Simplify cephadm service templates

Removes a number of unnecessary resources and conditions.

Change-Id: I38e27b9479f709f78f4a9a20d16ad3bb702cf64f
This commit is contained in:
ramishra 2021-04-26 08:51:06 +05:30
parent a28c3e4c5e
commit 03213d643e
11 changed files with 131 additions and 280 deletions

@ -383,18 +383,10 @@ parameter_groups:
- CephOsdPercentageMin
conditions:
msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]}
custom_registry_host:
yaql:
data: {get_param: ContainerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
perform_upgrade:
equals: [{get_param: StackUpdateType}, 'UPGRADE']
ceph_ansible_skip_tags_set:
not:
equals:
- {get_param: CephAnsibleSkipTags}
- ''
ceph_authenticated_registry:
and:
- not:
@ -415,11 +407,6 @@ conditions:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainerImageUrlParts:
@ -448,98 +435,15 @@ resources:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
MsgrSecureModeOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
DefaultCephConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
CephBasePoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
if:
- equals:
- {get_param: GlanceBackend}
- 'rbd'
- true
- false
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
CephManilaPoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
CephKeyVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
CephAdmVars:
type: OS::Heat::Value
@ -606,26 +510,75 @@ outputs:
name: tripleo_run_cephadm
tasks_from: prepare.yml
vars:
ceph_pools: {get_attr: [CephBasePoolVars, value, vars]}
manila_pools: {get_attr: [CephManilaPoolVars, value, vars]}
ceph_keys: {get_attr: [CephKeyVars, value, vars]}
ceph_pools:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
if:
- equals:
- {get_param: GlanceBackend}
- 'rbd'
- true
- false
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
manila_pools:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
ceph_keys:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
ceph_config_overrides: {get_param: CephConfigOverrides}
tripleo_run_cephadm_spec_path: {get_param: CephSpecPath}
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
ceph_spec_fqdn: {get_param: CephSpecFqdn}
ceph_osd_spec: {get_param: CephOsdSpec}
ceph_default_overrides:
if:
- msgr_secure_mode
- yaql:
expression: ($.data.default).mergeWith($.data.secure)
data:
default: {get_attr: [DefaultCephConfigOverrides, value, vars]}
secure: {get_attr: [MsgrSecureModeOverrides, value, vars]}
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
cephadm_extra_vars: # cephadm execution
map_merge:
- {get_attr: [CephAdmVars, value, vars]}
global:
if:
- {get_param: CephMsgrSecureMode}
- map_merge:
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
- ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]}
ceph_admin_extra_vars: # user creation
tripleo_admin_generate_key: false
distribute_private_key: true

@ -79,22 +79,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephClientAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
CephClientConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
client:
rbd_concurrent_management_ops: 20
outputs:
role_data:
description: Role data for the Ceph Client service.

@ -46,14 +46,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephExternalAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
outputs:
role_data:
description: Role data for the Ceph External service.
@ -76,6 +68,7 @@ outputs:
block:
- name: set ceph-ansible group vars clients
set_fact:
ceph_ansible_group_vars_clients: {get_attr: [CephExternalAnsibleVars, value, vars]}
ceph_ansible_group_vars_clients:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
external_update_tasks: []
external_upgrade_tasks: []

@ -83,8 +83,8 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: GrafanaCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: GrafanaCertificateKeySize}, '']}
resources:
CephBase:
@ -148,25 +148,18 @@ outputs:
set_fact:
ceph_monitoring_stack:
if:
- internal_tls_enabled
- yaql:
data:
default:
map_merge:
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
certmap:
tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
expression: $.data.default.mergeWith($.data.certmap)
- {get_param: EnableInternalTLS}
- map_merge:
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
- tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_grafana
- {get_param: EnableInternalTLS}
- - service: ceph_grafana
network: {get_param: [ServiceNetMap, CephGrafanaNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -197,7 +190,7 @@ outputs:
fi
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: GrafanaCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa

@ -35,27 +35,6 @@ parameters:
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephMdsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
outputs:
role_data:
description: Role data for the Ceph Metadata service.
@ -67,9 +46,8 @@ outputs:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
puppet_config:
config_image: ''
config_volume: ''

@ -65,14 +65,12 @@ parameters:
certificate for this service
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled:
and:
- dashboard_enabled
- equals:
- get_param: EnableInternalTLS
- true
key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']}
- {get_param: CephEnableDashboard}
- {get_param: EnableInternalTLS}
key_size_override_set:
not: {equals: [{get_param: CephCertificateKeySize}, '']}
resources:
CephBase:
@ -112,9 +110,8 @@ outputs:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - {get_param: CephDashboardPort}
- []
upgrade_tasks: []
puppet_config:
config_image: ''
@ -133,26 +130,21 @@ outputs:
set_fact:
ceph_dashboard_vars:
if:
- dashboard_enabled
- map_merge:
- {get_param: CephEnableDashboard}
- if:
- internal_tls_enabled
-
map_merge:
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
- tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
- tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true
- map_merge:
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
- tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
- tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- {}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_dashboard
- - service: ceph_dashboard
network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -183,7 +175,7 @@ outputs:
fi
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: CephCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa

@ -71,7 +71,6 @@ outputs:
- if:
- dashboard_enabled
- - '9100'
- []
service_config_settings:
collectd:
tripleo.collectd.plugins.ceph_osd:

@ -45,22 +45,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephNfsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
tripleo_cephadm_ceph_nfs_enable_service: false
tripleo_cephadm_ceph_nfs_use_pacemaker: true
tripleo_cephadm_ceph_nfs_dynamic_exports: true
tripleo_cephadm_ceph_nfs_service_suffix: pacemaker
tripleo_cephadm_nfs_obj_gw: false
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_ceph_nfs_disable_caching: true
tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
outputs:
role_data:
description: Role data for the Ceph NFS Ganesha service.
@ -131,6 +115,15 @@ outputs:
block:
- name: set tripleo-ansible group vars
set_fact:
ceph_nfs_vars: {get_attr: [CephNfsAnsibleVars, value, vars]}
ceph_nfs_vars:
tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
tripleo_cephadm_ceph_nfs_enable_service: false
tripleo_cephadm_ceph_nfs_use_pacemaker: true
tripleo_cephadm_ceph_nfs_dynamic_exports: true
tripleo_cephadm_ceph_nfs_service_suffix: pacemaker
tripleo_cephadm_nfs_obj_gw: false
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_ceph_nfs_disable_caching: true
tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
external_update_tasks: []
external_upgrade_tasks: []

@ -42,9 +42,6 @@ parameters:
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
@ -56,13 +53,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephOsdAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {get_param: CephAnsibleDisksConfig}
outputs:
role_data:
description: Role data for the Ceph OSD service.
@ -74,9 +64,8 @@ outputs:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
service_config_settings:
collectd:
tripleo.collectd.plugins.ceph_osd:
@ -97,4 +86,4 @@ outputs:
block:
- name: Build disk list for cephadm
set_fact:
cephadm_disk_list: {get_attr: [CephOsdAnsibleVars, value, vars]}
cephadm_disk_list: {get_param: CephAnsibleDisksConfig}

@ -54,18 +54,6 @@ parameters:
/etc/ceph/<remote_cluster>.client.<remote_user>.keyring
type: string
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph RBD Mirror service.

@ -57,9 +57,8 @@ parameters:
certificate for this service
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
resources:
CephBase:
@ -89,29 +88,6 @@ resources:
data: {get_param: [EndpointMap, CephRgwInternal]}
expression: int($.data.port)
CephRgwConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
outputs:
role_data:
description: Role data for the Ceph RadosGW service.
@ -123,9 +99,8 @@ outputs:
list_concat:
- - {get_param: [EndpointMap, CephRgwInternal, port]}
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
keystone_resources:
swift:
endpoints:
@ -163,20 +138,34 @@ outputs:
set_fact:
cephadm_rgw_vars:
if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- map_merge:
- {get_attr: [CephRgwAnsibleVars, value, vars]}
- radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem'
- {get_attr: [CephRgwAnsibleVars, value, vars]}
ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]}
ceph_rgw_config_overrides:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_rgw
- {get_param: EnableInternalTLS}
- - service: ceph_rgw
network: {get_param: [ServiceNetMap, CephRgwNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -212,7 +201,7 @@ outputs:
fi
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: CephRgwCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa