From c5e2ecc5e56b8af4314928bd672fac8a79994f97 Mon Sep 17 00:00:00 2001 From: ramishra Date: Fri, 9 Apr 2021 12:07:45 +0530 Subject: [PATCH] Simplify ceph-ansible service templates Simplifies conditions and removes some unnecessary heat resources. Change-Id: If82b26e1c664906f28427fdfd0a0bb3e35425157 --- deployment/ceph-ansible/ceph-base.yaml | 114 +++++++------------- deployment/ceph-ansible/ceph-client.yaml | 22 +--- deployment/ceph-ansible/ceph-external.yaml | 11 +- deployment/ceph-ansible/ceph-grafana.yaml | 29 ++--- deployment/ceph-ansible/ceph-mds.yaml | 14 +-- deployment/ceph-ansible/ceph-mgr.yaml | 30 ++---- deployment/ceph-ansible/ceph-mon.yaml | 15 +-- deployment/ceph-ansible/ceph-nfs.yaml | 27 ++--- deployment/ceph-ansible/ceph-osd.yaml | 15 +-- deployment/ceph-ansible/ceph-rbdmirror.yaml | 19 ++-- deployment/ceph-ansible/ceph-rgw.yaml | 59 +++++----- 11 files changed, 115 insertions(+), 240 deletions(-) diff --git a/deployment/ceph-ansible/ceph-base.yaml b/deployment/ceph-ansible/ceph-base.yaml index be797d6b64..46f8d60ea2 100644 --- a/deployment/ceph-ansible/ceph-base.yaml +++ b/deployment/ceph-ansible/ceph-base.yaml @@ -357,8 +357,6 @@ parameter_groups: - CephOsdPercentageMin conditions: - dashboard_is_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]} custom_registry_host: yaql: data: {get_param: ContainerCephDaemonImage} @@ -394,8 +392,6 @@ conditions: equals: - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} - 6 - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - ceph_ansible_client_disabled: {equals: [{get_param: CephAnsibleSkipClient}, true]} resources: ContainerImageUrlParts: @@ -424,17 +420,6 @@ resources: expression: $.data.rightSplit(':', 1)[1] data: {get_param: ContainerCephDaemonImage} - MsgrSecureModeOverrides: - type: OS::Heat::Value - properties: - type: json - value: - vars: - global: - ms_cluster_mode: secure - ms_service_mode: secure - ms_client_mode: secure - DefaultCephConfigOverrides: type: OS::Heat::Value properties: @@ -489,34 +474,6 @@ resources: extra_pools: {get_param: CephPools} pg_num: {get_param: CephPoolDefaultPgNum} - CephManilaPoolVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - data: {get_param: ManilaCephFSDataPoolName} - metadata: {get_param: ManilaCephFSMetadataPoolName} - data_pg_num: {get_param: CephPoolDefaultPgNum} - metadata_pg_num: {get_param: CephPoolDefaultPgNum} - - CephKeyVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - openstack_client: - name: {get_param: CephClientUserName} - key: {get_param: CephClientKey} - manila: - name: {get_param: ManilaCephFSCephFSAuthId} - key: {get_param: CephManilaClientKey} - radosgw: - name: {get_param: CephRgwClientName} - key: {get_param: CephRgwKey} - extra_keys: {get_param: CephExtraKeys} - CephBaseAnsibleVars: type: OS::Heat::Value properties: @@ -619,16 +576,31 @@ outputs: - name: set tripleo-ceph-prepare facts set_fact: ceph_pools: {get_attr: [CephBasePoolVars, value, vars]} - manila_pools: {get_attr: [CephManilaPoolVars, value, vars]} - ceph_keys: {get_attr: [CephKeyVars, value, vars]} + manila_pools: + data: {get_param: ManilaCephFSDataPoolName} + metadata: {get_param: ManilaCephFSMetadataPoolName} + data_pg_num: {get_param: CephPoolDefaultPgNum} + metadata_pg_num: {get_param: CephPoolDefaultPgNum} + ceph_keys: + openstack_client: + name: {get_param: CephClientUserName} + key: {get_param: CephClientKey} + manila: + name: {get_param: ManilaCephFSCephFSAuthId} + key: {get_param: CephManilaClientKey} + radosgw: + name: {get_param: CephRgwClientName} + key: {get_param: CephRgwKey} + extra_keys: {get_param: CephExtraKeys} ceph_default_overrides: if: - - msgr_secure_mode - - yaql: - expression: ($.data.default).mergeWith($.data.secure) - data: - default: {get_attr: [DefaultCephConfigOverrides, value, vars]} - secure: {get_attr: [MsgrSecureModeOverrides, value, vars]} + - {get_param: CephMsgrSecureMode} + - map_merge: + - {get_attr: [DefaultCephConfigOverrides, value, vars]} + - global: + ms_cluster_mode: secure + ms_service_mode: secure + ms_client_mode: secure - {get_attr: [DefaultCephConfigOverrides, value, vars]} ceph_config_overrides: {get_param: CephConfigOverrides} - name: set ceph-ansible facts @@ -636,17 +608,15 @@ outputs: blacklisted_hostnames: {get_param: DeploymentServerBlacklist} ceph_ansible_group_vars_all: if: - - dashboard_is_enabled + - {get_param: CephEnableDashboard} - map_merge: - if: - - internal_tls_enabled - - - dashboard_tls_external: true + - {get_param: EnableInternalTLS} + - dashboard_tls_external: true dashboard_grafana_api_no_ssl_verify: true - - {} - {get_attr: [CephBaseAnsibleVars, value, vars]} - dashboard_admin_password: {get_param: CephDashboardAdminPassword} - - grafana_admin_password: {get_param: CephGrafanaAdminPassword} + grafana_admin_password: {get_param: CephGrafanaAdminPassword} - {get_attr: [CephBaseAnsibleVars, value, vars]} ceph_ansible_extra_vars: map_merge: @@ -679,22 +649,20 @@ outputs: block: - name: set ceph-ansible facts set_fact: - map_merge: - - if: - - ceph_ansible_client_disabled - - - ceph_ansible_skip_tags: - list_join: - - ',' - - - get_param: CephAnsibleSkipTags - - - 'ceph_client' - - ceph_ansible_skip_tags: {get_param: CephAnsibleSkipTags} - - ceph_ansible_playbook_verbosity: {get_param: CephAnsiblePlaybookVerbosity} - - ceph_ansible_playbooks_param: {get_param: CephAnsiblePlaybook} - - ceph_ansible_environment_variables: - yaql: - data: {get_param: CephAnsibleEnvironmentVariables} - expression: $.data.items().select($.join('=')) + ceph_ansible_skip_tags: + if: + - {get_param: CephAnsibleSkipClient} + - list_join: + - ',' + - - get_param: CephAnsibleSkipTags + - 'ceph_client' + - {get_param: CephAnsibleSkipTags} + ceph_ansible_playbook_verbosity: {get_param: CephAnsiblePlaybookVerbosity} + ceph_ansible_playbooks_param: {get_param: CephAnsiblePlaybook} + ceph_ansible_environment_variables: + yaql: + data: {get_param: CephAnsibleEnvironmentVariables} + expression: $.data.items().select($.join('=')) - name: Refresh ceph-ansible group_vars variables include_role: name: tripleo_ceph_work_dir diff --git a/deployment/ceph-ansible/ceph-client.yaml b/deployment/ceph-ansible/ceph-client.yaml index 0fcbf73d90..b0247230fc 100644 --- a/deployment/ceph-ansible/ceph-client.yaml +++ b/deployment/ceph-ansible/ceph-client.yaml @@ -38,22 +38,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephClientAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {} - - CephClientConfigOverrides: - type: OS::Heat::Value - properties: - type: json - value: - vars: - client: - rbd_concurrent_management_ops: 20 - outputs: role_data: description: Role data for the Ceph Client service. @@ -77,8 +61,10 @@ outputs: block: - name: set ceph-ansible group vars clients set_fact: - ceph_ansible_group_vars_clients: {get_attr: [CephClientAnsibleVars, value, vars]} - ceph_client_config_overrides: {get_attr: [CephClientConfigOverrides, value, vars]} + ceph_ansible_group_vars_clients: {} + ceph_client_config_overrides: + client: + rbd_concurrent_management_ops: 20 - name: generate ceph-ansible group vars clients copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/clients.yml" diff --git a/deployment/ceph-ansible/ceph-external.yaml b/deployment/ceph-ansible/ceph-external.yaml index 7ad3cb77a1..48284ec1a7 100644 --- a/deployment/ceph-ansible/ceph-external.yaml +++ b/deployment/ceph-ansible/ceph-external.yaml @@ -42,14 +42,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephExternalAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - external_cluster_mon_ips: {get_param: CephExternalMonHost} - outputs: role_data: description: Role data for the Ceph External service. @@ -74,7 +66,8 @@ outputs: block: - name: set ceph-ansible group vars clients set_fact: - ceph_ansible_group_vars_clients: {get_attr: [CephExternalAnsibleVars, value, vars]} + ceph_ansible_group_vars_clients: + external_cluster_mon_ips: {get_param: CephExternalMonHost} - name: generate ceph-ansible group vars clients copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/clients.yml" diff --git a/deployment/ceph-ansible/ceph-grafana.yaml b/deployment/ceph-ansible/ceph-grafana.yaml index 1919c09f7f..9be7028306 100644 --- a/deployment/ceph-ansible/ceph-grafana.yaml +++ b/deployment/ceph-ansible/ceph-grafana.yaml @@ -72,8 +72,8 @@ parameters: certificate for this service conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: GrafanaCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: GrafanaCertificateKeySize}, '']} resources: CephBase: @@ -135,16 +135,11 @@ outputs: set_fact: ceph_ansible_group_vars_grafana: if: - - internal_tls_enabled - - yaql: - data: - default: - map_merge: - - {get_attr: [CephGrafanaAnsibleVars, value, vars]} - certmap: - grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt' - grafana_key: '/etc/pki/tls/private/ceph_grafana.key' - expression: $.data.default.mergeWith($.data.certmap) + - {get_param: EnableInternalTLS} + - map_merge: + - {get_attr: [CephGrafanaAnsibleVars, value, vars]} + - grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt' + grafana_key: '/etc/pki/tls/private/ceph_grafana.key' - {get_attr: [CephGrafanaAnsibleVars, value, vars]} - name: generate ceph-ansible grafana-server group vars copy: @@ -154,12 +149,10 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} metadata_settings: if: - - internal_tls_enabled - - - - service: ceph_grafana + - {get_param: EnableInternalTLS} + - - service: ceph_grafana network: {get_param: [ServiceNetMap, CephGrafanaNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -190,7 +183,7 @@ outputs: fi key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: GrafanaCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa diff --git a/deployment/ceph-ansible/ceph-mds.yaml b/deployment/ceph-ansible/ceph-mds.yaml index eb04cd3027..2b2d5be987 100644 --- a/deployment/ceph-ansible/ceph-mds.yaml +++ b/deployment/ceph-ansible/ceph-mds.yaml @@ -32,9 +32,6 @@ parameters: default: false description: Parameter used to trigger the dashboard deployment. -conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - resources: CephBase: type: ./ceph-base.yaml @@ -45,13 +42,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephMdsAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {} - outputs: role_data: description: Role data for the Ceph Metadata service. @@ -63,7 +53,7 @@ outputs: list_concat: - - '6800-7300' - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - [] upgrade_tasks: {get_attr: [CephBase, role_data, upgrade_tasks]} @@ -85,7 +75,7 @@ outputs: block: - name: set ceph-ansible group vars mdss set_fact: - ceph_ansible_group_vars_mdss: {get_attr: [CephMdsAnsibleVars, value, vars]} + ceph_ansible_group_vars_mdss: {} - name: generate ceph-ansible group vars mdss copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/mdss.yml" diff --git a/deployment/ceph-ansible/ceph-mgr.yaml b/deployment/ceph-ansible/ceph-mgr.yaml index 48558f19d8..39e9acfd37 100644 --- a/deployment/ceph-ansible/ceph-mgr.yaml +++ b/deployment/ceph-ansible/ceph-mgr.yaml @@ -58,14 +58,12 @@ parameters: certificate for this service conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} internal_tls_enabled: and: - - dashboard_enabled - - equals: - - get_param: EnableInternalTLS - - true - key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']} + - {get_param: CephEnableDashboard} + - {get_param: EnableInternalTLS} + key_size_override_set: + not: {equals: [{get_param: CephCertificateKeySize}, '']} resources: CephBase: @@ -108,9 +106,8 @@ outputs: list_concat: - - '6800-7300' - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - {get_param: CephDashboardPort} - - [] upgrade_tasks: [] puppet_config: config_image: '' @@ -132,11 +129,10 @@ outputs: ceph_ansible_group_vars_mgrs: if: - internal_tls_enabled - - - map_merge: + - map_merge: - {get_attr: [CephMgrAnsibleVars, value, vars]} - dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt - - dashboard_key: /etc/pki/tls/private/ceph_dashboard.key + dashboard_key: /etc/pki/tls/private/ceph_dashboard.key - {get_attr: [CephMgrAnsibleVars, value, vars]} - name: generate ceph-ansible group vars mgrs copy: @@ -147,16 +143,13 @@ outputs: metadata_settings: if: - internal_tls_enabled - - - - service: ceph_dashboard + - - service: ceph_dashboard network: {get_param: [ServiceNetMap, CephDashboardNetwork]} type: node - - null deploy_steps_tasks: if: - internal_tls_enabled - - - - name: Certificate generation + - - name: Certificate generation when: step|int == 1 block: - include_role: @@ -183,8 +176,7 @@ outputs: fi key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: CephCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa - - null diff --git a/deployment/ceph-ansible/ceph-mon.yaml b/deployment/ceph-ansible/ceph-mon.yaml index 1fd7088de1..37723802ba 100644 --- a/deployment/ceph-ansible/ceph-mon.yaml +++ b/deployment/ceph-ansible/ceph-mon.yaml @@ -49,9 +49,6 @@ parameters: The Ceph cluster name must be at least 1 character and contain only letters and numbers. -conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - resources: CephBase: type: ./ceph-base.yaml @@ -62,13 +59,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephMonAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {} - outputs: role_data: description: Role data for the Ceph Monitor service. @@ -81,9 +71,8 @@ outputs: - - 6789 - - 3300 - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - - [] service_config_settings: collectd: tripleo.collectd.plugins.ceph_osd: @@ -108,7 +97,7 @@ outputs: block: - name: set ceph-ansible group vars mons set_fact: - ceph_ansible_group_vars_mons: {get_attr: [CephMonAnsibleVars, value, vars]} + ceph_ansible_group_vars_mons: {} - name: generate ceph-ansible group vars mons copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/mons.yml" diff --git a/deployment/ceph-ansible/ceph-nfs.yaml b/deployment/ceph-ansible/ceph-nfs.yaml index 5c484273d4..b7488189b4 100644 --- a/deployment/ceph-ansible/ceph-nfs.yaml +++ b/deployment/ceph-ansible/ceph-nfs.yaml @@ -41,22 +41,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephNfsAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]} - ceph_nfs_enable_service: false - ceph_nfs_use_pacemaker: true - ceph_nfs_dynamic_exports: true - ceph_nfs_service_suffix: pacemaker - nfs_obj_gw: false - ceph_nfs_rados_backend: true - ceph_nfs_disable_caching: true - ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId} - outputs: role_data: description: Role data for the Ceph NFS Ganesha service. @@ -129,7 +113,16 @@ outputs: block: - name: set ceph-ansible group vars nfss set_fact: - ceph_ansible_group_vars_nfss: {get_attr: [CephNfsAnsibleVars, value, vars]} + ceph_ansible_group_vars_nfss: + ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]} + ceph_nfs_enable_service: false + ceph_nfs_use_pacemaker: true + ceph_nfs_dynamic_exports: true + ceph_nfs_service_suffix: pacemaker + nfs_obj_gw: false + ceph_nfs_rados_backend: true + ceph_nfs_disable_caching: true + ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId} - name: generate ceph-ansible group vars nfss copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml" diff --git a/deployment/ceph-ansible/ceph-osd.yaml b/deployment/ceph-ansible/ceph-osd.yaml index 4569f02df2..38cf03788f 100644 --- a/deployment/ceph-ansible/ceph-osd.yaml +++ b/deployment/ceph-ansible/ceph-osd.yaml @@ -39,9 +39,6 @@ parameters: default: false description: Parameter used to trigger the dashboard deployment. -conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - resources: CephBase: type: ./ceph-base.yaml @@ -52,13 +49,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephOsdAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {get_param: CephAnsibleDisksConfig} - outputs: role_data: description: Role data for the Ceph OSD service. @@ -70,9 +60,8 @@ outputs: list_concat: - - '6800-7300' - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - - [] service_config_settings: collectd: tripleo.collectd.plugins.ceph_osd: @@ -142,7 +131,7 @@ outputs: block: - name: set ceph-ansible group vars osds set_fact: - ceph_ansible_group_vars_osds: {get_attr: [CephOsdAnsibleVars, value, vars]} + ceph_ansible_group_vars_osds: {get_param: CephAnsibleDisksConfig} - name: generate ceph-ansible group vars osds copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/osds.yml" diff --git a/deployment/ceph-ansible/ceph-rbdmirror.yaml b/deployment/ceph-ansible/ceph-rbdmirror.yaml index d485484a3e..e4dfb09983 100644 --- a/deployment/ceph-ansible/ceph-rbdmirror.yaml +++ b/deployment/ceph-ansible/ceph-rbdmirror.yaml @@ -61,18 +61,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephRbdMirrorAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - copy_admin_key: {get_param: CephRbdMirrorCopyAdminKey} - ceph_rbd_mirror_configure: {get_param: CephRbdMirrorConfigure} - ceph_rbd_mirror_pool: {get_param: CephRbdMirrorPool} - ceph_rbd_mirror_remote_cluster: {get_param: CephRbdMirrorRemoteCluster} - ceph_rbd_mirror_remote_user: {get_param: CephRbdMirrorRemoteUser} - outputs: role_data: description: Role data for the Ceph RBD Mirror service. @@ -100,7 +88,12 @@ outputs: block: - name: set ceph-ansible group vars rbdmirrors set_fact: - ceph_ansible_group_vars_rbdmirrors: {get_attr: [CephRbdMirrorAnsibleVars, value, vars]} + ceph_ansible_group_vars_rbdmirrors: + copy_admin_key: {get_param: CephRbdMirrorCopyAdminKey} + ceph_rbd_mirror_configure: {get_param: CephRbdMirrorConfigure} + ceph_rbd_mirror_pool: {get_param: CephRbdMirrorPool} + ceph_rbd_mirror_remote_cluster: {get_param: CephRbdMirrorRemoteCluster} + ceph_rbd_mirror_remote_user: {get_param: CephRbdMirrorRemoteUser} - name: generate ceph-ansible group vars rbdmirrors copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/rbdmirrors.yml" diff --git a/deployment/ceph-ansible/ceph-rgw.yaml b/deployment/ceph-ansible/ceph-rgw.yaml index 311fa2eb7c..64523ce284 100644 --- a/deployment/ceph-ansible/ceph-rgw.yaml +++ b/deployment/ceph-ansible/ceph-rgw.yaml @@ -54,9 +54,8 @@ parameters: certificate for this service conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: CephRgwCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: CephRgwCertificateKeySize}, '']} resources: CephBase: @@ -82,28 +81,6 @@ resources: - get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}] radosgw_frontend_port: {get_param: [EndpointMap, CephRgwInternal, port]} - CephRgwConfigOverrides: - type: OS::Heat::Value - properties: - type: json - value: - vars: - global: - rgw_keystone_api_version: 3 - rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - rgw_keystone_accepted_roles: 'member, Member, admin' - rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator - rgw_keystone_admin_domain: default - rgw_keystone_admin_project: service - rgw_keystone_admin_user: swift - rgw_keystone_admin_password: {get_param: SwiftPassword} - rgw_keystone_implicit_tenants: 'true' - rgw_keystone_revocation_interval: '0' - rgw_s3_auth_use_keystone: 'true' - rgw_swift_versioning_enabled: 'true' - rgw_swift_account_in_url: 'true' - rgw_trust_forwarded_https: 'true' - outputs: role_data: description: Role data for the Ceph RadosGW service. @@ -115,9 +92,8 @@ outputs: list_concat: - - {get_param: [EndpointMap, CephRgwInternal, port]} - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - - [] keystone_resources: swift: endpoints: @@ -153,12 +129,27 @@ outputs: set_fact: ceph_ansible_group_vars_rgws: if: - - internal_tls_enabled + - {get_param: EnableInternalTLS} - map_merge: - {get_attr: [CephRgwAnsibleVars, value, vars]} - radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem' - {get_attr: [CephRgwAnsibleVars, value, vars]} - ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]} + ceph_rgw_config_overrides: + global: + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'member, Member, admin' + rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_keystone_implicit_tenants: 'true' + rgw_keystone_revocation_interval: '0' + rgw_s3_auth_use_keystone: 'true' + rgw_swift_versioning_enabled: 'true' + rgw_swift_account_in_url: 'true' + rgw_trust_forwarded_https: 'true' - name: generate ceph-ansible group vars rgws copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/rgws.yml" @@ -167,12 +158,10 @@ outputs: external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]} metadata_settings: if: - - internal_tls_enabled - - - - service: ceph_rgw + - {get_param: EnableInternalTLS} + - - service: ceph_rgw network: {get_param: [ServiceNetMap, CephRgwNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -208,7 +197,7 @@ outputs: fi key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: CephRgwCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa