openstack/tripleo-heat-templates
Code Issues Proposed changes

Simplify ceph-ansible service templates

Browse Source 
Simplifies conditions and removes some unnecessary heat
resources.

Change-Id: If82b26e1c664906f28427fdfd0a0bb3e35425157
This commit is contained in:
ramishra 2021-04-09 12:07:45 +05:30
parent 17cfe61e0b
commit c5e2ecc5e5
11 changed files with 115 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
deployment/ceph-ansible/ceph-base.yaml
View File

@ -357,8 +357,6 @@ parameter_groups:
- CephOsdPercentageMin
conditions:
dashboard_is_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]}
custom_registry_host:
yaql:
data: {get_param: ContainerCephDaemonImage}
@ -394,8 +392,6 @@ conditions:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
ceph_ansible_client_disabled: {equals: [{get_param: CephAnsibleSkipClient}, true]}
resources:
ContainerImageUrlParts:
@ -424,17 +420,6 @@ resources:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
MsgrSecureModeOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
DefaultCephConfigOverrides:
type: OS::Heat::Value
properties:
@ -489,34 +474,6 @@ resources:
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
CephManilaPoolVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
CephKeyVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
CephBaseAnsibleVars:
type: OS::Heat::Value
properties:
@ -619,16 +576,31 @@ outputs:
- name: set tripleo-ceph-prepare facts
set_fact:
ceph_pools: {get_attr: [CephBasePoolVars, value, vars]}
manila_pools: {get_attr: [CephManilaPoolVars, value, vars]}
ceph_keys: {get_attr: [CephKeyVars, value, vars]}
manila_pools:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
ceph_keys:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
ceph_default_overrides:
if:
- msgr_secure_mode
- yaql:
expression: ($.data.default).mergeWith($.data.secure)
data:
default: {get_attr: [DefaultCephConfigOverrides, value, vars]}
secure: {get_attr: [MsgrSecureModeOverrides, value, vars]}
- {get_param: CephMsgrSecureMode}
- map_merge:
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
- global:
ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
ceph_config_overrides: {get_param: CephConfigOverrides}
- name: set ceph-ansible facts
@ -636,17 +608,15 @@ outputs:
blacklisted_hostnames: {get_param: DeploymentServerBlacklist}
ceph_ansible_group_vars_all:
if:
- dashboard_is_enabled
- {get_param: CephEnableDashboard}
- map_merge:
- if:
- internal_tls_enabled
-
dashboard_tls_external: true
- {get_param: EnableInternalTLS}
- dashboard_tls_external: true
dashboard_grafana_api_no_ssl_verify: true
- {}
- {get_attr: [CephBaseAnsibleVars, value, vars]}
- dashboard_admin_password: {get_param: CephDashboardAdminPassword}
- grafana_admin_password: {get_param: CephGrafanaAdminPassword}
grafana_admin_password: {get_param: CephGrafanaAdminPassword}
- {get_attr: [CephBaseAnsibleVars, value, vars]}
ceph_ansible_extra_vars:
map_merge:
@ -679,22 +649,20 @@ outputs:
block:
- name: set ceph-ansible facts
set_fact:
map_merge:
- if:
- ceph_ansible_client_disabled
-
ceph_ansible_skip_tags:
list_join:
- ','
- - get_param: CephAnsibleSkipTags
- - 'ceph_client'
- ceph_ansible_skip_tags: {get_param: CephAnsibleSkipTags}
- ceph_ansible_playbook_verbosity: {get_param: CephAnsiblePlaybookVerbosity}
- ceph_ansible_playbooks_param: {get_param: CephAnsiblePlaybook}
- ceph_ansible_environment_variables:
yaql:
data: {get_param: CephAnsibleEnvironmentVariables}
expression: $.data.items().select($.join('='))
ceph_ansible_skip_tags:
if:
- {get_param: CephAnsibleSkipClient}
- list_join:
- ','
- - get_param: CephAnsibleSkipTags
- 'ceph_client'
- {get_param: CephAnsibleSkipTags}
ceph_ansible_playbook_verbosity: {get_param: CephAnsiblePlaybookVerbosity}
ceph_ansible_playbooks_param: {get_param: CephAnsiblePlaybook}
ceph_ansible_environment_variables:
yaql:
data: {get_param: CephAnsibleEnvironmentVariables}
expression: $.data.items().select($.join('='))
- name: Refresh ceph-ansible group_vars variables
include_role:
name: tripleo_ceph_work_dir

22
deployment/ceph-ansible/ceph-client.yaml
View File

@ -38,22 +38,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephClientAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
CephClientConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
client:
rbd_concurrent_management_ops: 20
outputs:
role_data:
description: Role data for the Ceph Client service.
@ -77,8 +61,10 @@ outputs:
block:
- name: set ceph-ansible group vars clients
set_fact:
ceph_ansible_group_vars_clients: {get_attr: [CephClientAnsibleVars, value, vars]}
ceph_client_config_overrides: {get_attr: [CephClientConfigOverrides, value, vars]}
ceph_ansible_group_vars_clients: {}
ceph_client_config_overrides:
client:
rbd_concurrent_management_ops: 20
- name: generate ceph-ansible group vars clients
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/clients.yml"

11
deployment/ceph-ansible/ceph-external.yaml
View File

@ -42,14 +42,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephExternalAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
outputs:
role_data:
description: Role data for the Ceph External service.
@ -74,7 +66,8 @@ outputs:
block:
- name: set ceph-ansible group vars clients
set_fact:
ceph_ansible_group_vars_clients: {get_attr: [CephExternalAnsibleVars, value, vars]}
ceph_ansible_group_vars_clients:
external_cluster_mon_ips: {get_param: CephExternalMonHost}
- name: generate ceph-ansible group vars clients
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/clients.yml"

29
deployment/ceph-ansible/ceph-grafana.yaml
View File

@ -72,8 +72,8 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: GrafanaCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: GrafanaCertificateKeySize}, '']}
resources:
CephBase:
@ -135,16 +135,11 @@ outputs:
set_fact:
ceph_ansible_group_vars_grafana:
if:
- internal_tls_enabled
- yaql:
data:
default:
map_merge:
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
certmap:
grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
expression: $.data.default.mergeWith($.data.certmap)
- {get_param: EnableInternalTLS}
- map_merge:
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
- grafana_crt: '/etc/pki/tls/certs/ceph_grafana.crt'
grafana_key: '/etc/pki/tls/private/ceph_grafana.key'
- {get_attr: [CephGrafanaAnsibleVars, value, vars]}
- name: generate ceph-ansible grafana-server group vars
copy:
@ -154,12 +149,10 @@ outputs:
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_grafana
- {get_param: EnableInternalTLS}
- - service: ceph_grafana
network: {get_param: [ServiceNetMap, CephGrafanaNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -190,7 +183,7 @@ outputs:
fi
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: GrafanaCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa

14
deployment/ceph-ansible/ceph-mds.yaml
View File

@ -32,9 +32,6 @@ parameters:
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
@ -45,13 +42,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephMdsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
outputs:
role_data:
description: Role data for the Ceph Metadata service.
@ -63,7 +53,7 @@ outputs:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
upgrade_tasks: {get_attr: [CephBase, role_data, upgrade_tasks]}
@ -85,7 +75,7 @@ outputs:
block:
- name: set ceph-ansible group vars mdss
set_fact:
ceph_ansible_group_vars_mdss: {get_attr: [CephMdsAnsibleVars, value, vars]}
ceph_ansible_group_vars_mdss: {}
- name: generate ceph-ansible group vars mdss
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/mdss.yml"

30
deployment/ceph-ansible/ceph-mgr.yaml
View File

@ -58,14 +58,12 @@ parameters:
certificate for this service
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled:
and:
- dashboard_enabled
- equals:
- get_param: EnableInternalTLS
- true
key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']}
- {get_param: CephEnableDashboard}
- {get_param: EnableInternalTLS}
key_size_override_set:
not: {equals: [{get_param: CephCertificateKeySize}, '']}
resources:
CephBase:
@ -108,9 +106,8 @@ outputs:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - {get_param: CephDashboardPort}
- []
upgrade_tasks: []
puppet_config:
config_image: ''
@ -132,11 +129,10 @@ outputs:
ceph_ansible_group_vars_mgrs:
if:
- internal_tls_enabled
-
map_merge:
- map_merge:
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
- dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
- {get_attr: [CephMgrAnsibleVars, value, vars]}
- name: generate ceph-ansible group vars mgrs
copy:
@ -147,16 +143,13 @@ outputs:
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_dashboard
- - service: ceph_dashboard
network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
type: node
- null
deploy_steps_tasks:
if:
- internal_tls_enabled
-
- name: Certificate generation
- - name: Certificate generation
when: step|int == 1
block:
- include_role:
@ -183,8 +176,7 @@ outputs:
fi
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: CephCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
- null

15
deployment/ceph-ansible/ceph-mon.yaml
View File

@ -49,9 +49,6 @@ parameters:
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
@ -62,13 +59,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephMonAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
outputs:
role_data:
description: Role data for the Ceph Monitor service.
@ -81,9 +71,8 @@ outputs:
- - 6789
- - 3300
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
service_config_settings:
collectd:
tripleo.collectd.plugins.ceph_osd:
@ -108,7 +97,7 @@ outputs:
block:
- name: set ceph-ansible group vars mons
set_fact:
ceph_ansible_group_vars_mons: {get_attr: [CephMonAnsibleVars, value, vars]}
ceph_ansible_group_vars_mons: {}
- name: generate ceph-ansible group vars mons
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/mons.yml"

27
deployment/ceph-ansible/ceph-nfs.yaml
View File

@ -41,22 +41,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephNfsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
ceph_nfs_enable_service: false
ceph_nfs_use_pacemaker: true
ceph_nfs_dynamic_exports: true
ceph_nfs_service_suffix: pacemaker
nfs_obj_gw: false
ceph_nfs_rados_backend: true
ceph_nfs_disable_caching: true
ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
outputs:
role_data:
description: Role data for the Ceph NFS Ganesha service.
@ -129,7 +113,16 @@ outputs:
block:
- name: set ceph-ansible group vars nfss
set_fact:
ceph_ansible_group_vars_nfss: {get_attr: [CephNfsAnsibleVars, value, vars]}
ceph_ansible_group_vars_nfss:
ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
ceph_nfs_enable_service: false
ceph_nfs_use_pacemaker: true
ceph_nfs_dynamic_exports: true
ceph_nfs_service_suffix: pacemaker
nfs_obj_gw: false
ceph_nfs_rados_backend: true
ceph_nfs_disable_caching: true
ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
- name: generate ceph-ansible group vars nfss
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml"

15
deployment/ceph-ansible/ceph-osd.yaml
View File

@ -39,9 +39,6 @@ parameters:
default: false
description: Parameter used to trigger the dashboard deployment.
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
resources:
CephBase:
type: ./ceph-base.yaml
@ -52,13 +49,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephOsdAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars: {get_param: CephAnsibleDisksConfig}
outputs:
role_data:
description: Role data for the Ceph OSD service.
@ -70,9 +60,8 @@ outputs:
list_concat:
- - '6800-7300'
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
service_config_settings:
collectd:
tripleo.collectd.plugins.ceph_osd:
@ -142,7 +131,7 @@ outputs:
block:
- name: set ceph-ansible group vars osds
set_fact:
ceph_ansible_group_vars_osds: {get_attr: [CephOsdAnsibleVars, value, vars]}
ceph_ansible_group_vars_osds: {get_param: CephAnsibleDisksConfig}
- name: generate ceph-ansible group vars osds
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/osds.yml"

19
deployment/ceph-ansible/ceph-rbdmirror.yaml
View File

@ -61,18 +61,6 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephRbdMirrorAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
copy_admin_key: {get_param: CephRbdMirrorCopyAdminKey}
ceph_rbd_mirror_configure: {get_param: CephRbdMirrorConfigure}
ceph_rbd_mirror_pool: {get_param: CephRbdMirrorPool}
ceph_rbd_mirror_remote_cluster: {get_param: CephRbdMirrorRemoteCluster}
ceph_rbd_mirror_remote_user: {get_param: CephRbdMirrorRemoteUser}
outputs:
role_data:
description: Role data for the Ceph RBD Mirror service.
@ -100,7 +88,12 @@ outputs:
block:
- name: set ceph-ansible group vars rbdmirrors
set_fact:
ceph_ansible_group_vars_rbdmirrors: {get_attr: [CephRbdMirrorAnsibleVars, value, vars]}
ceph_ansible_group_vars_rbdmirrors:
copy_admin_key: {get_param: CephRbdMirrorCopyAdminKey}
ceph_rbd_mirror_configure: {get_param: CephRbdMirrorConfigure}
ceph_rbd_mirror_pool: {get_param: CephRbdMirrorPool}
ceph_rbd_mirror_remote_cluster: {get_param: CephRbdMirrorRemoteCluster}
ceph_rbd_mirror_remote_user: {get_param: CephRbdMirrorRemoteUser}
- name: generate ceph-ansible group vars rbdmirrors
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/rbdmirrors.yml"

59
deployment/ceph-ansible/ceph-rgw.yaml
View File

@ -54,9 +54,8 @@ parameters:
certificate for this service
conditions:
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
resources:
CephBase:
@ -82,28 +81,6 @@ resources:
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]
radosgw_frontend_port: {get_param: [EndpointMap, CephRgwInternal, port]}
CephRgwConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
outputs:
role_data:
description: Role data for the Ceph RadosGW service.
@ -115,9 +92,8 @@ outputs:
list_concat:
- - {get_param: [EndpointMap, CephRgwInternal, port]}
- if:
- dashboard_enabled
- {get_param: CephEnableDashboard}
- - '9100'
- []
keystone_resources:
swift:
endpoints:
@ -153,12 +129,27 @@ outputs:
set_fact:
ceph_ansible_group_vars_rgws:
if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- map_merge:
- {get_attr: [CephRgwAnsibleVars, value, vars]}
- radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem'
- {get_attr: [CephRgwAnsibleVars, value, vars]}
ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]}
ceph_rgw_config_overrides:
global:
rgw_keystone_api_version: 3
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
rgw_keystone_accepted_roles: 'member, Member, admin'
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
rgw_keystone_admin_domain: default
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_admin_password: {get_param: SwiftPassword}
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
rgw_swift_account_in_url: 'true'
rgw_trust_forwarded_https: 'true'
- name: generate ceph-ansible group vars rgws
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/rgws.yml"
@ -167,12 +158,10 @@ outputs:
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
metadata_settings:
if:
- internal_tls_enabled
-
- service: ceph_rgw
- {get_param: EnableInternalTLS}
- - service: ceph_rgw
network: {get_param: [ServiceNetMap, CephRgwNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -208,7 +197,7 @@ outputs:
fi
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: CephRgwCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa