diff --git a/deployment/glance/glance-api-container-puppet.yaml b/deployment/glance/glance-api-container-puppet.yaml index 2f44281392..2f415c82ba 100644 --- a/deployment/glance/glance-api-container-puppet.yaml +++ b/deployment/glance/glance-api-container-puppet.yaml @@ -120,7 +120,15 @@ parameters: type: string NovaEnableRbdBackend: default: false - description: Whether to enable or not the Rbd backend for Nova + description: Whether to enable the Rbd backend for Nova ephemeral storage. + type: boolean + tags: + - role_specific + GlanceShowMultipleLocations: + default: false + description: | + Whether to show multiple image locations e.g for copy-on-write support on + RBD or Netapp backends. Potential security risk, see glance.conf for more information. type: boolean GlanceImageImportPlugins: default: [] @@ -253,6 +261,10 @@ conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} cinder_backend_enabled: {equals: [{get_param: GlanceBackend}, cinder]} rbd_backend_enabled: {equals: [{get_param: GlanceBackend}, rbd]} + enable_image_conversion: + and: + - equals: [{get_param: GlanceBackend}, rbd] + - equals: [{get_param: NovaEnableRbdBackend}, true] use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']} service_debug_unset: {equals : [{get_param: GlanceDebug}, '']} @@ -260,8 +272,10 @@ conditions: glance_cache_enabled: {equals : [{get_param: GlanceCacheEnabled}, true]} glance_multiple_locations: or: + - {equals : [{get_param: GlanceShowMultipleLocations}, true]} - glance_netapp_nfs_enabled - and: + # Keep this for compat, but ignore NovaEnableRbdBackend if it's a role param - equals: - get_param: GlanceBackend - rbd @@ -345,7 +359,7 @@ outputs: glance::api::node_staging_uri: {get_param: GlanceNodeStagingUri} glance::api::image_import_plugins: if: - - rbd_backend_enabled + - enable_image_conversion - list_concat_unique: - {get_param: GlanceImageImportPlugins} - ['image_conversion'] diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml index 6d90d9b90b..cae69f23bb 100644 --- a/deployment/nova/nova-compute-container-puppet.yaml +++ b/deployment/nova/nova-compute-container-puppet.yaml @@ -124,8 +124,10 @@ parameters: type: boolean NovaEnableRbdBackend: default: false - description: Whether to enable or not the Rbd backend for Nova + description: Whether to enable the Rbd backend for Nova ephemeral storage. type: boolean + tags: + - role_specific NovaComputeLibvirtVifDriver: default: '' description: Libvirt VIF driver configuration for the network @@ -364,6 +366,7 @@ resources: nfs_options: NovaNfsOptions nfs_vers: NovaNfsVersion nova::compute::libvirt::num_pcie_ports: NovaLibvirtNumPciePorts + nova::compute::rbd::ephemeral_storage: NovaEnableRbdBackend - values: {get_param: [RoleParameters]} - values: NovaVcpuPinSet: {get_param: NovaVcpuPinSet} @@ -384,6 +387,7 @@ resources: NovaNfsOptions: {get_param: NovaNfsOptions} NovaNfsVersion: {get_param: NovaNfsVersion} NovaLibvirtNumPciePorts: {get_param: NovaLibvirtNumPciePorts} + NovaEnableRbdBackend: {get_param: NovaEnableRbdBackend} conditions: enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]} @@ -394,7 +398,10 @@ conditions: - equals: [{get_param: NovaNfsEnabled}, true] - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, ''] - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true] - - equals: [{get_param: NovaEnableRbdBackend}, true] + - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true] + - and: + - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, ''] + - equals: [{get_param: NovaEnableRbdBackend}, true] libvirt_file_backed_memory_enabled: not: diff --git a/deployment/nova/nova-libvirt-container-puppet.yaml b/deployment/nova/nova-libvirt-container-puppet.yaml index 0b07c56685..cb5a55cdde 100644 --- a/deployment/nova/nova-libvirt-container-puppet.yaml +++ b/deployment/nova/nova-libvirt-container-puppet.yaml @@ -53,8 +53,10 @@ parameters: relevant keys for libvirt. NovaEnableRbdBackend: default: false - description: Whether to enable or not the Rbd backend for Nova + description: Whether to enable the Rbd backend for Nova ephemeral storage. type: boolean + tags: + - role_specific CinderEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Cinder @@ -229,12 +231,19 @@ conditions: need_libvirt_secret: or: - - equals: - - {get_param: NovaEnableRbdBackend} - - true - - equals: - - {get_param: CinderEnableRbdBackend} - - true + - equals: + - {get_param: [RoleParameters, NovaEnableRbdBackend]} + - true + - and: + - equals: + - {get_param: [RoleParameters, NovaEnableRbdBackend]} + - '' + - equals: + - {get_param: NovaEnableRbdBackend} + - true + - equals: + - {get_param: CinderEnableRbdBackend} + - true use_tls_for_vnc: and: diff --git a/deployment/octavia/octavia-deployment-config.j2.yaml b/deployment/octavia/octavia-deployment-config.j2.yaml index 34cc8b6c8e..18918d46f6 100644 --- a/deployment/octavia/octavia-deployment-config.j2.yaml +++ b/deployment/octavia/octavia-deployment-config.j2.yaml @@ -81,8 +81,10 @@ parameters: provides a convenient way to e.g. debug load balancing services. NovaEnableRbdBackend: default: false - description: Whether to enable or not the Rbd backend for Nova + description: Whether to enable the Rbd backend for Nova ephemeral storage. type: boolean + tags: + - role_specific OctaviaControlNetwork: description: The name for the neutron network used for the amphora control network diff --git a/environments/ceph-ansible/ceph-ansible-per-role.yaml b/environments/ceph-ansible/ceph-ansible-per-role.yaml new file mode 100644 index 0000000000..2d81a10c2e --- /dev/null +++ b/environments/ceph-ansible/ceph-ansible-per-role.yaml @@ -0,0 +1,18 @@ +resource_registry: + OS::TripleO::Services::CephMgr: ../../deployment/ceph-ansible/ceph-mgr.yaml + OS::TripleO::Services::CephMon: ../../deployment/ceph-ansible/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../deployment/ceph-ansible/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../deployment/ceph-ansible/ceph-client.yaml + +parameter_defaults: + # Ensure that if user overrides CephAnsiblePlaybook via some env + # file, we go back to default when they stop passing their env file. + CephAnsiblePlaybook: ['default'] + + CinderEnableIscsiBackend: false + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + GlanceShowMultipleLocations: true + # NovaEnableRbdBackend can be set on individual roles to choose RBD or local ephemeral storage diff --git a/roles/ComputeLocalEphemeral.yaml b/roles/ComputeLocalEphemeral.yaml new file mode 100644 index 0000000000..8a13c64e00 --- /dev/null +++ b/roles/ComputeLocalEphemeral.yaml @@ -0,0 +1,70 @@ +############################################################################### +# Role: ComputeLocalEphemeral # +############################################################################### +- name: ComputeLocalEphemeral + description: | + Per-role compute storage backend - basic Compute Node with local ephemeral disks + CountDefault: 0 + # Create external Neutron bridge (unset if using ML2/OVS without DVR) + tags: + - external_bridge + networks: + InternalApi: + subnet: internal_api_subnet + Tenant: + subnet: tenant_subnet + Storage: + subnet: storage_subnet + HostnameFormatDefault: '%stackname%-novacompute-local-%index%' + RoleParametersDefault: + TunedProfileName: "virtual-host" + NovaEnableRbdBackend: false + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronBgpVpnBagpipe + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaLibvirtGuests + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::SkydiveAgent + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/ComputeRBDEphemeral.yaml b/roles/ComputeRBDEphemeral.yaml new file mode 100644 index 0000000000..f10b9c4108 --- /dev/null +++ b/roles/ComputeRBDEphemeral.yaml @@ -0,0 +1,70 @@ +############################################################################### +# Role: ComputeRBDEphemeral # +############################################################################### +- name: ComputeRBDEphemeral + description: | + Per-role compute storage backend - basic Compute Node with RBD ephemeral disks + CountDefault: 0 + # Create external Neutron bridge (unset if using ML2/OVS without DVR) + tags: + - external_bridge + networks: + InternalApi: + subnet: internal_api_subnet + Tenant: + subnet: tenant_subnet + Storage: + subnet: storage_subnet + HostnameFormatDefault: '%stackname%-novacompute-rbd-%index%' + RoleParametersDefault: + TunedProfileName: "virtual-host" + NovaEnableRbdBackend: true + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronBgpVpnBagpipe + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaLibvirtGuests + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::SkydiveAgent + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 2ffab71ec9..9fb270adb6 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -445,7 +445,7 @@ def validate_controller_no_ceph_role(filename, tpl): return 1 return 0 -def validate_with_compute_role_services(role_filename, role_tpl, exclude_service): +def validate_with_compute_role_services(role_filename, role_tpl, exclude_service=()): cmpt_filename = os.path.join(os.path.dirname(role_filename), './Compute.yaml') cmpt_tpl = yaml.load(open(cmpt_filename).read()) @@ -1108,6 +1108,10 @@ def validate(filename, param_map): if filename == './roles/Compute.yaml': retval |= validate_multiarch_compute_roles(filename, tpl) + if filename in ('./roles/ComputeLocalEphemeral.yaml', + './roles/ComputeRBDEphemeral.yaml'): + retval |= validate_with_compute_role_services(filename, tpl) + # NOTE(hjensas): The routed network data example is very different ... # We need to develop a more advanced validator, probably using a schema # definition instead.