openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Let mds create manila key and fs 

ceph-ansible will take care of setting up client keys both
in ceph and on client side. It will also create filesystem
for manila. To assure that manila manifest can work in future
both with puppet and with ceph-ansible, creation of filesystem
is moved to ceph-mds manifest and creation of manila key on ceph
side is moved to ceph-base (so manila key is always created),
manila key is added to ceph-external for external ceph deployments.
Key creation is removed from manila.pp in patch
I2b5567a39ac8737e80758b705818cc1807dc8bf1

Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68
Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
This commit is contained in:
Jan Provaznik 2017-07-11 12:10:45 +02:00
parent 9436d87e7e
commit ad8589212c
9 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/services/ceph-ansible/ceph-base.yaml
View File

@ -78,7 +78,7 @@ parameters:
default: vms
type: string
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:

2
docker/services/nova-libvirt.yaml
View File

@ -61,7 +61,7 @@ parameters:
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:

2
environments/storage/external-ceph.yaml
View File

@ -13,7 +13,7 @@ parameter_defaults:
# Type: string
CephAdminKey: ''
# The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
# The Ceph client key. Can be created with ceph-authtool --gen-print-key.
# Mandatory. This parameter must be set by the user.
# Type: string
CephClientKey: <None>

18
puppet/services/ceph-base.yaml
View File

@ -11,7 +11,7 @@ parameters:
type: string
hidden: true
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@ -61,6 +61,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ManilaCephFSNativeCephFSAuthId:
type: string
default: 'manila'
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
@ -133,6 +141,14 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
MANILA_CLIENT_KEY:
mode: '0644'
secret: {get_param: CephManilaClientKey}
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
cap_mds: 'allow *'
cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
MANILA_CLIENT_KEY:
list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]

18
puppet/services/ceph-external.yaml
View File

@ -5,7 +5,7 @@ description: >
parameters:
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@ -68,6 +68,14 @@ parameters:
image. Only applies to format 2 images. Set to '1' for Jewel
clients using older Ceph servers.
type: string
ManilaCephFSNativeCephFSAuthId:
type: string
default: 'manila'
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
outputs:
role_data:
@ -94,9 +102,17 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
MANILA_CLIENT_KEY:
mode: '0644'
secret: {get_param: CephManilaClientKey}
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
cap_mds: 'allow *'
cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
MANILA_CLIENT_KEY:
list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
ceph::profile::params::manage_repo: false
# FIXME(gfidente): we should not have to list the packages explicitly in
# the templates, but this should stay until the following is fixed:

12
puppet/services/ceph-mds.yaml
View File

@ -35,6 +35,15 @@ parameters:
with ceph-authtool --gen-print-key.
type: string
hidden: true
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
ManilaCephFSNativeShareBackendName:
default: cephfs
type: string
resources:
CephBase:
@ -60,5 +69,8 @@ outputs:
'112 ceph_mds':
dport:
- '6800-7300'
ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config: |
include ::tripleo::profile::base::ceph::mds

9
puppet/services/manila-backend-cephfs.yaml
View File

@ -52,12 +52,6 @@ parameters:
ManilaCephFSNativeCephFSEnableSnapshots:
type: boolean
default: false
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
# (jprovazn) default value is set to assure this templates works with an
# external ceph too (user/key is created only when ceph is deployed by
# TripleO)
@ -81,7 +75,4 @@ outputs:
manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey}
ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config:

2
puppet/services/nova-compute.yaml
View File

@ -37,7 +37,7 @@ parameters:
default: openstack
type: string
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:

2
puppet/services/nova-libvirt.yaml
View File

@ -34,7 +34,7 @@ parameters:
default: openstack
type: string
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID: