Use Ceph-NFS for Manila in scenario004

CephFS gatewayed by NFS is more generally suitable for multi-tenant
OpenStack deployments than native CephFS since the latter requires
that VMs belonging to regular members of Keystone projects be exposed
to the Ceph infrastructure and run client software with capabilities
that are not appropriate for untrusted cloud tenants.

Change-Id: I269607d43f45f65efcbce33dd776e7eb4f475311
(cherry picked from commit 63c5a94f83)
(cherry picked from commit 7c2933d3b4)
(cherry picked from commit d9414af719)
(cherry picked from commit e038ecd2e8)
(cherry picked from commit 051a367ae3)
This commit is contained in:
Tom Barron 2021-01-08 09:54:55 -05:00
parent e977184d3d
commit adca6772c4
2 changed files with 108 additions and 0 deletions

View File

@ -0,0 +1,106 @@
resource_registry:
OS::TripleO::Services::CinderApi: OS::Heat::None
OS::TripleO::Services::CinderScheduler: OS::Heat::None
OS::TripleO::Services::CinderVolume: OS::Heat::None
OS::TripleO::Services::Redis: OS::Heat::None
OS::TripleO::Services::Horizon: OS::Heat::None
OS::TripleO::Services::CephMgr: ../../deployment/ceph-ansible/ceph-mgr.yaml
OS::TripleO::Services::CephMon: ../../deployment/ceph-ansible/ceph-mon.yaml
OS::TripleO::Services::CephOSD: ../../deployment/ceph-ansible/ceph-osd.yaml
OS::TripleO::Services::CephMds: ../../deployment/ceph-ansible/ceph-mds.yaml
OS::TripleO::Services::CephNfs: ../../deployment/ceph-ansible/ceph-nfs.yaml
OS::TripleO::Services::CephRgw: ../../deployment/ceph-ansible/ceph-rgw.yaml
OS::TripleO::Services::CephClient: ../../deployment/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
OS::TripleO::Services::ManilaApi: ../../deployment/manila/manila-api-container-puppet.yaml
OS::TripleO::Services::ManilaScheduler: ../../deployment/manila/manila-scheduler-container-puppet.yaml
OS::TripleO::Services::ManilaShare: ../../deployment/manila/manila-share-pacemaker-puppet.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../../deployment/manila/manila-backend-cephfs.yaml
OS::TripleO::Services::OsloMessagingRpc: ../../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
OS::TripleO::Services::HAproxy: ../../deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
OS::TripleO::Services::Clustercheck: ../../deployment/pacemaker/clustercheck-container-puppet.yaml
OS::TripleO::Services::MySQL: ../../deployment/database/mysql-pacemaker-puppet.yaml
OS::TripleO::Services::Keepalived: OS::Heat::None
# NOTE(mmagr): We need to disable Sensu client deployment for now as the container health check is based
# on successful RabbitMQ connection, which does not happen in this case. We can enable it again when we
# will implement default connection to overcloud RabbitMQ instance,
#OS::TripleO::Services::SensuClient: ../../deployment/deprecated/monitoring/sensu-client-container-puppet.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
parameter_defaults:
ManagePolling: true
Debug: true
CephAnsibleDisksConfig:
osd_objectstore: bluestore
osd_scenario: lvm
lvm_volumes:
- data: ceph_lv_data
data_vg: ceph_vg
db: ceph_lv_db
db_vg: ceph_vg
wal: ceph_lv_wal
wal_vg: ceph_vg
CephPoolDefaultPgNum: 32
CephPoolDefaultSize: 1
CephAnsibleExtraConfig:
centos_package_dependencies: []
ceph_osd_docker_memory_limit: '1g'
ceph_mds_docker_memory_limit: '1g'
mon_host_v1: { 'enabled': False }
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephAnsiblePlaybookVerbosity: 1
CephAnsibleEnvironmentVariables:
ANSIBLE_SSH_RETRIES: '4'
DEFAULT_FORKS: '3'
ManilaCephFSDataPoolPGNum: 16
ManilaCephFSMetadataPoolPGNum: 16
NovaEnableRbdBackend: true
GlanceBackend: rbd
GnocchiBackend: rbd
GnocchiArchivePolicy: 'high'
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
CollectdExtraPlugins:
- rrdtool
LoggingServers:
- host: 127.0.0.1
port: 24224
MonitoringRabbitHost: 127.0.0.1
MonitoringRabbitPort: 5676
MonitoringRabbitPassword: sensu
TtyValues:
- console
- tty1
- tty2
- tty3
- tty4
- tty5
- tty6
# Remove ContainerCli once this scenario is tested on CentOS8
ContainerCli: docker
CephConfigOverrides:
globalkey: globalvalue
ManilaCephFSCephFSProtocolHelperType: 'NFS'
# Workaround for https://bugs.launchpad.net/tripleo/+bug/1911022
ExtraConfig:
ganesha_vip: 192.168.24.3

View File

@ -16,6 +16,7 @@
- InternalApi
- Storage
- StorageMgmt
- StorageNFS
- Tenant
disable_constraints: True
ServicesDefault:
@ -38,6 +39,7 @@
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMgr
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephNfs
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
- OS::TripleO::Services::CephOSD