Add a new set of tasks to build the openstack pool and key list

Using this approach we can build the list of the openstack pools and keys according to the tht variable generated and the list of the enabled services gathered by hiera. Closes-Bug: #1864477 Change-Id: I80ac1fc325a2d13be1a1e454eee0389510c090b2
2020-02-20 18:05:05 +01:00 · 2020-02-20 18:05:05 +01:00 · 144f5aa690
parent a976fafdb8
commit 144f5aa690
4 changed files with 221 additions and 68 deletions
--- a/tripleo_ansible/roles/tripleo_ceph_common/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_ceph_common/defaults/main.yml
@ -47,76 +47,9 @@ ceph_ansible_group_vars_all:
  fsid: b8df929e-7c29-11e9-b1bd-244253215215
  generate_fsid: false
  ip_version: ipv4
-  keys:
-    - caps:
-        mgr: allow *
-        mon: profile rbd
-        osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms,
-          profile rbd pool=images
-      key: AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q==
-      mode: '0600'
-      name: client.openstack
-    - caps:
-        mds: allow *
-        mgr: allow *
-        mon: allow r, allow command 'auth del', allow command 'auth caps', allow
-          command 'auth get', allow command 'auth get-or-create'
-        osd: allow rw
-      key: AQCwmeRcAAAAABAAiglHZveUQUmoSsYbZcbMEA==
-      mode: '0600'
-      name: client.manila
-    - caps:
-        mgr: allow *
-        mon: allow rw
-        osd: allow rwx
-      key: AQCwmeRcAAAAABAAvd9OK2qeXNaD4rL/wP7D0Q==
-      mode: '0600'
-      name: client.radosgw
  monitor_address_block: 192.168.24.0/24
  ntp_service_enabled: false
  openstack_config: true
-  openstack_keys:
-    - caps:
-        mgr: allow *
-        mon: profile rbd
-        osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms,
-          profile rbd pool=images
-      key: AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q==
-      mode: '0600'
-      name: client.openstack
-    - caps:
-        mds: allow *
-        mgr: allow *
-        mon: allow r, allow command 'auth del', allow command 'auth caps', allow
-          command 'auth get', allow command 'auth get-or-create'
-        osd: allow rw
-      key: AQCwmeRcAAAAABAAiglHZveUQUmoSsYbZcbMEA==
-      mode: '0600'
-      name: client.manila
-    - caps:
-        mgr: allow *
-        mon: allow rw
-        osd: allow rwx
-      key: AQCwmeRcAAAAABAAvd9OK2qeXNaD4rL/wP7D0Q==
-      mode: '0600'
-      name: client.radosgw
-  openstack_pools:
-    - application: rbd
-      name: images
-      pg_num: 32
-      rule_name: replicated_rule
-    - application: rbd
-      name: backups
-      pg_num: 32
-      rule_name: replicated_rule
-    - application: rbd
-      name: vms
-      pg_num: 32
-      rule_name: replicated_rule
-    - application: rbd
-      name: volumes
-      pg_num: 32
-      rule_name: replicated_rule
  pools: []
  public_network: 192.168.24.0/24
  user_config: true
@ -134,3 +67,52 @@ swift_put_url: ''
 ceph_ansible_skip_tags: 'package-install,with_pkg'
 ceph_ansible_environment_variables: []
 ceph_ansible_inherits_calling_ansible_environment: false
+
+ceph_pools:
+  gnocchi_pool:
+    name: 'metrics'
+    enabled: true
+  nova_pool:
+    name: 'vms'
+    enabled: true
+  glance_pool:
+    name: 'images'
+    enabled: true
+  cinder_pool:
+    name: 'volumes'
+    enabled: true
+    cinder_extra_pools: [altrbd, pool2, pool3]
+  cinder_backup_pool:
+    name: 'backups'
+    enabled: false
+  extra_pools:
+    - application: rbd
+      name: altrbd
+      pg_num: 1
+      rule_name: replicated_rule
+  pg_num: 32
+
+manila_pools:
+  data: 'manila_data'
+  data_pg_num: 16
+  metadata: 'manila_metadata'
+  metadata_pg_num: 16
+
+ceph_keys:
+  openstack_client:
+    name: "openstack"
+    key: "AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=="
+  manila:
+    name: "manila"
+    key: "AQDVdVZeAAAAABAAhhhLNK3G8Bb8kShtnPBXnA=="
+  radosgw:
+    name: "radosgw"
+    key: "AQDVdVZeAAAAABAAzv4Bo8gRRyuOvs2MaLtnYQ=="
+  extra_keys:
+    - caps:
+        mgr: allow *
+        mon: profile rbd
+        osd: profile rbd pool=images
+      key: AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg==
+      mode: '0600'
+      name: client.glance
--- a/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_keys.yml
+++ b/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_keys.yml
@ -0,0 +1,62 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: reset profiles string to avoid complex string manipulation
+  set_fact:
+    profiles: ""
+
+- name: build openstack client key
+  block:
+    - name: build openstack client profiles per pool
+      set_fact:
+        profiles: "{{ 'profile rbd pool='.join((profiles|default(''), (current+', '))) }}"
+      vars:
+        current: "{{ item.name }}"
+      with_items: "{{ openstack_pools.openstack_pools }}"
+
+    - name: set openstack client caps
+      set_fact:
+        osp_client_caps: {'mgr': 'allow *', 'mon': 'profile rbd', 'osd': "{{ profiles | regex_replace('\\, $', '') }}"}
+
+    - name: set openstack client key
+      set_fact:
+        client_key: [{'name': '{{ ".".join(("client", ceph_keys.openstack_client.name)) }}',
+                      'key': '{{ ceph_keys.openstack_client.key }}', 'mode':'0600', 'caps': '{{ osp_client_caps }}'}]
+
+- name: build manila key for openstack
+  vars:
+    manila_caps: {"mgr": "allow *", "mon": "allow r, allow command 'auth del', allow command 'auth caps',
+                   allow command 'auth get', allow command 'auth get-or-create'", "mds": "allow *", "osd": "allow rw"}
+  set_fact:
+    manila_key: [{'name': '{{ ".".join(("client", ceph_keys.manila.name)) }}', 'key': '{{ ceph_keys.manila.key }}',
+                  'mode': '0600', 'caps': '{{ manila_caps }}'}]
+  when:
+    - "'manila_api' in {{ enabled_services.stdout }}"
+
+- name: build radosgw key for openstack
+  vars:
+    rgw_caps: {"mgr": "allow *", "mon": "allow rw", "osd": "allow rwx"}
+  set_fact:
+    rgw_key: [{'name': '{{ ".".join(("client", ceph_keys.radosgw.name)) }}', 'key': '{{ ceph_keys.radosgw.key }}',
+               'mode': '0600', 'caps': '{{ rgw_caps }}'}]
+  when:
+    - "'ceph_rgw' in {{ enabled_services.stdout }}"
+
+- name: build the resulting keys
+  set_fact:
+    openstack_keys: "{ 'openstack_keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) +
+                       ceph_keys.extra_keys|default([]) }} }"
+    keys: "{ 'keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) + ceph_keys.extra_keys|default([]) }} }"
--- a/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_pools.yml
+++ b/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_pools.yml
@ -0,0 +1,91 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: build pool list
+  block:
+    - name: build filter list
+      set_fact:
+        overrides: "{{ overrides|default([]) + [ item.name ] }}"
+      with_items: "{{ ceph_pools.extra_pools }}"
+
+    - name: add images pool
+      set_fact:
+        images: [{'name': '{{ ceph_pools.glance_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num }}', 'rule_name': 'replicated_rule', 'application': 'rbd'}]
+      when:
+        - tripleo_pool_images
+        - ceph_pools.glance_pool.name not in overrides|default([])
+
+    - name: add volumes pool
+      set_fact:
+        volumes: [{'name': '{{ ceph_pools.cinder_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num }}', 'rule_name': 'replicated_rule', 'application': 'rbd'}]
+      when:
+        - tripleo_pool_volumes
+        - ceph_pools.cinder_pool.name not in overrides|default([])
+
+    - name: add vms pool
+      set_fact:
+        vms: [{'name': '{{ ceph_pools.nova_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num }}', 'rule_name': 'replicated_rule', 'application': 'rbd'}]
+      when:
+        - tripleo_pool_vms
+        - ceph_pools.nova_pool.name not in overrides|default([])
+
+    - name: add gnocchi pool
+      set_fact:
+        metrics: [{'name': '{{ ceph_pools.gnocchi_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num }}', 'rule_name': 'replicated_rule',
+                   'application': 'openstack_gnocchi'}]
+      when:
+        - tripleo_pool_metrics
+        - "'gnocchi_api' in {{ enabled_services.stdout }}"
+        - ceph_pools.gnocchi_pool.name not in overrides|default([])
+
+    - name: add cinder backup pool
+      set_fact:
+        backup: [{'name': '{{ ceph_pools.cinder_backup_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num }}', 'rule_name': 'replicated_rule',
+                  'application': 'rbd'}]
+      when:
+        - tripleo_pool_volumes
+        - tripleo_pool_backup
+        - "'cinder_backup' in {{ enabled_services.stdout }}"
+        - ceph_pools.cinder_backup_pool.name not in overrides|default([])
+
+    - name: add cinder extra pools
+      set_fact:
+        cinder_extra: "{{ (cinder_extra|default([]) + [ pool ])|unique }}"
+      vars:
+        pool: "{'name': '{{ item }}', 'pg_num': '{{ ceph_pools.pg_num }}', 'rule_name': 'replicated_rule', 'application': 'rbd' }"
+      with_items: "{{ ceph_pools.cinder_pool.cinder_extra_pools }}"
+      when:
+        - tripleo_pool_volumes
+        - item not in overrides
+
+    - name: build resulting pool list
+      set_fact:
+        openstack_pools: "{'openstack_pools': {{ vms|default([]) + volumes|default([]) + images|default([]) + metrics|default([])
+        + backup|default([]) + cinder_extra|default([]) + ceph_pools.extra_pools|default([]) }} }"
+
+- name: build manila pool list
+  block:
+    - name: add manila data pool
+      set_fact:
+        cephfs_data: {'cephfs_data_pool': {'name': '{{ manila_pools.data }}', 'pg_num': '{{ manila_pools.data_pg_num }}',
+                                           'rule_name': 'replicated_rule', 'application': 'cephfs'}}
+
+    - name: add manila metadata pool
+      set_fact:
+        cephfs_metadata: {'cephfs_metadata_pool': {'name': '{{ manila_pools.metadata }}', 'pg_num': '{{ manila_pools.metadata_pg_num }}',
+                                                   'rule_name': 'replicated_rule', 'application': 'cephfs'}}
+  when:
+    - "'manila_api' in {{ enabled_services.stdout }}"
--- a/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/prepare.yml
+++ b/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/prepare.yml
@ -39,10 +39,28 @@
    - run_uuid_ansible
    - run_ceph_ansible

+- name: gather hiera metadata
+  command: /bin/hiera -c /etc/puppet/hiera.yaml enabled_services
+  register: enabled_services
+
+- name: build the openstack pool list
+  import_tasks: build_pools.yml
+  vars:
+    tripleo_pool_images: "{{ ceph_pools.glance_pool.enabled }}"
+    tripleo_pool_vms: "{{ ceph_pools.nova_pool.enabled }}"
+    tripleo_pool_volumes: "{{ ceph_pools.cinder_pool.enabled }}"
+    tripleo_pool_backup: "{{ ceph_pools.cinder_backup_pool.enabled }}"
+    tripleo_pool_metrics: "{{ ceph_pools.gnocchi_pool.enabled }}"
+
+- name: build openstack keys
+  include_tasks: build_keys.yml
+
 - name: generate ceph-ansible group vars all
  copy:
    dest: "{{ playbook_dir }}/ceph-ansible/group_vars/all.yml"
-    content: "{{ ceph_ansible_group_vars_all | to_nice_yaml }}"
+    content: "{{ ceph_ansible_group_vars_all | combine(openstack_pools|default({'openstack_pools': []}))
+             | combine(openstack_keys|default({'openstack_keys': []})) | combine(keys|default({'keys': []}))
+             | combine(cephfs_data|default({})) | combine(cephfs_metadata|default({})) | to_nice_yaml }}"

 - name: generate ceph-ansible extra vars
  copy: