Add cephadm deployment and environments branch

During the overcloud deployment phase, some operations should still be
performed on the provisioned Ceph cluster.
When Ceph is TripleO deployed, cephadm doesn't provide any firewall
configuration (–-skip-firewalld is provided), as well as any HA
configuration for the Ceph Dashboard.
This change introduces a new cephadm/ branch containing all the services
that should be configured in the TripleO context.

Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Co-Authored-By: John Fulton <fulton@redhat.com>

Depends-On: I35e57abddc64310a6422174fe191bd328588d7cd
Change-Id: Ie9537471924d1d60f7642699e58e734511b91a2b
This commit is contained in:
Francesco Pantano 2020-12-16 11:18:05 +01:00
parent 4ededdab3f
commit 4b01172be2
22 changed files with 2027 additions and 14 deletions

View File

@ -6,10 +6,10 @@ resource_registry:
OS::TripleO::Services::CeilometerAgentCentral: ../../deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml
OS::TripleO::Services::CeilometerAgentNotification: ../../deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml
OS::TripleO::Services::ComputeCeilometerAgent: ../../deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml
OS::TripleO::Services::CephMgr: ../../deployment/ceph-ansible/ceph-mgr.yaml
OS::TripleO::Services::CephMon: ../../deployment/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../deployment/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../deployment/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::CephMgr: ../../deployment/cephadm/ceph-mgr.yaml
OS::TripleO::Services::CephMon: ../../deployment/cephadm/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../deployment/cephadm/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../deployment/cephadm/ceph-client.yaml
OS::TripleO::Services::Collectd: ../../deployment/metrics/collectd-container-puppet.yaml
OS::TripleO::Services::GnocchiApi: ../../deployment/gnocchi/gnocchi-api-container-puppet.yaml
OS::TripleO::Services::GnocchiMetricd: ../../deployment/gnocchi/gnocchi-metricd-container-puppet.yaml
@ -67,9 +67,8 @@ parameter_defaults:
db_vg: ceph_vg
wal: ceph_lv_wal
wal_vg: ceph_vg
CephPoolDefaultPgNum: 32
CephPoolDefaultPgNum: 8
CephPoolDefaultSize: 1
CephAnsibleRepo: "tripleo-centos-ceph-nautilus"
CinderRbdExtraPools: altrbd,pool2,pool3
CephPools:
- name: altrbd
@ -187,10 +186,14 @@ parameter_defaults:
osd:
osdkey: osdvalue
foo: bar
mon:
mon_warn_on_pool_no_redundancy: false
NfsUrl: 127.0.0.1
CephMsgrSecureMode: true
CephAnsibleSkipClient: false
CephConfigPath: "/etc/ceph"
CephClientConfigVars: "{{ playbook_dir }}/cephadm/ceph_client.yml"
CephSpecPath: "/usr/share/ansible/roles/tripleo_cephadm/files/ceph_spec.yaml"
LVMFilterEnabled: true
LVMFilterAllowlist:
- /dev/loop2

View File

@ -107,12 +107,13 @@ parameters:
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
default: 128
default: 16
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
[{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"}]
[{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"},
{"name": "vms", "target_size_ratio": "0.4", "rule_name": "replicated_rule"}]
default: []
type: json
CinderRbdPoolName:
@ -228,14 +229,17 @@ parameters:
config-download, e.g. the mistral user in the mistral-executor
container is able to read/write to /var/lib/mistral/ceph_fetch
type: string
# end DEPRECATED options for compatibility with older versions
CephOsdPercentageMin:
default: 66
default: 0
description: The minimum percentage of Ceph OSDs which must be running and
in the Ceph cluster, according to ceph osd stat, for the
deployment not to fail. Used to catch deployment errors early.
Set this value to 0 to disable this check.
Set this value to 0 to disable this check. Deprecated in Wallaby
because of the move from ceph-ansible to cephadm; the later only
brings up OSDs out of band and deployment does not block while
waiting for them to come up, thus we cannot do this anymore.
type: number
# end DEPRECATED options for compatibility with older versions
ContainerImageRegistryCredentials:
type: json
hidden: true
@ -350,6 +354,7 @@ parameter_groups:
- SwiftFetchDirGetTempurl
- SwiftFetchDirPutTempurl
- CephIPv6
- CephOsdPercentageMin
conditions:
dashboard_is_enabled: {equals: [{get_param: CephEnableDashboard}, true]}

View File

@ -29,10 +29,9 @@ parameters:
type: json
CephAnsibleDisksConfig:
type: json
description: Disks config settings for ceph-ansible
description: Disks config settings.
default:
devices:
- /dev/vdb
devices: []
osd_scenario: lvm
osd_objectstore: bluestore
CephEnableDashboard:

View File

@ -0,0 +1,610 @@
heat_template_version: rocky
description: >
Ceph base service. Shared by all Ceph services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackUpdateType:
type: string
description: >
Type of update, to differentiate between UPGRADE and UPDATE cases
when StackAction is UPDATE (both are the same stack action).
constraints:
- allowed_values: ['', 'UPGRADE']
default: ''
NodeDataLookup:
type: json
default: {}
description: json containing per-node configuration map
DeploymentServerBlacklist:
default: []
type: comma_delimited_list
description: >
List of server hostnames to blacklist from any triggered deployments.
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
CephConfigOverrides:
type: json
description: Extra config settings to dump into ceph.conf
default: {}
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CephMsgrSecureMode:
type: boolean
default: false
description: >
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph
daemons and also between Ceph clients and daemons.
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
default: 16
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
[{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"},
{"name": "vms", "target_size_ratio": "0.4", "rule_name": "replicated_rule"}]
default: []
type: json
CinderRbdPoolName:
default: volumes
type: string
CinderRbdExtraPools:
default: []
description: >
List of extra Ceph pools for use with RBD backends for Cinder. An
extra Cinder RBD backend driver is created for each pool in the
list. This is in addition to the standard RBD backend driver
associated with the CinderRbdPoolName.
type: comma_delimited_list
CinderBackupRbdPoolName:
default: backups
type: string
GlanceRbdPoolName:
default: images
type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, cinder, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
GnocchiRbdPoolName:
default: metrics
type: string
NovaRbdPoolName:
default: vms
type: string
description: The pool name for RBD backend ephemeral storage.
tags:
- role_specific
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClientUserName:
default: openstack
type: string
CephRgwClientName:
default: radosgw
type: string
CephRgwKey:
description: The cephx key for the radosgw client. Can be created
with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
default: 3
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
ManilaCephFSShareBackendName:
default: cephfs
type: string
ManilaCephFSCephFSAuthId:
default: manila
type: string
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephIPv6:
default: False
type: boolean
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
ContainerCephDaemonImage:
description: image
type: string
# start DEPRECATED options for compatibility with older versions
CephAnsiblePlaybookVerbosity:
default: 1
description: The number of '-v', '-vv', etc. passed to ansible-playbook command
type: number
constraints:
- range: { min: 1, max: 5 }
CephAnsibleEnvironmentVariables:
default: {}
description: Mapping of Ansible environment variables to override defaults.
type: json
SwiftFetchDirGetTempurl:
default: ''
description: A temporary Swift URL to download the fetch_directory from.
type: string
SwiftFetchDirPutTempurl:
default: ''
description: A temporary Swift URL to upload the fetch_directory to.
type: string
LocalCephAnsibleFetchDirectoryBackup:
default: ''
description: Filesystem path on undercloud to persist a copy of the data
from the ceph-ansible fetch directory. Used as an alternative
to backing up the fetch_directory in Swift. Path must be
writable and readable by the user running ansible from
config-download, e.g. the mistral user in the mistral-executor
container is able to read/write to /var/lib/mistral/ceph_fetch
type: string
CephOsdPercentageMin:
default: 0
description: The minimum percentage of Ceph OSDs which must be running and
in the Ceph cluster, according to ceph osd stat, for the
deployment not to fail. Used to catch deployment errors early.
Set this value to 0 to disable this check. Deprecated in Wallaby
because of the move from ceph-ansible to cephadm; the later only
brings up OSDs out of band and deployment does not block while
waiting for them to come up, thus we cannot do this anymore.
type: number
CephAnsiblePlaybook:
type: comma_delimited_list
description: >
List of paths to the ceph-ansible playbooks to execute. If not
specified, the playbook will be determined automatically
depending on type of operation being performed
(deploy/update/upgrade).
default: ['default']
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: {}
CephAnsibleSkipTags:
type: string
description: List of ceph-ansible tags to skip
default: 'package-install,with_pkg'
CephAnsibleRepo:
type: string
description: |
The repository that should be used to install the right ceph-ansible
package. This value can be used by tripleo-validations to double check
the right ceph-ansible version is installed.
default: 'centos-ceph-nautilus'
CephAnsibleWarning:
type: boolean
description: |
In particular scenarios we want this validation to show the warning but
don't fail because the package is installed on the system but repos are
disabled.
default: true
# end DEPRECATED options for compatibility with older versions
ContainerImageRegistryCredentials:
type: json
hidden: true
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
default: {}
CephExtraKeys:
type: json
hidden: true
description: |
List of maps describing extra keys which will be created on the deployed
Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each
item in the list must be in the following example format
- name: "client.glance"
caps:
mgr: "allow *"
mon: "profile rbd"
osd: "profile rbd pool=images"
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
mode: "0600"
default: []
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
NovaEnableRbdBackend:
default: false
description: Whether to enable the Rbd backend for Nova ephemeral storage.
type: boolean
tags:
- role_specific
CinderBackupBackend:
default: swift
description: The short name of the Cinder Backup backend to use.
type: string
constraints:
- allowed_values: ['swift', 'ceph', 'nfs']
GnocchiBackend:
default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, file or s3.
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 's3']
EnableInternalTLS:
type: boolean
default: false
CephClientConfigVars:
default: "/home/stack/ceph_client.yml"
type: string
description: The undercloud path where cephadm exports the Ceph Client configuration.
CephSpecPath:
default: "/home/stack/ceph_spec.yml"
type: string
description: |
The undercloud path of a valid Ceph orchestrator-cli-service-spec file. If this
file does not exist, then no ceph service spec is not applied by tripleo_cephadm
role.
CephDynamicSpec:
type: boolean
default: false
description: |
If true tripleo_cephadm role will build a orchestrator-cli-service-spec file
based on the data found in the inventory (which is based on composable roles).
If a valid CephSpecPath exists then the dynamic spec is created and applied
first and then the CephSpecPath is applied.
CephAnsibleSkipClient:
description: |
This boolean (when true) prevents the ceph-ansible client role execution
by adding the ceph-ansible tag 'ceph_client' to the --skip-tags list.
type: boolean
default: true
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- LocalCephAnsibleFetchDirectoryBackup
- SwiftFetchDirGetTempurl
- SwiftFetchDirPutTempurl
- CephIPv6
- CephAnsibleEnvironmentVariables
- CephAnsibleExtraConfig
- CephAnsiblePlaybook
- CephAnsiblePlaybookVerbosity
- CephAnsibleRepo
- CephAnsibleSkipTags
- CephAnsibleSkipClient
- CephAnsibleWarning
- CephOsdPercentageMin
conditions:
msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]}
custom_registry_host:
yaql:
data: {get_param: ContainerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
perform_upgrade:
equals: [{get_param: StackUpdateType}, 'UPGRADE']
ceph_ansible_skip_tags_set:
not:
equals:
- {get_param: CephAnsibleSkipTags}
- ''
ceph_authenticated_registry:
and:
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty()
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainerImageUrlParts:
type: OS::Heat::Value
properties:
type: json
value:
host:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCephDaemonImage}
image_tag:
yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
MsgrSecureModeOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
DefaultCephConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
CephBasePoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
if:
- equals:
- {get_param: GlanceBackend}
- 'rbd'
- true
- false
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
CephManilaPoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
CephKeyVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
CephAdmVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_fsid: {get_param: CephClusterFSID}
tripleo_cephadm_cluster: {get_param: CephClusterName}
tripleo_cephadm_container_cli: {get_param: ContainerCli}
tripleo_ceph_client_vars: {get_param: CephClientConfigVars}
tripleo_cephadm_dashboard_enabled: {get_param: CephEnableDashboard}
cephfs: {get_param: ManilaCephFSShareBackendName}
tripleo_cephadm_spec_ansible_host: {get_param: CephSpecPath}
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
tripleo_cephadm_container_ns: {get_attr: [ContainerImageUrlParts, value, host]}
tripleo_cephadm_container_image: {get_attr: [ContainerImageUrlParts, value, image]}
tripleo_cephadm_container_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]}
ceph_container_registry_auth:
if:
- ceph_authenticated_registry
- true
- false
ceph_container_registry_username:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "")
ceph_container_registry_password:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "")
public_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]
cluster_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
outputs:
role_data:
description: Role data for the Ceph base service.
value:
service_name: ceph_base
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
config_settings: {}
external_deploy_tasks:
- name: ceph_base_external_deploy_task
when: step|int == 2
tags:
- ceph
block:
- name: create cephadm working directory and related files
include_role:
name: tripleo_run_cephadm
tasks_from: prepare.yml
vars:
ceph_pools: {get_attr: [CephBasePoolVars, value, vars]}
manila_pools: {get_attr: [CephManilaPoolVars, value, vars]}
ceph_keys: {get_attr: [CephKeyVars, value, vars]}
ceph_config_overrides: {get_param: CephConfigOverrides}
ceph_default_overrides:
if:
- msgr_secure_mode
- yaql:
expression: ($.data.default).mergeWith($.data.secure)
data:
default: {get_attr: [DefaultCephConfigOverrides, value, vars]}
secure: {get_attr: [MsgrSecureModeOverrides, value, vars]}
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
cephadm_extra_vars: # cephadm execution
map_merge:
- {get_attr: [CephAdmVars, value, vars]}
ceph_admin_extra_vars: # user creation
tripleo_admin_generate_key: false
distribute_private_key: true
tripleo_admin_user: ceph-admin
ssh_servers: "{{ groups['ceph_mon'] |
union(groups['ceph_osd']|default([])) |
union(groups['ceph_mgr']|default([])) |
union(groups['ceph_rgw']|default([])) |
union(groups['ceph_mds']|default([])) |
union(groups['ceph_nfs']|default([])) |
union(groups['ceph_rbdmirror']|default([])) |
unique }}"
- name: Prepare cephadm user and keys
include_role:
name: tripleo_run_cephadm
tasks_from: enable_ceph_admin_user.yml
# This is supposed to run a playbook which is responsible to
# deploy Ceph using cephadm.
# The storage network is supposed to be available since we are
# at step 2
# TODO: (fpantano) Remove this section when --network-ports is
# available and Ceph deployment can be moved **before**
# the overcloud.
- name: Deploy the ceph cluster using cephadm
include_role:
name: tripleo_run_cephadm

View File

@ -0,0 +1,142 @@
heat_template_version: rocky
description: >
Ceph Client service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephExternalMultiConfig:
type: json
hidden: true
description: |
List of maps describing extra overrides which will be applied when configuring
extra external Ceph clusters. If this list is non-empty, ceph-ansible will run
an extra count(list) times using the same parameters as the first run except
each parameter within each map will override the defaults. If the following
were used, the second run would configure the overcloud to also use the ceph2
cluster with all the previous parameters except /etc/ceph/ceph2.conf would have
a mon_host entry containing the value of external_cluster_mon_ips below, and
not the default CephExternalMonHost. Subsequent ceph-ansible runs are restricted
to just ceph clients. CephExternalMultiConfig may not be used to deploy additional
internal Ceph clusters within one Heat stack. The map for each list should contain
not tripleo-heat-template parameters but ceph-ansible parameters.
- cluster: 'ceph2'
fsid: 'e2cba068-5f14-4b0f-b047-acf375c0004a'
external_cluster_mon_ips: '172.18.0.5,172.18.0.6,172.18.0.7'
keys:
- name: "client.openstack"
caps:
mgr: "allow *"
mon: "profile rbd"
osd: "osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms, profile rbd pool=images"
key: "AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q=="
mode: "0600"
dashboard_enabled: false
default: []
CephConfigPath:
type: string
default: "/var/lib/tripleo-config/ceph"
description: |
The path where the Ceph Cluster config files are stored on the host.
CephClientConfigVars:
default: "/home/stack/ceph_client.yml"
type: string
description: The undercloud path where cephadm exports the Ceph Client configuration.
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephClientAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
CephClientConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
client:
rbd_concurrent_management_ops: 20
outputs:
role_data:
description: Role data for the Ceph Client service.
value:
service_name: ceph_client
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_base_external_deploy_init
when: step|int == 1
tags:
- ceph
block:
- name: Set some tripleo-ansible facts
set_fact:
ceph_external_multi_config: {get_param: CephExternalMultiConfig}
- name: Configure Ceph Clients
when: step|int == 2
tags:
- ceph
block:
- name: configure ceph clients
include_role:
name: tripleo_ceph_client
vars:
tripleo_ceph_client_config_home: {get_param: CephConfigPath}
tripleo_ceph_client_vars: {get_param: CephClientConfigVars}
- include_role:
name: tripleo_ceph_client
name: tripleo client role
vars:
tripleo_ceph_client_config_home: {get_param: CephConfigPath}
dcn: "{{ item }}"
loop: "{{ ceph_external_multi_config }}"
when:
- ceph_external_multi_config is defined
external_update_tasks: []
external_upgrade_tasks: []
config_settings: {}

View File

@ -0,0 +1,82 @@
heat_template_version: rocky
description: >
Ceph External service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephExternalMonHost:
default: ''
type: string
description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephExternalAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
outputs:
role_data:
description: Role data for the Ceph External service.
value:
service_name: ceph_client
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
config_settings: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_external_external_deploy_init
when: step|int == 1
tags:
- ceph
block:
- name: set ceph-ansible group vars clients
set_fact:
ceph_ansible_group_vars_clients: {get_attr: [CephExternalAnsibleVars, value, vars]}
external_update_tasks: []
external_upgrade_tasks: []
config_settings: {}

View File

@ -0,0 +1,195 @@
heat_template_version: rocky
description: >
Ceph Grafana service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephGrafanaAdminUser:
default: 'admin'
description: Admin user for grafana component
type: string
CephGrafanaAdminPassword:
description: Admin password for grafana component
type: string
hidden: true
GrafanaPlugins:
default: ['vonage-status-panel', 'grafana-piechart-panel']
type: comma_delimited_list
description: >
List of plugins to enable on the grafana container
GrafanaContainerImage:
description: Grafana container image
type: string
GrafanaDashboardsPath:
default: ''
description: ceph dashboards templates built for grafana
type: string
GrafanaDashboardPort:
type: number
default: 3100
description: Parameter that defines the ceph grafana port.
GrafanaDataSource:
default: 'Dashboard'
description: Grafana datasource
type: string
PrometheusContainerImage:
description: Ceph Prometheus container image
type: string
AlertManagerContainerImage:
description: Ceph AlertManager container image
type: string
NodeExporterContainerImage:
description: Ceph NodeExporter container image
default: ''
type: string
EnableInternalTLS:
type: boolean
default: false
CertificateKeySize:
type: string
default: '2048'
description: Specifies the private key size used when creating the
certificate.
GrafanaCertificateKeySize:
type: string
default: ''
description: Override the private key size used when creating the
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: GrafanaCertificateKeySize}, '']}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephGrafanaAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_grafana_admin_user: {get_param: CephGrafanaAdminUser}
tripleo_cephadm_grafana_admin_password: {get_param: CephGrafanaAdminPassword}
tripleo_cephadm_grafana_container_image: {get_param: GrafanaContainerImage}
tripleo_cephadm_grafana_dashboards_path: {get_param: GrafanaDashboardsPath}
tripleo_cephadm_grafana_datasource: {get_param: GrafanaDataSource}
tripleo_cephadm_grafana_plugins: {get_param: GrafanaPlugins}
tripleo_cephadm_grafana_port: {get_param: GrafanaDashboardPort}
tripleo_cephadm_prometheus_container_image: {get_param: PrometheusContainerImage}
tripleo_cephadm_node_exporter_container_image: {get_param: NodeExporterContainerImage}
tripleo_cephadm_prometheus_port: 9092
tripleo_cephadm_alertmanager_container_image: {get_param: AlertManagerContainerImage}
outputs:
role_data:
description: Role data for the Ceph Dashboard service.
value:
service_name: ceph_grafana
firewall_rules:
'123 ceph_dashboard':
dport:
- {get_param: GrafanaDashboardPort}
- 9090
- 9092
- 9093
- 9094
- 9100
- 9283
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_dashboard_external_deploy_init
when: step == '1'
tags:
- ceph
block:
- name: set tripleo-ansible group vars
set_fact:
ceph_monitoring_stack:
if:
- internal_tls_enabled
- yaql:
data:
default:
map_merge:
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
certmap:
tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
expression: $.data.default.mergeWith($.data.certmap)
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
config_settings:
map_merge:
- if:
- internal_tls_enabled
-
generate_service_certificates: true
ceph_grafana_certificate_specs:
service_certificate: '/etc/pki/tls/certs/ceph_grafana.crt'
service_key: '/etc/pki/tls/private/ceph_grafana.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephGrafanaNetwork]}
principal:
str_replace:
template: "ceph_grafana/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephGrafanaNetwork]}
postsave_cmd: "/usr/bin/certmonger-grafana-refresh.sh"
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- {get_param: GrafanaCertificateKeySize}
- {}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_grafana
network: {get_param: [ServiceNetMap, CephGrafanaNetwork]}
type: node
- null

View File

@ -0,0 +1,80 @@
heat_template_version: rocky
description: >
Ceph Metadata service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephMdsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
outputs:
role_data:
description: Role data for the Ceph Metadata service.
value:
service_name: ceph_mds
firewall_rules:
'112 ceph_mds':
dport:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- - '9100'
- []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks: []
external_update_tasks: []
external_upgrade_tasks: []

View File

@ -0,0 +1,180 @@
heat_template_version: rocky
description: >
Ceph Manager service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephDashboardAdminUser:
default: 'admin'
description: Admin user for the dashboard component
type: string
CephDashboardAdminPassword:
description: Admin password for the dashboard component
type: string
hidden: true
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
CephDashboardPort:
type: number
default: 8444
description: Parameter that defines the ceph dashboard port.
CephDashboardAdminRO:
type: boolean
default: true
description: Parameter used to set a read-only admin user.
EnableInternalTLS:
type: boolean
default: false
CertificateKeySize:
type: string
default: '2048'
description: Specifies the private key size used when creating the
certificate.
CephCertificateKeySize:
type: string
default: ''
description: Override the private key size used when creating the
certificate for this service
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled:
and:
- dashboard_enabled
- equals:
- get_param: EnableInternalTLS
- true
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephMgrAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_dashboard_admin_user: {get_param: CephDashboardAdminUser}
tripleo_cephadm_dashboard_admin_password: {get_param: CephDashboardAdminPassword}
tripleo_cephadm_dashboard_port: {get_param: CephDashboardPort}
tripleo_cephadm_dashboard_admin_user_ro: {get_param: CephDashboardAdminRO}
tripleo_cephadm_dashboard_protocol:
if:
- internal_tls_enabled
- 'https'
- 'http'
outputs:
role_data:
description: Role data for the Ceph Manager service.
value:
service_name: ceph_mgr
firewall_rules:
'113 ceph_mgr':
dport:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- - {get_param: CephDashboardPort}
- []
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_mgr_external_deploy_init
when: step|int == 1
tags:
- ceph
block:
- name: set tripleo-ansible ceph dashboard vars
set_fact:
ceph_dashboard_vars:
if:
- dashboard_enabled
- map_merge:
- if:
- internal_tls_enabled
-
map_merge:
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
- tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
- tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- {}
config_settings:
map_merge:
- if:
- internal_tls_enabled
-
generate_service_certificates: true
ceph_dashboard_certificate_specs:
service_certificate: '/etc/pki/tls/certs/ceph_dashboard.crt'
service_key: '/etc/pki/tls/private/ceph_dashboard.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
principal:
str_replace:
template: "ceph_dashboard/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
postsave_cmd: "/usr/bin/certmonger-dashboard-refresh.sh"
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- {get_param: CephCertificateKeySize}
- {}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_dashboard
network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
type: node
- null

View File

@ -0,0 +1,86 @@
heat_template_version: rocky
description: >
Ceph Monitor service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephValidationRetries:
type: number
default: 40
description: Number of retry attempts for Ceph validation
CephValidationDelay:
type: number
default: 30
description: Interval (in seconds) in between validation checks
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph Monitor service.
value:
service_name: ceph_mon
firewall_rules:
'110 ceph_mon':
dport:
list_concat:
- - 6789
- - 3300
- if:
- dashboard_enabled
- - '9100'
- []
service_config_settings:
collectd:
tripleo.collectd.plugins.ceph_osd:
- ceph
collectd::plugin::ceph::daemons: []
upgrade_tasks: {get_attr: [CephBase, role_data, upgrade_tasks]}
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks: []

View File

@ -0,0 +1,136 @@
heat_template_version: rocky
description: >
Ceph NFS Ganeshaservice.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ManilaCephFSCephFSAuthId:
type: string
default: 'manila'
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephNfsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
tripleo_cephadm_ceph_nfs_enable_service: false
tripleo_cephadm_ceph_nfs_use_pacemaker: true
tripleo_cephadm_ceph_nfs_dynamic_exports: true
tripleo_cephadm_ceph_nfs_service_suffix: pacemaker
tripleo_cephadm_nfs_obj_gw: false
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_ceph_nfs_disable_caching: true
tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
outputs:
role_data:
description: Role data for the Ceph NFS Ganesha service.
value:
service_name: ceph_nfs
firewall_rules:
'120 ceph_nfs':
dport:
# We support only NFS 4.1 to start
- 2049
upgrade_tasks:
- name: Create hiera data to upgrade ceph_nfs in a stepwise manner.
when:
- step|int == 1
- cluster_recreate|bool
block:
- name: set ceph_nfs upgrade node facts in a single-node environment
set_fact:
ceph_nfs_short_node_names_upgraded: "{{ ceph_nfs_short_node_names }}"
cacheable: no
when: groups['ceph_nfs'] | length <= 1
- name: set ceph_nfs upgrade node facts from the limit option
set_fact:
ceph_nfs_short_node_names_upgraded: "{{ ceph_nfs_short_node_names_upgraded|default([]) + [item.split('.')[0]] }}"
cacheable: no
when:
- groups['ceph_nfs'] | length > 1
- item.split('.')[0] in ansible_limit.split(':')
loop: "{{ ceph_nfs_short_node_names | default([]) }}"
- fail:
msg: >
You can't upgrade ceph_nfs without staged
upgrade. You need to use the limit option in order
to do so.
when: >-
ceph_nfs_short_node_names_upgraded is not defined or
ceph_nfs_short_node_names_upgraded | length == 0
- debug:
msg: "Prepare ceph_nfs upgrade for {{ ceph_nfs_short_node_names_upgraded }}"
- name: add the ceph_nfs short name to hiera data for the upgrade.
include_role:
name: tripleo_upgrade_hiera
tasks_from: set.yml
vars:
tripleo_upgrade_key: ceph_nfs_short_node_names_override
tripleo_upgrade_value: "{{ceph_nfs_short_node_names_upgraded}}"
- name: remove the extra hiera data needed for the upgrade.
include_role:
name: tripleo_upgrade_hiera
tasks_from: remove.yml
vars:
tripleo_upgrade_key: ceph_nfs_short_node_names_override
when: ceph_nfs_short_node_names_upgraded | length == ceph_nfs_short_node_names | length
step_config: 'include tripleo::profile::pacemaker::ceph_nfs'
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
# step_config seems to be ignored if docker_config is present
#docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_nfs_external_deploy_init
when: step|int == 1
tags:
- ceph
block:
- name: set tripleo-ansible group vars
set_fact:
ceph_nfs_vars: {get_attr: [CephNfsAnsibleVars, value, vars]}
external_update_tasks: []
external_upgrade_tasks: []

View File

@ -0,0 +1,100 @@
heat_template_version: rocky
description: >
Ceph OSD service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephAnsibleDisksConfig:
type: json
description: Disks config settings.
default:
devices: []
osd_scenario: lvm
osd_objectstore: bluestore
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephOsdAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {get_param: CephAnsibleDisksConfig}
outputs:
role_data:
description: Role data for the Ceph OSD service.
value:
service_name: ceph_osd
firewall_rules:
'111 ceph_osd':
dport:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- - '9100'
- []
service_config_settings:
collectd:
tripleo.collectd.plugins.ceph_osd:
- ceph
collectd::plugin::ceph::daemons: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_osd_external_deploy_init
when: step|int == 1
tags:
- ceph
block:
- name: Build disk list for cephadm
set_fact:
cephadm_disk_list: {get_attr: [CephOsdAnsibleVars, value, vars]}

View File

@ -0,0 +1,84 @@
heat_template_version: rocky
description: >
Ceph RBD Mirror service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
CephRbdMirrorCopyAdminKey:
default: false
description: Some admins like to copy the admin key everywhere
type: boolean
CephRbdMirrorConfigure:
default: true
description: Perform mirror configuration between local and remote pool
type: boolean
CephRbdMirrorPool:
default: ''
description: Name of the local pool to mirror to remote cluster
type: string
CephRbdMirrorRemoteCluster:
default: 'not-ceph'
description: The name given to the remote Ceph cluster from the local cluster.
keys will reside in the /etc/ceph directory
type: string
CephRbdMirrorRemoteUser:
default: ''
description: The rbd-mirror daemon needs a user to authenticate with the
remote cluster. By default, this key should be available under
/etc/ceph/<remote_cluster>.client.<remote_user>.keyring
type: string
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph RBD Mirror service.
value:
service_name: ceph_rbdmirror
firewall_rules:
'114 ceph_rbdmirror':
dport:
- '6800-7300'
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks: []

View File

@ -0,0 +1,201 @@
heat_template_version: rocky
description: >
Ceph RadosGW service.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
EnableInternalTLS:
type: boolean
default: false
CertificateKeySize:
type: string
default: '2048'
description: Specifies the private key size used when creating the
certificate.
CephRgwCertificateKeySize:
type: string
default: ''
description: Override the private key size used when creating the
certificate for this service
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephRgwAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
radosgw_keystone: true
radosgw_keystone_ssl: false
radosgw_address_block:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]
radosgw_frontend_port: {get_param: [EndpointMap, CephRgwInternal, port]}
CephRgwConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
outputs:
role_data:
description: Role data for the Ceph RadosGW service.
value:
service_name: ceph_rgw
firewall_rules:
'122 ceph rgw':
dport:
list_concat:
- - {get_param: [EndpointMap, CephRgwInternal, port]}
- if:
- dashboard_enabled
- - '9100'
- []
keystone_resources:
swift:
endpoints:
public: {get_param: [EndpointMap, CephRgwPublic, uri]}
internal: {get_param: [EndpointMap, CephRgwInternal, uri]}
admin: {get_param: [EndpointMap, CephRgwAdmin, uri]}
users:
swift:
password: {get_param: SwiftPassword}
roles:
- admin
- member
region: {get_param: KeystoneRegion}
service: 'object-store'
roles:
- member
- ResellerAdmin
- swiftoperator
upgrade_tasks: {get_attr: [CephBase, role_data, upgrade_tasks]}
post_upgrade_tasks: {get_attr: [CephBase, role_data, post_upgrade_tasks]}
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_rgw_external_deploy_init
when: step|int == 1
tags:
- ceph
block:
- name: set ceph-ansible group vars rgws
set_fact:
cephadm_rgw_vars:
if:
- internal_tls_enabled
- map_merge:
- {get_attr: [CephRgwAnsibleVars, value, vars]}
- radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem'
- {get_attr: [CephRgwAnsibleVars, value, vars]}
ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]}
config_settings:
map_merge:
- if:
- internal_tls_enabled
-
generate_service_certificates: true
ceph_rgw_certificate_specs:
service_certificate: '/etc/pki/tls/certs/ceph_rgw.crt'
service_key: '/etc/pki/tls/private/ceph_rgw.key'
service_pem: '/etc/pki/tls/certs/ceph_rgw.pem'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
principal:
str_replace:
template: "ceph_rgw/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
postsave_cmd: "/usr/bin/certmonger-rgw-refresh.sh"
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- {get_param: CephRgwCertificateKeySize}
- {}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_rgw
network: {get_param: [ServiceNetMap, CephRgwNetwork]}
type: node
- null

View File

@ -0,0 +1,29 @@
resource_registry:
OS::TripleO::Services::CephExternal: ../../deployment/cephadm/ceph-external.yaml
parameter_defaults:
# NOTE: These example parameters are required when using CephExternal
#CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
#CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
#CephExternalMonHost: '172.16.1.7, 172.16.1.8'
# the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
GlanceBackend: rbd
# Uncomment below if enabling legacy telemetry
# GnocchiBackend: rbd
# If the Ceph pools which host VMs, Volumes and Images do not match these
# names OR the client keyring to use is not named 'openstack', edit the
# following as needed.
NovaRbdPoolName: vms
CinderRbdPoolName: volumes
CinderBackupRbdPoolName: backups
GlanceRbdPoolName: images
# Uncomment below if enabling legacy telemetry
# GnocchiRbdPoolName: metrics
CephClientUserName: openstack
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false

View File

@ -0,0 +1,5 @@
resource_registry:
OS::TripleO::Services::CephGrafana: ../../deployment/cephadm/ceph-grafana.yaml
parameter_defaults:
CephEnableDashboard: true

View File

@ -0,0 +1,2 @@
resource_registry:
OS::TripleO::Services::CephMds: ../../deployment/cephadm/ceph-mds.yaml

View File

@ -0,0 +1,2 @@
resource_registry:
OS::TripleO::Services::CephRbdMirror: ../../deployment/cephadm/ceph-rbdmirror.yaml

View File

@ -0,0 +1,5 @@
resource_registry:
OS::TripleO::Services::CephRgw: ../../deployment/cephadm/ceph-rgw.yaml
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None

View File

@ -0,0 +1,22 @@
resource_registry:
OS::TripleO::Services::CephMgr: ../../deployment/cephadm/ceph-mgr.yaml
OS::TripleO::Services::CephMon: ../../deployment/cephadm/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../deployment/cephadm/ceph-osd.yaml
OS::TripleO::Services::CephClient: ../../deployment/cephadm/ceph-client.yaml
parameter_defaults:
CinderEnableIscsiBackend: false
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
NovaEnableRbdBackend: true
GlanceBackend: rbd
## Uncomment below if enabling legacy telemetry
# GnocchiBackend: rbd
## Set to enable on-wire encryption
## Using secure mode can cause a performance degradation with the storage cluster.
## The severity of the performance degradation can vary depending on several
## environmental factors.
## Test the performance impact in a non-production environment before implementing.
# CephMsgrSecureMode: true

View File

@ -0,0 +1,17 @@
---
features:
- It is now possible to deploy Ceph with TripleO using cephadm.
deprecations:
- Ceph Deployment using Ceph versions older than Octopus is deprecated.
- |
The CephOsdPercentageMin parameter has been deprecated and has a new default
of 0 so that the validation is not run. There is no need to fail the deployment
early if a percentage of the OSDs are not running because the Ceph pools created
for OpenStack can now be created even if there are 0 OSDs as the PG number is no
longer required on pool creation. TripleO no longer waits for OSD creation and
instead only queues the request for OSD creation with the ceph orchestrator.
other:
- |
The CephPoolDefaultPgNum paramter default is now 16. The Ceph pg_autoscaler
is enabled by default in the supported versions of Ceph though the parameter
CephPoolDefaultPgNum may still be used as desired.

View File

@ -12,6 +12,7 @@
# under the License.
import argparse
import glob
import os
import re
import six
@ -327,6 +328,32 @@ def get_endpoint_map_from_env(filename):
return None
def compare_parameters(old_impl_path, new_impl_path):
old_impl_params = []
new_impl_params = []
for filename in glob.glob(old_impl_path + "/*.yaml"):
with open(filename, 'r') as f:
tpl = yaml.load(f.read(), Loader=yaml.SafeLoader)
old_impl_params.extend(tpl["parameters"].keys())
for filename in glob.glob(new_impl_path + "/*.yaml"):
with open(filename, 'r') as f:
tpl = yaml.load(f.read(), Loader=yaml.SafeLoader)
new_impl_params.extend(tpl["parameters"].keys())
return set(old_impl_params).difference(set(new_impl_params))
def compare_ceph_parameters(path):
old_path = base_path + "/deployment/ceph-ansible/"
new_path = base_path + "/deployment/cephadm/"
missing = compare_parameters(old_path, new_path)
if missing:
print("ERROR: Some parameters are missing in Ceph implementation at"
"'%s' compared to that in '%s' and they are: %s" %
(new_path, old_path, missing))
return 1
return 0
def validate_endpoint_map(base_map, env_map):
return sorted(base_map.keys()) == sorted(env_map.keys())
@ -1367,6 +1394,7 @@ param_map = {}
for base_path in path_args:
if os.path.isdir(base_path):
exit_val |= compare_ceph_parameters(base_path)
for subdir, dirs, files in os.walk(base_path):
if '.tox' in dirs:
dirs.remove('.tox')