diff --git a/deployment/cephadm/ceph-base.yaml b/deployment/cephadm/ceph-base.yaml index 2ac9b3e71c..822472ff4d 100644 --- a/deployment/cephadm/ceph-base.yaml +++ b/deployment/cephadm/ceph-base.yaml @@ -383,18 +383,10 @@ parameter_groups: - CephOsdPercentageMin conditions: - msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]} custom_registry_host: yaql: data: {get_param: ContainerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') - perform_upgrade: - equals: [{get_param: StackUpdateType}, 'UPGRADE'] - ceph_ansible_skip_tags_set: - not: - equals: - - {get_param: CephAnsibleSkipTags} - - '' ceph_authenticated_registry: and: - not: @@ -415,11 +407,6 @@ conditions: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty() - is_ipv6: - equals: - - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} - - 6 - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: ContainerImageUrlParts: @@ -448,98 +435,15 @@ resources: expression: $.data.rightSplit(':', 1)[1] data: {get_param: ContainerCephDaemonImage} - MsgrSecureModeOverrides: - type: OS::Heat::Value - properties: - type: json - value: - vars: - global: - ms_cluster_mode: secure - ms_service_mode: secure - ms_client_mode: secure - DefaultCephConfigOverrides: type: OS::Heat::Value properties: type: json value: vars: - global: - osd_pool_default_size: {get_param: CephPoolDefaultSize} - osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} - osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum} - - CephBasePoolVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - gnocchi_pool: - name: {get_param: GnocchiRbdPoolName} - enabled: - if: - - equals: - - {get_param: GnocchiBackend} - - 'rbd' - - true - - false - nova_pool: - name: {get_param: NovaRbdPoolName} - enabled: {get_param: NovaEnableRbdBackend} - glance_pool: - name: {get_param: GlanceRbdPoolName} - enabled: - if: - - equals: - - {get_param: GlanceBackend} - - 'rbd' - - true - - false - cinder_pool: - name: {get_param: CinderRbdPoolName} - enabled: {get_param: CinderEnableRbdBackend} - cinder_extra_pools: {get_param: CinderRbdExtraPools} - cinder_backup_pool: - name: {get_param: CinderBackupRbdPoolName} - enabled: - if: - - equals: - - {get_param: CinderBackupBackend} - - 'ceph' - - true - - false - extra_pools: {get_param: CephPools} - pg_num: {get_param: CephPoolDefaultPgNum} - - CephManilaPoolVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - data: {get_param: ManilaCephFSDataPoolName} - metadata: {get_param: ManilaCephFSMetadataPoolName} - data_pg_num: {get_param: CephPoolDefaultPgNum} - metadata_pg_num: {get_param: CephPoolDefaultPgNum} - - CephKeyVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - openstack_client: - name: {get_param: CephClientUserName} - key: {get_param: CephClientKey} - manila: - name: {get_param: ManilaCephFSCephFSAuthId} - key: {get_param: CephManilaClientKey} - radosgw: - name: {get_param: CephRgwClientName} - key: {get_param: CephRgwKey} - extra_keys: {get_param: CephExtraKeys} + osd_pool_default_size: {get_param: CephPoolDefaultSize} + osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum} CephAdmVars: type: OS::Heat::Value @@ -606,26 +510,75 @@ outputs: name: tripleo_run_cephadm tasks_from: prepare.yml vars: - ceph_pools: {get_attr: [CephBasePoolVars, value, vars]} - manila_pools: {get_attr: [CephManilaPoolVars, value, vars]} - ceph_keys: {get_attr: [CephKeyVars, value, vars]} + ceph_pools: + gnocchi_pool: + name: {get_param: GnocchiRbdPoolName} + enabled: + if: + - equals: + - {get_param: GnocchiBackend} + - 'rbd' + - true + - false + nova_pool: + name: {get_param: NovaRbdPoolName} + enabled: {get_param: NovaEnableRbdBackend} + glance_pool: + name: {get_param: GlanceRbdPoolName} + enabled: + if: + - equals: + - {get_param: GlanceBackend} + - 'rbd' + - true + - false + cinder_pool: + name: {get_param: CinderRbdPoolName} + enabled: {get_param: CinderEnableRbdBackend} + cinder_extra_pools: {get_param: CinderRbdExtraPools} + cinder_backup_pool: + name: {get_param: CinderBackupRbdPoolName} + enabled: + if: + - equals: + - {get_param: CinderBackupBackend} + - 'ceph' + - true + - false + extra_pools: {get_param: CephPools} + pg_num: {get_param: CephPoolDefaultPgNum} + manila_pools: + data: {get_param: ManilaCephFSDataPoolName} + metadata: {get_param: ManilaCephFSMetadataPoolName} + data_pg_num: {get_param: CephPoolDefaultPgNum} + metadata_pg_num: {get_param: CephPoolDefaultPgNum} + ceph_keys: + openstack_client: + name: {get_param: CephClientUserName} + key: {get_param: CephClientKey} + manila: + name: {get_param: ManilaCephFSCephFSAuthId} + key: {get_param: CephManilaClientKey} + radosgw: + name: {get_param: CephRgwClientName} + key: {get_param: CephRgwKey} + extra_keys: {get_param: CephExtraKeys} ceph_config_overrides: {get_param: CephConfigOverrides} tripleo_run_cephadm_spec_path: {get_param: CephSpecPath} tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec} ceph_spec_fqdn: {get_param: CephSpecFqdn} ceph_osd_spec: {get_param: CephOsdSpec} ceph_default_overrides: - if: - - msgr_secure_mode - - yaql: - expression: ($.data.default).mergeWith($.data.secure) - data: - default: {get_attr: [DefaultCephConfigOverrides, value, vars]} - secure: {get_attr: [MsgrSecureModeOverrides, value, vars]} - - {get_attr: [DefaultCephConfigOverrides, value, vars]} - cephadm_extra_vars: # cephadm execution - map_merge: - - {get_attr: [CephAdmVars, value, vars]} + global: + if: + - {get_param: CephMsgrSecureMode} + - map_merge: + - {get_attr: [DefaultCephConfigOverrides, value, vars]} + - ms_cluster_mode: secure + ms_service_mode: secure + ms_client_mode: secure + - {get_attr: [DefaultCephConfigOverrides, value, vars]} + cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]} ceph_admin_extra_vars: # user creation tripleo_admin_generate_key: false distribute_private_key: true diff --git a/deployment/cephadm/ceph-client.yaml b/deployment/cephadm/ceph-client.yaml index e159f415b6..60e00fe277 100644 --- a/deployment/cephadm/ceph-client.yaml +++ b/deployment/cephadm/ceph-client.yaml @@ -79,22 +79,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephClientAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {} - - CephClientConfigOverrides: - type: OS::Heat::Value - properties: - type: json - value: - vars: - client: - rbd_concurrent_management_ops: 20 - outputs: role_data: description: Role data for the Ceph Client service. diff --git a/deployment/cephadm/ceph-external.yaml b/deployment/cephadm/ceph-external.yaml index c9a31b604c..38faa0b2ff 100644 --- a/deployment/cephadm/ceph-external.yaml +++ b/deployment/cephadm/ceph-external.yaml @@ -46,14 +46,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephExternalAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - external_cluster_mon_ips: {get_param: CephExternalMonHost} - outputs: role_data: description: Role data for the Ceph External service. @@ -76,6 +68,7 @@ outputs: block: - name: set ceph-ansible group vars clients set_fact: - ceph_ansible_group_vars_clients: {get_attr: [CephExternalAnsibleVars, value, vars]} + ceph_ansible_group_vars_clients: + external_cluster_mon_ips: {get_param: CephExternalMonHost} external_update_tasks: [] external_upgrade_tasks: [] diff --git a/deployment/cephadm/ceph-grafana.yaml b/deployment/cephadm/ceph-grafana.yaml index 79a3915a32..344ffe4591 100644 --- a/deployment/cephadm/ceph-grafana.yaml +++ b/deployment/cephadm/ceph-grafana.yaml @@ -83,8 +83,8 @@ parameters: certificate for this service conditions: - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: GrafanaCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: GrafanaCertificateKeySize}, '']} resources: CephBase: @@ -148,25 +148,18 @@ outputs: set_fact: ceph_monitoring_stack: if: - - internal_tls_enabled - - yaql: - data: - default: - map_merge: - - {get_attr: [CephGrafanaAnsibleVars, value, vars]} - certmap: - tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt' - tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key' - expression: $.data.default.mergeWith($.data.certmap) + - {get_param: EnableInternalTLS} + - map_merge: + - {get_attr: [CephGrafanaAnsibleVars, value, vars]} + - tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt' + tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key' - {get_attr: [CephGrafanaAnsibleVars, value, vars]} metadata_settings: if: - - internal_tls_enabled - - - - service: ceph_grafana + - {get_param: EnableInternalTLS} + - - service: ceph_grafana network: {get_param: [ServiceNetMap, CephGrafanaNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -197,7 +190,7 @@ outputs: fi key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: GrafanaCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa diff --git a/deployment/cephadm/ceph-mds.yaml b/deployment/cephadm/ceph-mds.yaml index 5015298a3e..a22ed9cba8 100644 --- a/deployment/cephadm/ceph-mds.yaml +++ b/deployment/cephadm/ceph-mds.yaml @@ -35,27 +35,6 @@ parameters: default: false description: Parameter used to trigger the dashboard deployment. -conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - -resources: - CephBase: - type: ./ceph-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - CephMdsAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {} - outputs: role_data: description: Role data for the Ceph Metadata service. @@ -67,9 +46,8 @@ outputs: list_concat: - - '6800-7300' - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - - [] puppet_config: config_image: '' config_volume: '' diff --git a/deployment/cephadm/ceph-mgr.yaml b/deployment/cephadm/ceph-mgr.yaml index ba2febd6ea..6c5ad50bac 100644 --- a/deployment/cephadm/ceph-mgr.yaml +++ b/deployment/cephadm/ceph-mgr.yaml @@ -65,14 +65,12 @@ parameters: certificate for this service conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} internal_tls_enabled: and: - - dashboard_enabled - - equals: - - get_param: EnableInternalTLS - - true - key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']} + - {get_param: CephEnableDashboard} + - {get_param: EnableInternalTLS} + key_size_override_set: + not: {equals: [{get_param: CephCertificateKeySize}, '']} resources: CephBase: @@ -112,9 +110,8 @@ outputs: list_concat: - - '6800-7300' - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - {get_param: CephDashboardPort} - - [] upgrade_tasks: [] puppet_config: config_image: '' @@ -133,26 +130,21 @@ outputs: set_fact: ceph_dashboard_vars: if: - - dashboard_enabled - - map_merge: + - {get_param: CephEnableDashboard} - if: - internal_tls_enabled - - - map_merge: - - {get_attr: [CephMgrAnsibleVars, value, vars]} - - tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt - - tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key - - tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true + - map_merge: + - {get_attr: [CephMgrAnsibleVars, value, vars]} + - tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt + - tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key + - tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true - {get_attr: [CephMgrAnsibleVars, value, vars]} - - {} metadata_settings: if: - internal_tls_enabled - - - - service: ceph_dashboard + - - service: ceph_dashboard network: {get_param: [ServiceNetMap, CephDashboardNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -183,7 +175,7 @@ outputs: fi key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: CephCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa diff --git a/deployment/cephadm/ceph-mon.yaml b/deployment/cephadm/ceph-mon.yaml index 96625e0032..411f38ec69 100644 --- a/deployment/cephadm/ceph-mon.yaml +++ b/deployment/cephadm/ceph-mon.yaml @@ -71,7 +71,6 @@ outputs: - if: - dashboard_enabled - - '9100' - - [] service_config_settings: collectd: tripleo.collectd.plugins.ceph_osd: diff --git a/deployment/cephadm/ceph-nfs.yaml b/deployment/cephadm/ceph-nfs.yaml index 116a19b5fd..f0c5c10537 100644 --- a/deployment/cephadm/ceph-nfs.yaml +++ b/deployment/cephadm/ceph-nfs.yaml @@ -45,22 +45,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephNfsAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: - tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]} - tripleo_cephadm_ceph_nfs_enable_service: false - tripleo_cephadm_ceph_nfs_use_pacemaker: true - tripleo_cephadm_ceph_nfs_dynamic_exports: true - tripleo_cephadm_ceph_nfs_service_suffix: pacemaker - tripleo_cephadm_nfs_obj_gw: false - tripleo_cephadm_ceph_nfs_rados_backend: true - tripleo_cephadm_ceph_nfs_disable_caching: true - tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId} - outputs: role_data: description: Role data for the Ceph NFS Ganesha service. @@ -131,6 +115,15 @@ outputs: block: - name: set tripleo-ansible group vars set_fact: - ceph_nfs_vars: {get_attr: [CephNfsAnsibleVars, value, vars]} + ceph_nfs_vars: + tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]} + tripleo_cephadm_ceph_nfs_enable_service: false + tripleo_cephadm_ceph_nfs_use_pacemaker: true + tripleo_cephadm_ceph_nfs_dynamic_exports: true + tripleo_cephadm_ceph_nfs_service_suffix: pacemaker + tripleo_cephadm_nfs_obj_gw: false + tripleo_cephadm_ceph_nfs_rados_backend: true + tripleo_cephadm_ceph_nfs_disable_caching: true + tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId} external_update_tasks: [] external_upgrade_tasks: [] diff --git a/deployment/cephadm/ceph-osd.yaml b/deployment/cephadm/ceph-osd.yaml index e095ee2643..10adfe16ba 100644 --- a/deployment/cephadm/ceph-osd.yaml +++ b/deployment/cephadm/ceph-osd.yaml @@ -42,9 +42,6 @@ parameters: default: false description: Parameter used to trigger the dashboard deployment. -conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - resources: CephBase: type: ./ceph-base.yaml @@ -56,13 +53,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - CephOsdAnsibleVars: - type: OS::Heat::Value - properties: - type: json - value: - vars: {get_param: CephAnsibleDisksConfig} - outputs: role_data: description: Role data for the Ceph OSD service. @@ -74,9 +64,8 @@ outputs: list_concat: - - '6800-7300' - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - - [] service_config_settings: collectd: tripleo.collectd.plugins.ceph_osd: @@ -97,4 +86,4 @@ outputs: block: - name: Build disk list for cephadm set_fact: - cephadm_disk_list: {get_attr: [CephOsdAnsibleVars, value, vars]} + cephadm_disk_list: {get_param: CephAnsibleDisksConfig} diff --git a/deployment/cephadm/ceph-rbdmirror.yaml b/deployment/cephadm/ceph-rbdmirror.yaml index d3fac0a153..d8856f2b2f 100644 --- a/deployment/cephadm/ceph-rbdmirror.yaml +++ b/deployment/cephadm/ceph-rbdmirror.yaml @@ -54,18 +54,6 @@ parameters: /etc/ceph/.client..keyring type: string -resources: - CephBase: - type: ./ceph-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - outputs: role_data: description: Role data for the Ceph RBD Mirror service. diff --git a/deployment/cephadm/ceph-rgw.yaml b/deployment/cephadm/ceph-rgw.yaml index d11e89f3ae..5d81b4c8e7 100644 --- a/deployment/cephadm/ceph-rgw.yaml +++ b/deployment/cephadm/ceph-rgw.yaml @@ -57,9 +57,8 @@ parameters: certificate for this service conditions: - dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - key_size_override_unset: {equals: [{get_param: CephRgwCertificateKeySize}, '']} + key_size_override_set: + not: {equals: [{get_param: CephRgwCertificateKeySize}, '']} resources: CephBase: @@ -89,29 +88,6 @@ resources: data: {get_param: [EndpointMap, CephRgwInternal]} expression: int($.data.port) - - CephRgwConfigOverrides: - type: OS::Heat::Value - properties: - type: json - value: - vars: - global: - rgw_keystone_api_version: 3 - rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - rgw_keystone_accepted_roles: 'member, Member, admin' - rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator - rgw_keystone_admin_domain: default - rgw_keystone_admin_project: service - rgw_keystone_admin_user: swift - rgw_keystone_admin_password: {get_param: SwiftPassword} - rgw_keystone_implicit_tenants: 'true' - rgw_keystone_revocation_interval: '0' - rgw_s3_auth_use_keystone: 'true' - rgw_swift_versioning_enabled: 'true' - rgw_swift_account_in_url: 'true' - rgw_trust_forwarded_https: 'true' - outputs: role_data: description: Role data for the Ceph RadosGW service. @@ -123,9 +99,8 @@ outputs: list_concat: - - {get_param: [EndpointMap, CephRgwInternal, port]} - if: - - dashboard_enabled + - {get_param: CephEnableDashboard} - - '9100' - - [] keystone_resources: swift: endpoints: @@ -163,20 +138,34 @@ outputs: set_fact: cephadm_rgw_vars: if: - - internal_tls_enabled + - {get_param: EnableInternalTLS} - map_merge: - {get_attr: [CephRgwAnsibleVars, value, vars]} - radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem' - {get_attr: [CephRgwAnsibleVars, value, vars]} - ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]} + ceph_rgw_config_overrides: + global: + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'member, Member, admin' + rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_keystone_implicit_tenants: 'true' + rgw_keystone_revocation_interval: '0' + rgw_s3_auth_use_keystone: 'true' + rgw_swift_versioning_enabled: 'true' + rgw_swift_account_in_url: 'true' + rgw_trust_forwarded_https: 'true' + metadata_settings: if: - - internal_tls_enabled - - - - service: ceph_rgw + - {get_param: EnableInternalTLS} + - - service: ceph_rgw network: {get_param: [ServiceNetMap, CephRgwNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -212,7 +201,7 @@ outputs: fi key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: CephRgwCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa