openstack/puppet-openstack-integration
Code Issues Proposed changes
4d165a20f7
puppet-openstack-integration/manifests/ceph.pp
Takashi Kajinami 47e4835878 Use httpd+mod_wsgi to run glance-api 
This makes glance-api run by httpd+mod_wsgi instead of standalone
eventlet service. This allows us to enable ssl for glance endpoints.

Note that this change switches glance backend in scenario 004 from rgw
to file, because usage of rgw causes circular dependencies. Swift API
is already tested by tempest, and we assume that usage of swift store
driver to integrate glance and ceph is not as much popular as one of
rbd store driver.

Change-Id: I888f288bde30c5eeb2d33facd1e55aaddd670450
2024-03-01 12:10:33 +09:00

190 lines
6.3 KiB
Puppet
Raw Blame History

# Configure the Ceph services
#
# [*deploy_rgw*]
# (optional) Setting flag to enable the deployment of Ceph RadosGW and
# configure various services to use Swift provided by RGW as a backend.
# Defaults to false
#
# [*pg_num*]
# (optional) Number of PGs per pool.
# Defaults to 16.
#
# [*create_cephfs*]
# (optional) Flag if CephFS will be created.
# Defaults to false
#
# [*ceph_pools*]
# (optional) Ceph pools
# Defaults to ['glance', 'nova']
#
class openstack_integration::ceph (
$deploy_rgw = false,
$pg_num = 16,
$create_cephfs = false,
$ceph_pools = ['glance', 'nova']
) {
include openstack_integration::config
if $::openstack_integration::config::ipv6 {
$ms_bind_ipv4 = false
$ms_bind_ipv6 = true
} else {
$ms_bind_ipv4 = true
$ms_bind_ipv6 = false
}
ensure_packages(['lvm2'], {'ensure' => 'present', before => Exec['lvm_create']})
exec { 'lvm_create':
command => "/bin/true # comment to satisfy puppet syntax requirements
truncate --size=10G /diskimage.img
losetup /dev/loop0 /diskimage.img
pvcreate /dev/loop0
vgcreate ceph_vg /dev/loop0
sleep 5
lvcreate -n lv_data -a y -l 100%FREE ceph_vg
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
test -b /dev/ceph_vg/lv_data
",
logoutput => true,
}
Exec['lvm_create'] -> Class['Ceph::Osds']
class { 'ceph::params':
# Since Quincy, the ceph-volume command is provided by the separate package
packages => ['ceph', 'ceph-volume']
}
$rgw_frontends = $::openstack_integration::config::ssl ? {
true => [
'beast',
"ssl_endpoint=${::openstack_integration::config::ip_for_url}:8080",
"ssl_private_key=/etc/ceph/ssl/private/${facts['networking']['fqdn']}.pem",
"ssl_certificate=${::openstack_integration::params::cert_path}"
],
default => [
'beast',
"endpoint=${::openstack_integration::config::ip_for_url}:8080"
]
}
class { 'ceph::profile::params':
fsid => '7200aea0-2ddd-4a32-aa2a-d49f66ab554c',
manage_repo => false, # repo already managed in openstack_integration::repo
ms_bind_ipv4 => $ms_bind_ipv4,
ms_bind_ipv6 => $ms_bind_ipv6,
authentication_type => 'cephx',
mon_host => $::openstack_integration::config::ip_for_url,
mon_initial_members => $facts['networking']['hostname'],
osd_pool_default_size => '1',
osd_pool_default_min_size => '1',
mon_key => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
mgr_key => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
mds_key => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
osd_max_object_name_len => 256,
osd_max_object_namespace_len => 64,
client_keys => {
'client.admin' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'mode' => '0600',
'cap_mon' => 'allow *',
'cap_osd' => 'allow *',
'cap_mds' => 'allow *',
},
'client.bootstrap-osd' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'keyring_path' => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
'cap_mon' => 'allow profile bootstrap-osd',
},
'client.openstack' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'mode' => '0644',
'cap_mon' => 'profile rbd',
'cap_osd' => 'profile rbd pool=cinder, profile rbd pool=nova, profile rbd pool=glance, profile rbd pool=gnocchi, profile rbd pool=backups',
},
'client.manila' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'mode' => '0644',
'cap_mgr' => 'allow rw',
'cap_mon' => 'allow r',
},
'client.radosgw.gateway' => {
'user' => 'ceph',
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'cap_mon' => 'allow rwx',
'cap_osd' => 'allow rwx',
'inject' => true,
}
},
osds => {
'ceph_vg/lv_data' => {},
},
# Configure Ceph RadosGW
# These could be always set in the above call to ceph::profile::params
frontend_type => 'beast',
rgw_frontends => join($rgw_frontends, ' '),
rgw_user => 'ceph',
rgw_keystone_integration => true,
rgw_keystone_url => $::openstack_integration::config::keystone_admin_uri,
rgw_keystone_admin_domain => 'Default',
rgw_keystone_admin_user => 'rgwuser',
rgw_keystone_admin_password => 'secret',
rgw_keystone_admin_project => 'services',
rgw_swift_url => "${::openstack_integration::config::base_url}:8080",
rgw_swift_public_url => "${::openstack_integration::config::base_url}:8080/swift/v1",
rgw_swift_admin_url => "${::openstack_integration::config::base_url}:8080/swift/v1",
rgw_swift_internal_url => "${::openstack_integration::config::base_url}:8080/swift/v1",
rbd_default_features => '15',
}
ceph::pool { $ceph_pools:
pg_num => $pg_num,
}
class { 'ceph::profile::mgr': }
class { 'ceph::profile::mon': }
class { 'ceph::profile::osd': }
if $create_cephfs {
ceph::pool { ['cephfs_data', 'cephfs_metadata']:
pg_num => $pg_num,
}
-> ceph::fs { 'cephfs':
metadata_pool => 'cephfs_metadata',
data_pool => 'cephfs_data',
}
~> exec { 'enable cephfs snapshot':
command => 'ceph fs set cephfs allow_new_snaps true',
path => ['/bin', '/usr/bin'],
refreshonly => true,
tag => 'create-cephfs',
}
class { 'ceph::profile::mds': }
}
# Extra Ceph configuration to increase performances
$ceph_extra_config = {
'global/osd_journal_size' => { value => '100' },
}
class { 'ceph::conf':
args => $ceph_extra_config,
}
if $deploy_rgw {
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'ceph':
require => Package['ceph'],
}
Openstack_integration::Ssl_key['ceph'] ~> Service<| tag == 'ceph-radosgw' |>
Exec['update-ca-certificates'] ~> Service<| tag == 'ceph-radosgw' |>
}
class { 'ceph::profile::rgw': }
}
}
View Git Blame Copy Permalink