openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Simplify cephadm service templates"

This commit is contained in:
Zuul 2021-04-27 14:11:54 +00:00 committed by Gerrit Code Review
parent b397b0acfd 03213d643e
commit 69fc50c5e3
11 changed files with 131 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
deployment/cephadm/ceph-base.yaml
View File

@ -383,18 +383,10 @@ parameter_groups:
- CephOsdPercentageMin - CephOsdPercentageMin
conditions: conditions:
msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]}
custom_registry_host: custom_registry_host:
yaql: yaql:
data: {get_param: ContainerCephDaemonImage} data: {get_param: ContainerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)') expression: $.data.split('/')[0].matches('(\.|:)')
perform_upgrade:
equals: [{get_param: StackUpdateType}, 'UPGRADE']
ceph_ansible_skip_tags_set:
not:
equals:
- {get_param: CephAnsibleSkipTags}
- ''
ceph_authenticated_registry: ceph_authenticated_registry:
and: and:
- not: - not:
@ -415,11 +407,6 @@ conditions:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage} data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty() expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources: resources:
ContainerImageUrlParts: ContainerImageUrlParts:
@ -448,98 +435,15 @@ resources:
expression: $.data.rightSplit(':', 1)[1] expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage} data: {get_param: ContainerCephDaemonImage}
MsgrSecureModeOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
DefaultCephConfigOverrides: DefaultCephConfigOverrides:
type: OS::Heat::Value type: OS::Heat::Value
properties: properties:
type: json type: json
value: value:
vars: vars:
global: osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
CephBasePoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
if:
- equals:
- {get_param: GlanceBackend}
- 'rbd'
- true
- false
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
CephManilaPoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
CephKeyVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
CephAdmVars: CephAdmVars:
type: OS::Heat::Value type: OS::Heat::Value
@ -606,26 +510,75 @@ outputs:
name: tripleo_run_cephadm name: tripleo_run_cephadm
tasks_from: prepare.yml tasks_from: prepare.yml
vars: vars:
ceph_pools: {get_attr: [CephBasePoolVars, value, vars]} ceph_pools:
manila_pools: {get_attr: [CephManilaPoolVars, value, vars]} gnocchi_pool:
ceph_keys: {get_attr: [CephKeyVars, value, vars]} name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
if:
- equals:
- {get_param: GlanceBackend}
- 'rbd'
- true
- false
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
manila_pools:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
ceph_keys:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
ceph_config_overrides: {get_param: CephConfigOverrides} ceph_config_overrides: {get_param: CephConfigOverrides}
tripleo_run_cephadm_spec_path: {get_param: CephSpecPath} tripleo_run_cephadm_spec_path: {get_param: CephSpecPath}
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec} tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
ceph_spec_fqdn: {get_param: CephSpecFqdn} ceph_spec_fqdn: {get_param: CephSpecFqdn}
ceph_osd_spec: {get_param: CephOsdSpec} ceph_osd_spec: {get_param: CephOsdSpec}
ceph_default_overrides: ceph_default_overrides:
if: global:
- msgr_secure_mode if:
- yaql: - {get_param: CephMsgrSecureMode}
expression: ($.data.default).mergeWith($.data.secure) - map_merge:
data: - {get_attr: [DefaultCephConfigOverrides, value, vars]}
default: {get_attr: [DefaultCephConfigOverrides, value, vars]} - ms_cluster_mode: secure
secure: {get_attr: [MsgrSecureModeOverrides, value, vars]} ms_service_mode: secure
- {get_attr: [DefaultCephConfigOverrides, value, vars]} ms_client_mode: secure
cephadm_extra_vars: # cephadm execution - {get_attr: [DefaultCephConfigOverrides, value, vars]}
map_merge: cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]}
- {get_attr: [CephAdmVars, value, vars]}
ceph_admin_extra_vars: # user creation ceph_admin_extra_vars: # user creation
tripleo_admin_generate_key: false tripleo_admin_generate_key: false
distribute_private_key: true distribute_private_key: true

16
deployment/cephadm/ceph-client.yaml
View File

@ -79,22 +79,6 @@ resources:
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
CephClientAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
CephClientConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
client:
rbd_concurrent_management_ops: 20
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph Client service. description: Role data for the Ceph Client service.

11
deployment/cephadm/ceph-external.yaml
View File

@ -46,14 +46,6 @@ resources:
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
CephExternalAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph External service. description: Role data for the Ceph External service.
@ -76,6 +68,7 @@ outputs:
block: block:
- name: set ceph-ansible group vars clients - name: set ceph-ansible group vars clients
set_fact: set_fact:
ceph_ansible_group_vars_clients: {get_attr: [CephExternalAnsibleVars, value, vars]} ceph_ansible_group_vars_clients:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
external_update_tasks: [] external_update_tasks: []
external_upgrade_tasks: [] external_upgrade_tasks: []

29
deployment/cephadm/ceph-grafana.yaml
View File

@ -83,8 +83,8 @@ parameters:
certificate for this service certificate for this service
conditions: conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} key_size_override_set:
key_size_override_unset: {equals: [{get_param: GrafanaCertificateKeySize}, '']} not: {equals: [{get_param: GrafanaCertificateKeySize}, '']}
resources: resources:
CephBase: CephBase:
@ -148,25 +148,18 @@ outputs:
set_fact: set_fact:
ceph_monitoring_stack: ceph_monitoring_stack:
if: if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- yaql: - map_merge:
data: - {get_attr: [CephGrafanaAnsibleVars, value, vars]}
default: - tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
map_merge: tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
certmap:
tripleo_cephadm_grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
tripleo_cephadm_grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
expression: $.data.default.mergeWith($.data.certmap)
- {get_attr: [CephGrafanaAnsibleVars, value, vars]} - {get_attr: [CephGrafanaAnsibleVars, value, vars]}
metadata_settings: metadata_settings:
if: if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- - - service: ceph_grafana
- service: ceph_grafana
network: {get_param: [ServiceNetMap, CephGrafanaNetwork]} network: {get_param: [ServiceNetMap, CephGrafanaNetwork]}
type: node type: node
- null
deploy_steps_tasks: deploy_steps_tasks:
- name: Certificate generation - name: Certificate generation
when: when:
@ -197,7 +190,7 @@ outputs:
fi fi
key_size: key_size:
if: if:
- key_size_override_unset - key_size_override_set
- {get_param: CertificateKeySize}
- {get_param: GrafanaCertificateKeySize} - {get_param: GrafanaCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa ca: ipa

24
deployment/cephadm/ceph-mds.yaml
View File

@ -35,27 +35,6 @@ parameters:
default: false default: false
description: Parameter used to trigger the dashboard deployment. description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephMdsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph Metadata service. description: Role data for the Ceph Metadata service.
@ -67,9 +46,8 @@ outputs:
list_concat: list_concat:
- - '6800-7300' - - '6800-7300'
- if: - if:
- dashboard_enabled - {get_param: CephEnableDashboard}
- - '9100' - - '9100'
- []
puppet_config: puppet_config:
config_image: '' config_image: ''
config_volume: '' config_volume: ''

36
deployment/cephadm/ceph-mgr.yaml
View File

@ -65,14 +65,12 @@ parameters:
certificate for this service certificate for this service
conditions: conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled: internal_tls_enabled:
and: and:
- dashboard_enabled - {get_param: CephEnableDashboard}
- equals: - {get_param: EnableInternalTLS}
- get_param: EnableInternalTLS key_size_override_set:
- true not: {equals: [{get_param: CephCertificateKeySize}, '']}
key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']}
resources: resources:
CephBase: CephBase:
@ -112,9 +110,8 @@ outputs:
list_concat: list_concat:
- - '6800-7300' - - '6800-7300'
- if: - if:
- dashboard_enabled - {get_param: CephEnableDashboard}
- - {get_param: CephDashboardPort} - - {get_param: CephDashboardPort}
- []
upgrade_tasks: [] upgrade_tasks: []
puppet_config: puppet_config:
config_image: '' config_image: ''
@ -133,26 +130,21 @@ outputs:
set_fact: set_fact:
ceph_dashboard_vars: ceph_dashboard_vars:
if: if:
- dashboard_enabled - {get_param: CephEnableDashboard}
- map_merge:
- if: - if:
- internal_tls_enabled - internal_tls_enabled
- - map_merge:
map_merge: - {get_attr: [CephMgrAnsibleVars, value, vars]}
- {get_attr: [CephMgrAnsibleVars, value, vars]} - tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
- tripleo_cephadm_dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt - tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
- tripleo_cephadm_dashboard_key: /etc/pki/tls/private/ceph_dashboard.key - tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true
- tripleo_cephadm_dashboard_grafana_api_no_ssl_verify: true
- {get_attr: [CephMgrAnsibleVars, value, vars]} - {get_attr: [CephMgrAnsibleVars, value, vars]}
- {}
metadata_settings: metadata_settings:
if: if:
- internal_tls_enabled - internal_tls_enabled
- - - service: ceph_dashboard
- service: ceph_dashboard
network: {get_param: [ServiceNetMap, CephDashboardNetwork]} network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
type: node type: node
- null
deploy_steps_tasks: deploy_steps_tasks:
- name: Certificate generation - name: Certificate generation
when: when:
@ -183,7 +175,7 @@ outputs:
fi fi
key_size: key_size:
if: if:
- key_size_override_unset - key_size_override_set
- {get_param: CertificateKeySize}
- {get_param: CephCertificateKeySize} - {get_param: CephCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa ca: ipa

1
deployment/cephadm/ceph-mon.yaml
View File

@ -71,7 +71,6 @@ outputs:
- if: - if:
- dashboard_enabled - dashboard_enabled
- - '9100' - - '9100'
- []
service_config_settings: service_config_settings:
collectd: collectd:
tripleo.collectd.plugins.ceph_osd: tripleo.collectd.plugins.ceph_osd:

27
deployment/cephadm/ceph-nfs.yaml
View File

@ -45,22 +45,6 @@ resources:
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
CephNfsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
tripleo_cephadm_ceph_nfs_enable_service: false
tripleo_cephadm_ceph_nfs_use_pacemaker: true
tripleo_cephadm_ceph_nfs_dynamic_exports: true
tripleo_cephadm_ceph_nfs_service_suffix: pacemaker
tripleo_cephadm_nfs_obj_gw: false
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_ceph_nfs_disable_caching: true
tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph NFS Ganesha service. description: Role data for the Ceph NFS Ganesha service.
@ -131,6 +115,15 @@ outputs:
block: block:
- name: set tripleo-ansible group vars - name: set tripleo-ansible group vars
set_fact: set_fact:
ceph_nfs_vars: {get_attr: [CephNfsAnsibleVars, value, vars]} ceph_nfs_vars:
tripleo_cephadm_ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
tripleo_cephadm_ceph_nfs_enable_service: false
tripleo_cephadm_ceph_nfs_use_pacemaker: true
tripleo_cephadm_ceph_nfs_dynamic_exports: true
tripleo_cephadm_ceph_nfs_service_suffix: pacemaker
tripleo_cephadm_nfs_obj_gw: false
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_ceph_nfs_disable_caching: true
tripleo_cephadm_ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
external_update_tasks: [] external_update_tasks: []
external_upgrade_tasks: [] external_upgrade_tasks: []

15
deployment/cephadm/ceph-osd.yaml
View File

@ -42,9 +42,6 @@ parameters:
default: false default: false
description: Parameter used to trigger the dashboard deployment. description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources: resources:
CephBase: CephBase:
type: ./ceph-base.yaml type: ./ceph-base.yaml
@ -56,13 +53,6 @@ resources:
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
CephOsdAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {get_param: CephAnsibleDisksConfig}
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph OSD service. description: Role data for the Ceph OSD service.
@ -74,9 +64,8 @@ outputs:
list_concat: list_concat:
- - '6800-7300' - - '6800-7300'
- if: - if:
- dashboard_enabled - {get_param: CephEnableDashboard}
- - '9100' - - '9100'
- []
service_config_settings: service_config_settings:
collectd: collectd:
tripleo.collectd.plugins.ceph_osd: tripleo.collectd.plugins.ceph_osd:
@ -97,4 +86,4 @@ outputs:
block: block:
- name: Build disk list for cephadm - name: Build disk list for cephadm
set_fact: set_fact:
cephadm_disk_list: {get_attr: [CephOsdAnsibleVars, value, vars]} cephadm_disk_list: {get_param: CephAnsibleDisksConfig}

12
deployment/cephadm/ceph-rbdmirror.yaml
View File

@ -54,18 +54,6 @@ parameters:
/etc/ceph/<remote_cluster>.client.<remote_user>.keyring /etc/ceph/<remote_cluster>.client.<remote_user>.keyring
type: string type: string
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph RBD Mirror service. description: Role data for the Ceph RBD Mirror service.

61
deployment/cephadm/ceph-rgw.yaml
View File

@ -57,9 +57,8 @@ parameters:
certificate for this service certificate for this service
conditions: conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} key_size_override_set:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} not: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
key_size_override_unset: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
resources: resources:
CephBase: CephBase:
@ -89,29 +88,6 @@ resources:
data: {get_param: [EndpointMap, CephRgwInternal]} data: {get_param: [EndpointMap, CephRgwInternal]}
expression: int($.data.port) expression: int($.data.port)
CephRgwConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
outputs: outputs:
role_data: role_data:
description: Role data for the Ceph RadosGW service. description: Role data for the Ceph RadosGW service.
@ -123,9 +99,8 @@ outputs:
list_concat: list_concat:
- - {get_param: [EndpointMap, CephRgwInternal, port]} - - {get_param: [EndpointMap, CephRgwInternal, port]}
- if: - if:
- dashboard_enabled - {get_param: CephEnableDashboard}
- - '9100' - - '9100'
- []
keystone_resources: keystone_resources:
swift: swift:
endpoints: endpoints:
@ -163,20 +138,34 @@ outputs:
set_fact: set_fact:
cephadm_rgw_vars: cephadm_rgw_vars:
if: if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- map_merge: - map_merge:
- {get_attr: [CephRgwAnsibleVars, value, vars]} - {get_attr: [CephRgwAnsibleVars, value, vars]}
- radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem' - radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem'
- {get_attr: [CephRgwAnsibleVars, value, vars]} - {get_attr: [CephRgwAnsibleVars, value, vars]}
ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]} ceph_rgw_config_overrides:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
metadata_settings: metadata_settings:
if: if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- - - service: ceph_rgw
- service: ceph_rgw
network: {get_param: [ServiceNetMap, CephRgwNetwork]} network: {get_param: [ServiceNetMap, CephRgwNetwork]}
type: node type: node
- null
deploy_steps_tasks: deploy_steps_tasks:
- name: Certificate generation - name: Certificate generation
when: when:
@ -212,7 +201,7 @@ outputs:
fi fi
key_size: key_size:
if: if:
- key_size_override_unset - key_size_override_set
- {get_param: CertificateKeySize}
- {get_param: CephRgwCertificateKeySize} - {get_param: CephRgwCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa ca: ipa