{ mariadb_root_user }}:{{ mariadb_root_password }}@mariadb:3306/{{ cinder_user }} +user = {{ cinder_user }} +password = {{ cinder_password }} +dbname = {{ cinder_user }} -[oslo_middleware] -enable_proxy_headers_parsing=True +[oslo_concurrency] +lock_path = /var/lib/cinder/tmp [oslo_policy] -policy_file=/etc/cinder/policy.json +policy_file = /etc/cinder/policy.json -{% if result.conf_dict['cinder_enable_iscsi_backend'] %} -[tripleo_iscsi] -volume_backend_name=tripleo_iscsi +[privsep_entrypoint] +helper_command = sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf + +{% if cinder_enable_iscsi_backend %} +[iscsi] +volume_backend_name=iscsi volume_driver=cinder.volume.drivers.lvm.LVMVolumeDriver iscsi_ip_address=iscsid iscsi_helper=lioadm @@ -52,35 +44,18 @@ volumes_dir=/var/lib/cinder/cinder-volumes iscsi_protocol=iscsi {% endif %} -{% if result.conf_dict['dellemc_xtremio_iscsi_backend'] %} -[xtremio] -max_over_subscription_ratio = {{result.conf_dict['xtremio']['max_over_subscription_ratio']}} -use_multipath_for_image_xfer= {{result.conf_dict['xtremio']['use_multipath_for_image_xfer']}} -volume_backend_name=xtremio -volume_driver=cinder.volume.drivers.emc.xtremio.XtremIOISCSIDriver -san_ip={{result.conf_dict['xtremio']['san_ip']}} -xtremio_cluster_name={{result.conf_dict['xtremio']['xtremio_cluster_name']}} -san_login={{result.conf_dict['xtremio']['san_login']}} -san_password={{result.conf_dict['xtremio']['san_password']}} -image_volume_cache_enabled={{result.conf_dict['xtremio']['image_volume_cache_enabled']}} +{% if cinder_enable_xtremio_backend %} +{% include 'xtremio/cinder-annex.conf.j2' %} {% endif %} -{% if result.conf_dict['cinder_enable_rbd_backend'] %} -[tripleo_ceph] -volume_backend_name=tripleo_ceph -volume_driver=cinder.volume.drivers.rbd.RBDDriver -rbd_ceph_conf=/etc/ceph/ceph.conf -rbd_user={{ result.conf_dict['cinder_rbd_user_name'] }} -rbd_pool={{ result.conf_dict['cinder_rbd_pool_name'] }} -rbd_secret_uuid={{ result.conf_dict['ceph_cluster_fsid'] }} -backend_host=hostgroup +{% if cinder_enable_rbd_backend %} +{% include 'rbd/cinder-annex.conf.j2' %} {% endif %} -{% if result.conf_dict['cinder_enable_netapp_backend'] %} -[tripleo_netapp] +{% if cinder_enable_netapp_backend %} +[netapp] title = tripleo_netapp -netapp_login = {{result.conf_dict['tripleo_netapp']['netapp_login']}} -netapp_password = {{result.conf_dict['tripleo_netapp']['netapp_password']}} -netapp_server_hostname = {{result.conf_dict['tripleo_netapp']['netapp_server_hostname']}} +netapp_login = {{netapp.netapp_login}} +netapp_password = {{netapp.netapp_password}} +netapp_server_hostname = {{netapp.netapp_server_hostname}} {% endif %} - diff --git a/templates/rbd/ceph.conf.j2 b/templates/rbd/ceph.conf.j2 index 8b761a5..73218cb 100644 --- a/templates/rbd/ceph.conf.j2 +++ b/templates/rbd/ceph.conf.j2 @@ -1,10 +1,9 @@ [global] -fsid = {{result.conf_dict['ceph_cluster_fsid']}} -mon_host = {{result.conf_dict['ceph_mon_host']}} -auth_cluster_required = {{result.conf_dict['authentication_type']}} -auth_service_required = {{result.conf_dict['authentication_type']}} -auth_client_required = {{result.conf_dict['authentication_type']}} -auth_supported = {{result.conf_dict['authentication_type']}} +mon_host = {{ceph.ceph_mon_host}} +auth_cluster_required = {{ceph.authentication_type}} +auth_service_required = {{ceph.authentication_type}} +auth_client_required = {{ceph.authentication_type}} +auth_supported = {{ceph.authentication_type}} [client] rbd_default_features = 1