openstack/openstack-ansible
Code Issues Proposed changes
Files
b878370a0b3f0bbd47bff98f3fa4552f7cf66c05
openstack-ansible/etc/openstack_deploy/user_variables.yml
Serge van Ginderachter b878370a0b Add Ceph/RBD support to playbooks 
Currently the playbooks do not allow Ceph to be configured as a backend
for Cinder, Glance or Nova. This commit adds a new role called
ceph_client to do the required configuration of the hosts and updates
the service roles to include the required configuration file changes.
This commit requires that a Ceph cluster already exists and does not
make any changes to that cluster.

ceph_client role, run on the OpenStack service hosts
  - configures the Ceph apt repo
  - installs any required Ceph dependencies
  - copies the ceph.conf file and appropriate keyring file to /etc/ceph
  - creates the necessary libvirt secrets

os_glance role
glance-api.conf will set the following variables for Ceph:
  - [DEFAULT]/show_image_direct_url
  - [glance_store]/stores
  - [glance_store]/rbd_store_pool
  - [glance_store]/rbd_store_user
  - [glance_store]/rbd_store_ceph_conf
  - [glance_store]/rbd_store_chunk_size

os_nova role
nova.conf will set the following variables for Ceph:
  - [libvirt]/rbd_user
  - [libvirt]/rbd_secret_uuid
  - [libvirt]/images_type
  - [libvirt]/images_rbd_pool
  - [libvirt]/images_rbd_ceph_conf
  - [libvirt]/inject_password
  - [libvirt]/inject_key
  - [libvirt]/inject_partition
  - [libvirt]/live_migration_flag

os_cinder is not updated because ceph is defined as a backend and that
is generated from a dictionary of the config, for an example backend
config, see etc/openstack_deploy/openstack_user_config.yml.example

pw-token-gen.py is updated so that variables ending in uuid are assigned
a UUID.

DocImpact
Implements: blueprint ceph-block-devices
Closes-Bug: #1455238
Change-Id: Ie484ce0bbb93adc53c30be32f291aa5058b20028
2015-08-01 19:49:00 +01:00

139 lines
5.7 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Ceilometer Options
ceilometer_db_type: mongodb
ceilometer_db_ip: localhost
ceilometer_db_port: 27017
swift_ceilometer_enabled: False
heat_ceilometer_enabled: False
cinder_ceilometer_enabled: False
glance_ceilometer_enabled: False
nova_ceilometer_enabled: False
## Glance Options
# Set glance_default_store to "swift" if using Cloud Files or swift backend
# or "rbd" if using ceph backend; the latter will trigger ceph to get
# installed on glance
glance_default_store: file
glance_notification_driver: noop
# `internalURL` will cause glance to speak to swift via ServiceNet, use
# `publicURL` to communicate with swift over the public network
glance_swift_store_endpoint_type: internalURL
# Ceph client user for glance to connect to the ceph cluster
#glance_ceph_client: glance
# Ceph pool name for Glance to use
#glance_rbd_store_pool: images
#glance_rbd_store_chunk_size: 8
## Nova
# When nova_libvirt_images_rbd_pool is defined, ceph will be installed on nova
# hosts.
#nova_libvirt_images_rbd_pool: vms
# by default we assume you use rbd for both cinder and nova, and as libvirt
# needs to access both volumes (cinder) and boot disks (nova) we default to
# reuse the cinder_ceph_client
# only need to change this if you'd use ceph for boot disks and not for volumes
#nova_ceph_client:
#nova_ceph_client_uuid:
# This defaults to KVM, if you are deploying on a host that is not KVM capable
# change this to your hypervisor type: IE "qemu", "lxc".
# nova_virt_type: kvm
# nova_cpu_allocation_ratio: 2.0
# nova_ram_allocation_ratio: 1.0
## Glance with Swift
### Extra options when configuring swift as a glance back-end.
### By default it will use the local swift install
### Set these when using a remote swift as a glance backend
#glance_swift_store_auth_address: "https://some.auth.url.com"
#glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME"
#glance_swift_store_key: "OPENSTACK_USER_PASSWORD"
#glance_swift_store_container: "NAME_OF_SWIFT_CONTAINER"
#glance_swift_store_region: "NAME_OF_REGION"
## Cinder
# Ceph client user for cinder to connect to the ceph cluster
#cinder_ceph_client: cinder
## Ceph
#ceph_apt_repo_url_region: "www" # or "eu" for Netherlands based mirror
#ceph_stable_release: hammer
#
# Enable these if you use ceph rbd for at least one component (glance, cinder, nova)
# ceph cluster-id, overrule with correct uuid!
#ceph_fsid: d4ab416b-490c-4ab9-87e8-2364b524e0f2
#ceph_conf:
# global:
# fsid: '{{ ceph_fsid }}'
# mon_initial_members: 'mon1.example.local,mon2.example.local,mon3.example.local'
# mon_host: '10.16.5.40,10.16.5.41,10.16.5.42'
# auth_cluster_required: cephx
# auth_service_required: cephx
# auth_client_required: cephx
## Apache SSL Settings
# These do not need to be configured unless you're creating certificates for
# services running behind Apache (currently, Horizon and Keystone).
ssl_protocol: "ALL -SSLv2 -SSLv3"
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
# To override for Keystone only:
# - keystone_ssl_protocol
# - keystone_ssl_cipher_suite
# To override for Horizon only:
# - horizon_ssl_protocol
# - horizon_ssl_cipher_suite
## Additional pinning generator that will allow for more packages to be pinned as you see fit.
## All pins allow for package and versions to be defined. Be careful using this as versions
## are always subject to change and updates regarding security will become your problem from this
## point on. Pinning can be done based on a package version, release, or origin. Use "*" in the
## package name to indicate that you want to pin all package to a particular constraint.
# apt_pinned_packages:
# - { package: "lxc", version: "1.0.7-0ubuntu0.1" }
# - { package: "libvirt-bin", version: "1.2.2-0ubuntu13.1.9" }
# - { package: "rabbitmq-server", origin: "www.rabbitmq.com" }
# - { package: "*", release: "MariaDB" }
## Environment variable settings
# This allows users to specify the additional environment variables to be set
# which is useful in setting where you working behind a proxy. If working behind
# a proxy It's important to always specify the scheme as "http://". This is what
# the underlying python libraries will handle best. This proxy information will be
# placed both on the hosts and inside the containers.
## Example environment variable setup:
# proxy_env_url: http://username:pa$$w0rd@10.10.10.9:9000/
# no_proxy_env: "localhost,127.0.0.1,{% for host in groups['all_containers'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
# global_environment_variables:
# HTTP_PROXY: "{{ proxy_env_url }}"
# HTTPS_PROXY: "{{ proxy_env_url }}"
# NO_PROXY: "{{ no_proxy_env }}"
## Multiple region support in Horizon:
# For multiple regions uncomment this configuration, and
# add the extra endpoints below the first list item.
# horizon_available_regions:
# - { url: "{{ keystone_service_internalurl }}", name: "{{ keystone_service_region }}" }
# - { url: "http://cluster1.example.com:5000/v2.0", name: "RegionTwo" }
View Git Blame Copy Permalink