openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Add support for ceph-nfs manila backend 

If ceph-nfs (ganesha) service is enabled, it's set up by ceph-ansible
and it can be used as a manila backend. Manila can be configured to use
ceph either directly (manila-cephfsnative-config-docker.yaml env file)
or through ganesha (environments/manila-cephfganesha-config-docker.yaml
env file).

Change-Id: Ib408c7827e5fba0c1b01388db26363806fc64370
Partially-Implements: blueprint nfs-ganesha
This commit is contained in:
Jan Provaznik 2017-10-16 10:10:43 +02:00 committed by Tom Barron
parent bf1678ef46
commit 96b82d149e
9 changed files with 304 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
docker/services/ceph-ansible/ceph-nfs.yaml Normal file
View File

@ -0,0 +1,76 @@
heat_template_version: pike
description: >
Ceph NFS Ganeshaservice.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ceph NFS Ganesha service.
value:
service_name: ceph_nfs
upgrade_tasks: []
step_config: 'include ::tripleo::profile::pacemaker::ceph_nfs'
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
# step_config seems to be ignored if docker_config is present
#docker_config: {}
config_settings:
map_merge:
- tripleo.ceph_nfs.firewall_rules:
'120 ceph_nfs':
dport:
# FIXME
- 2049
- 20048
- 38468
- 4501
- ceph_nfs_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- ceph_nfs_enable_service: false
- ceph_nfs_use_pacemaker: true
- ceph_nfs_dynamic_exports: true
- ceph_nfs_service_suffix: pacemaker
- nfs_obj_gw: false
- ceph_nfs_rados_backend: true

2
docker/services/pacemaker/manila-share.yaml
View File

@ -149,7 +149,7 @@ outputs:
list_concat:
- - '/docker_puppet_apply.sh'
- '5'
- 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
- 'pacemaker_constraint,file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
- if:
- puppet_debug_enabled

24
environments/manila-cephfsganesha-config-docker.yaml Normal file
View File

@ -0,0 +1,24 @@
# A Heat environment file which can be used to enable a
# a Manila CephFS-NFS driver backend.
resource_registry:
OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml
OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml
# Only manila-share is pacemaker managed:
OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml
# ceph-nfs (ganesha) service is installed and configured by ceph-ansible
# but it's still managed by pacemaker
OS::TripleO::Services::CephNfs: ../docker/services/ceph-ansible/ceph-nfs.yaml
parameter_defaults:
ManilaCephFSBackendName: cephfs
ManilaCephFSDriverHandlesShareServers: false
ManilaCephFSCephFSConfPath: '/etc/ceph/ceph.conf'
ManilaCephFSCephFSAuthId: 'manila'
ManilaCephFSCephFSClusterName: 'ceph'
ManilaCephFSCephFSEnableSnapshots: false
# manila cephfs driver supports either native cephfs backend - 'CEPHFS'
# (users mount shares directly from ceph cluster), or nfs-ganesha backend -
# 'NFS' (users mount shares through nfs-ganesha server)
ManilaCephFSCephFSProtocolHelperType: 'NFS'

16
environments/manila-cephfsnative-config-docker.yaml
View File

@ -12,9 +12,13 @@ resource_registry:
parameter_defaults:
ManilaCephFSNativeBackendName: cephfsnative
ManilaCephFSNativeDriverHandlesShareServers: false
ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf'
ManilaCephFSNativeCephFSAuthId: 'manila'
ManilaCephFSNativeCephFSClusterName: 'ceph'
ManilaCephFSNativeCephFSEnableSnapshots: false
ManilaCephFSBackendName: cephfs
ManilaCephFSDriverHandlesShareServers: false
ManilaCephFSCephFSConfPath: '/etc/ceph/ceph.conf'
ManilaCephFSCephFSAuthId: 'manila'
ManilaCephFSCephFSClusterName: 'ceph'
ManilaCephFSCephFSEnableSnapshots: false
# manila cephfs driver supports either native cephfs backend - 'CEPHFS'
# (users mount shares directly from ceph cluster), or nfs-ganesha backend -
# 'NFS' (users mount shares through nfs-ganesha server)
ManilaCephFSCephFSProtocolHelperType: 'CEPHFS'

1
overcloud-resource-registry-puppet.j2.yaml
View File

@ -122,6 +122,7 @@ resource_registry:
OS::TripleO::Services::CephRgw: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::CephClient: OS::Heat::None
OS::TripleO::Services::CephNfs: OS::Heat::None
OS::TripleO::Services::CephExternal: OS::Heat::None
OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml
OS::TripleO::Services::CinderBackup: OS::Heat::None

7
puppet/all-nodes-config.j2.yaml
View File

@ -188,7 +188,9 @@ resources:
network_virtual_ips:
{% set count = 1 %}
{%- for network in networks if network.vip|default(false) %}
{%- if network.name != 'External' %}
# External virtual ip is currently being handled separately as public_virtual_ip.
# Likewise, optional StorageNFS virtual ip is handled separately as ganesha_vip.
{%- if network.name != 'External' and network.name != 'StorageNFS' %}
{{network.name_lower}}:
ip_address: {get_param: [NetVipMap, {get_param: {{network.name}}NetName}]}
index: {{count}}
@ -196,6 +198,9 @@ resources:
{%- endif %}
{%- endfor %}
redis_vip: {get_param: RedisVirtualIP}
{%- for network in networks if network.name == 'StorageNFS' %}
ganesha_vip: {get_param: [NetVipMap, {get_param: StorageNFSNetName}]}
{%- endfor %}
# public_virtual_ip and controller_virtual_ip are needed in
# both HAproxy & keepalived.
tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]}

38
puppet/services/manila-backend-cephfs.yaml
View File

@ -30,28 +30,31 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
# CephFS Native backend params:
ManilaCephFSNativeBackendName:
# CephFS backend params:
ManilaCephFSBackendName:
type: string
default: cephfsnative
ManilaCephFSNativeDriverHandlesShareServers:
default: cephfs
ManilaCephFSDriverHandlesShareServers:
type: boolean
default: false
ManilaCephFSNativeShareBackendName:
ManilaCephFSShareBackendName:
type: string
default: 'cephfs'
ManilaCephFSNativeCephFSConfPath:
ManilaCephFSCephFSConfPath:
type: string
default: '/etc/ceph/ceph.conf'
ManilaCephFSNativeCephFSAuthId:
ManilaCephFSCephFSAuthId:
type: string
default: 'manila'
ManilaCephFSNativeCephFSClusterName:
ManilaCephFSCephFSClusterName:
type: string
default: 'ceph'
ManilaCephFSNativeCephFSEnableSnapshots:
ManilaCephFSCephFSEnableSnapshots:
type: boolean
default: false
ManilaCephFSCephFSProtocolHelperType:
default: CEPHFS
type: string
# (jprovazn) default value is set to assure this templates works with an
# external ceph too (user/key is created only when ceph is deployed by
# TripleO)
@ -67,12 +70,13 @@ outputs:
value:
service_name: manila_backend_cephfs
config_settings:
manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName}
manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers}
manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName}
manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath}
manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId}
manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey}
manila::backend::cephfs::title: {get_param: ManilaCephFSBackendName}
manila::backend::cephfs::driver_handles_share_servers: {get_param: ManilaCephFSDriverHandlesShareServers}
manila::backend::cephfs::share_backend_name: {get_param: ManilaCephFSShareBackendName}
manila::backend::cephfs::cephfs_conf_path: {get_param: ManilaCephFSCephFSConfPath}
manila::backend::cephfs::cephfs_auth_id: {get_param: ManilaCephFSCephFSAuthId}
manila::backend::cephfs::cephfs_cluster_name: {get_param: ManilaCephFSCephFSClusterName}
manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots}
manila::backend::cephfs::ceph_client_key: {get_param: CephManilaClientKey}
manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType}
step_config:

158
roles/ControllerStorageNfs.yaml Normal file
View File

@ -0,0 +1,158 @@
###############################################################################
# Role: Controller #
###############################################################################
- name: Controller
description: |
Controller role that has all the controler services loaded and handles
Database, Messaging and Network functions.
CountDefault: 1
tags:
- primary
- controller
networks:
- External
- InternalApi
- Storage
- StorageMgmt
- StorageNFS
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
# Deprecated & backward-compatible values (FIXME: Make parameters consistent)
# Set uses_deprecated_params to True if any deprecated params are used.
uses_deprecated_params: True
deprecated_param_extraconfig: 'controllerExtraConfig'
deprecated_param_flavor: 'OvercloudControlFlavor'
deprecated_param_image: 'controllerImage'
ServicesDefault:
- OS::TripleO::Services::Aide
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::AodhNotifier
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::BarbicanBackendSimpleCrypto
- OS::TripleO::Services::BarbicanBackendDogtag
- OS::TripleO::Services::BarbicanBackendKmip
- OS::TripleO::Services::BarbicanBackendPkcs11Crypto
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMgr
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephNfs
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendDellEMCUnity
- OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::Clustercheck
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Etcd
- OS::TripleO::Services::ExternalSwiftProxy
- OS::TripleO::Services::Fluentd
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::Horizon
- OS::TripleO::Services::Ipsec
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::LoginDefs
- OS::TripleO::Services::ManilaApi
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
- OS::TripleO::Services::ManilaBackendVNX
- OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaScheduler
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronBgpVpnApi
- OS::TripleO::Services::NeutronSfcApi
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- OS::TripleO::Services::NeutronML2FujitsuCfab
- OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaDeploymentConfig
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::Redis
- OS::TripleO::Services::Rhsm
- OS::TripleO::Services::RsyslogSidecar
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::SkydiveAgent
- OS::TripleO::Services::SkydiveAnalyzer
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftDispersion
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Tacker
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::Zaqar

8
tools/yaml-validate.py
View File

@ -51,7 +51,7 @@ OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
'global_config_settings', 'logging_source',
'logging_groups', 'external_deploy_tasks',
'external_post_deploy_tasks',
'docker_config_scripts']
'docker_config_scripts', 'step_config']
REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',
'config_image']
OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ]
@ -440,6 +440,12 @@ def validate_docker_service(filename, tpl):
for section_name in REQUIRED_DOCKER_SECTIONS:
if section_name not in role_data:
# add an exception if both step_config is used in docker
# service, docker/services/ceph-ansible/ceph-nfs.yaml uses
# additional step_config to add pacemaker resources
if (section_name == 'docker_config' and
role_data.get('step_config', '')):
continue
print('ERROR: %s is required in role_data for %s.'
% (section_name, filename))
return 1