heat_template_version: wallaby description: > Ceph base service. Shared by all Ceph services. parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json NodeDataLookup: type: json default: {} description: json containing per-node configuration map DeploymentServerBlacklist: default: [] type: comma_delimited_list description: > List of server hostnames to blacklist from any triggered deployments. ContainerCli: type: string default: 'podman' description: CLI tool used to manage containers. constraints: - allowed_values: ['podman'] CephEnableDashboard: type: boolean default: false description: Parameter used to trigger the dashboard deployment. CephObservabilityDataOnly: type: boolean default: false description: Parameter used to trigger only node-exporter deployment. CephConfigOverrides: type: json description: Extra config settings to dump into ceph.conf default: {} ApplyCephConfigOverridesOnUpdate: type: boolean default: false description: > If true, CephConfigOverrides are applied to the Ceph cluster not only during the initial deployment but also during each update. CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. CephClusterName: type: string default: ceph description: The Ceph cluster name. constraints: - allowed_pattern: "[a-zA-Z0-9]+" description: > The Ceph cluster name must be at least 1 character and contain only letters and numbers. CephMsgrSecureMode: type: boolean default: false description: > Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph daemons and also between Ceph clients and daemons. CephPools: description: > Used to override settings (mainly target_size_ratio or pg_num) in pools. Pacific has pg_autoscale_mode enabled by default so set target_size_ratio as a percentage of the expected data consumption. The example below sets cinder volumes 40%, glance images 10%, nova vms 30% (20% of space free). Not set by default but overrides are encouraged to avoid data rebalancing. For example, CephPools: - name: volumes target_size_ratio: 0.4 application: rbd - name: images target_size_ratio: 0.1 application: rbd - name: vms target_size_ratio: 0.3 application: rbd default: [] type: json CinderRbdPoolName: default: volumes type: string CinderRbdExtraPools: default: [] description: > List of extra Ceph pools for use with RBD backends for Cinder. An extra Cinder RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName. type: comma_delimited_list CinderBackupRbdPoolName: default: backups type: string GlanceMultistoreConfig: type: json default: {} description: | Dictionary of settings when configuring additional glance backends. The hash key is the backend ID, and the value is a dictionary of parameter values unique to that backend. Multiple rbd and cinder backends are allowed, but file and swift backends are limited to one each. Example: # Default glance store is rbd. GlanceBackend: rbd GlanceStoreDescription: 'Default rbd store' # GlanceMultistoreConfig specifies a second rbd backend, plus a cinder # backend. GlanceMultistoreConfig: rbd2_store: GlanceBackend: rbd GlanceStoreDescription: 'Second rbd store' CephClusterName: ceph2 # Override CephClientUserName if this cluster uses a different # client name. CephClientUserName: client2 cinder1_store: GlanceBackend: cinder GlanceCinderVolumeType: 'volume-type-1' GlanceStoreDescription: 'First cinder store' cinder2_store: GlanceBackend: cinder GlanceCinderVolumeType: 'volume-type-2' GlanceStoreDescription: 'Second cinder store' GlanceRbdPoolName: default: images type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one of swift, rbd, cinder, or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd', 'cinder'] GnocchiRbdPoolName: default: metrics type: string NovaRbdPoolName: default: vms type: string description: The pool name for RBD backend ephemeral storage. tags: - role_specific CephClientKey: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true constraints: - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephClientUserName: default: openstack type: string CephRgwClientName: default: radosgw type: string CephRgwKey: description: The cephx key for the radosgw client. Can be created with ceph-authtool --gen-print-key. type: string hidden: true constraints: - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" ManilaCephFSDataPoolName: default: manila_data type: string ManilaCephFSMetadataPoolName: default: manila_metadata type: string ManilaCephFSShareBackendName: default: cephfs type: string ManilaCephFSCephFSAuthId: default: manila type: string CephManilaClientKey: default: '' description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true constraints: - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" SwiftPassword: description: The password for the swift service account type: string hidden: true ContainerCephDaemonImage: description: image type: string # start DEPRECATED options for compatibility with older versions CephPoolDefaultPgNum: description: default pg_num to use for the RBD pools type: number default: 16 CephPoolDefaultSize: description: default minimum replication for RBD copies type: number default: 3 # end DEPRECATED options for compatibility with older versions ContainerImageRegistryCredentials: type: json hidden: true description: | Mapping of image registry hosts to login credentials. Must be in the following example format docker.io: username: pa55word '192.0.2.1:8787': registry_username: password default: {} CephExtraKeys: type: json hidden: true description: | List of maps describing extra keys which will be created on the deployed Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each item in the list must be in the following example format - name: "client.glance" caps: mgr: "allow *" mon: "profile rbd" osd: "profile rbd pool=images" key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg==" mode: "0600" default: [] CinderEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Cinder type: boolean NovaEnableRbdBackend: default: false description: Whether to enable the Rbd backend for Nova ephemeral storage. type: boolean tags: - role_specific CinderBackupBackend: default: swift description: The short name of the Cinder Backup backend to use. type: string constraints: - allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3'] GnocchiBackend: default: swift description: The short name of the Gnocchi backend to use. Should be one of swift, rbd, file or s3. type: string constraints: - allowed_values: ['swift', 'file', 'rbd', 's3'] EnableInternalTLS: type: boolean default: false CephClientConfigVars: default: "{{ playbook_dir }}/cephadm/ceph_client.yml" type: string description: The undercloud path where cephadm exports the Ceph Client configuration. CephDynamicSpec: type: boolean default: true description: | If true the tripleo_run_cephadm role will build an orchestrator-cli-service-spec file based on the data found in the inventory (which is based on composable roles) by using the ceph_spec_bootstrap Ansible module in tripleo-ansible. CephSpecPath: default: "{{ playbook_dir }}/cephadm/ceph_spec.yaml" type: string description: | The path on the undercloud to a valid Ceph orchestrator CLI service spec file. If you do not want the spec to be generated automatically and instead prefer to supply your own spec, then place your spec at this path on the undercloud and set CephDynamicSpec to false. If CephDynamicSpec is true and CephSpecPath is set to a valid path, then the spec will be created at that path before it is used to deploy Ceph. By default the spec will be created by config-download in config-download//cephadm/ceph_spec.yaml. CephOsdSpec: description: | If CephDynamicSpec is true, then any valid OSD service specification set in CephOsdSpec will appear in the generated Ceph spec for the 'osd' service_type. Replaces CephAnsibleDisksConfig. This parameter has no effect if CephDynamicSpec is false. Use this parameter to override the default of using all available block devices as data_devices. See the Ceph documentation for cephadm drivegroups. Exclude service_type, service_id, and placement from this parameter. In the example below all rotating devices will be data devices and all non-rotating devices will be used as shared devices (wal, db). CephOsdSpec: data_devices: rotational: 1 db_devices: rotational: 0 type: json default: data_devices: all: true CephSpecFqdn: default: false type: boolean description: | If both CephDynamicSpec and CephSpecFqdn are true, then the hostname and hosts of the generated Ceph spec will have their fully qualified domain name instead of their short hostname. This parameter has no effect if CephDynamicSpec is false. CephCrushRules: type: json description: | List of rules describing the device classes that will be found on the deployed Ceph cluster. They can be specified in the following form - name: HDD root: default type: host class: hdd default: true default: [] CephAdmDebug: type: boolean default: false description: | If this parameter is true, then cephadm sets the debug related mgr config-key and produces a more verbose output. CephAdmVerbose: type: boolean default: false description: | If this parameter is true, the cephadm playbook is able to print some ceph related information during its execution. DeployedCeph: default: false type: boolean description: | If the Ceph cluster has already been deployed but needs to be configured so that the overcloud can use it (create cephx keys, pools, configure RGW with haproxy, etc), then this parameter should be set to true. Set this parameter to false to have cephadm deploy the ceph cluster during overcloud deployment. DeployedCeph and CephDynamicSpec are mutually exclusive. DisableCephadm: default: false type: boolean description: Disable cephadm after Ceph is deployed CephRbdTrashPurgeInterval: default: 15 type: string description: | The interval applied to the rbd trash purge scheduler, that can be expressed in minutes. CephRbdTrashSchedulerEnable: default: false type: boolean description: Enable Ceph rbd trash scheduler CephadmDefaultContainer: default: false type: boolean description: | Use the default container defined in cephadm instead of the one defined in container_image_prepare_defaults.yaml. ExternalCeph: default: false type: boolean description: | If the Ceph cluster has been deployed outside of TripleO. DeployedCeph and ExternalCeph are mutually exclusive. parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - CephPoolDefaultPgNum - CephPoolDefaultSize conditions: custom_registry_host: yaql: data: {get_param: ContainerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') ceph_authenticated_registry: and: - not: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty() - not: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty() resources: ContainerImageUrlParts: type: OS::Heat::Value properties: type: json value: host: if: - custom_registry_host - yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} - docker.io image: if: - custom_registry_host - yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2] data: {get_param: ContainerCephDaemonImage} - yaql: expression: $.data.rightSplit(':', 1)[0] data: {get_param: ContainerCephDaemonImage} image_tag: yaql: expression: $.data.rightSplit(':', 1)[1] data: {get_param: ContainerCephDaemonImage} DefaultCephConfigOverrides: type: OS::Heat::Value properties: type: json value: vars: {} CephAdmVars: type: OS::Heat::Value properties: type: json value: vars: tripleo_cephadm_fsid: {get_param: CephClusterFSID} tripleo_cephadm_cluster: {get_param: CephClusterName} tripleo_cephadm_container_cli: {get_param: ContainerCli} tripleo_ceph_client_vars: {get_param: CephClientConfigVars} tripleo_cephadm_dashboard_enabled: {get_param: CephEnableDashboard} tripleo_cephadm_observability_data_only: {get_param: CephObservabilityDataOnly} cephfs: {get_param: ManilaCephFSShareBackendName} tripleo_cephadm_container_ns: {get_attr: [ContainerImageUrlParts, value, host]} tripleo_cephadm_container_image: {get_attr: [ContainerImageUrlParts, value, image]} tripleo_cephadm_container_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]} tripleo_cephadm_crush_rules: {get_param: CephCrushRules} tripleo_cephadm_debug: {get_param: CephAdmDebug} tripleo_cephadm_verbose: {get_param: CephAdmVerbose} tripleo_cephadm_rbd_trash: {get_param: CephRbdTrashPurgeInterval} tripleo_cephadm_enable_trash_scheduler: {get_param: CephRbdTrashSchedulerEnable} tripleo_cephadm_apply_ceph_conf_overrides_on_update: {get_param: ApplyCephConfigOverridesOnUpdate} tripleo_cephadm_default_container: {get_param: CephadmDefaultContainer} ceph_container_registry_auth: if: - ceph_authenticated_registry - true - false ceph_container_registry_username: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: {get_attr: [ContainerImageUrlParts, value, host]} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "") ceph_container_registry_password: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: {get_attr: [ContainerImageUrlParts, value, host]} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "") public_network: list_join: - ',' - get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}] cluster_network: list_join: - ',' - get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}] outputs: role_data: description: Role data for the Ceph base service. value: service_name: ceph_base upgrade_tasks: [] puppet_config: {} docker_config: {} config_settings: {} external_deploy_tasks: - name: ceph_base_external_deploy_task when: step|int == 2 block: - name: create cephadm working directory and related files include_role: name: tripleo_run_cephadm tasks_from: prepare.yml vars: ceph_pools: gnocchi_pool: name: {get_param: GnocchiRbdPoolName} enabled: if: - equals: - {get_param: GnocchiBackend} - 'rbd' - true - false nova_pool: name: {get_param: NovaRbdPoolName} enabled: {get_param: NovaEnableRbdBackend} glance_pool: name: {get_param: GlanceRbdPoolName} enabled: or: - yaql: data: {get_param: GlanceMultistoreConfig} expression: $.data.values().where($ != null).GlanceBackend.contains("rbd") - equals: - {get_param: GlanceBackend} - 'rbd' cinder_pool: name: {get_param: CinderRbdPoolName} enabled: {get_param: CinderEnableRbdBackend} cinder_extra_pools: {get_param: CinderRbdExtraPools} cinder_backup_pool: name: {get_param: CinderBackupRbdPoolName} enabled: if: - equals: - {get_param: CinderBackupBackend} - 'ceph' - true - false extra_pools: {get_param: CephPools} manila_pools: data: {get_param: ManilaCephFSDataPoolName} metadata: {get_param: ManilaCephFSMetadataPoolName} ceph_keys: openstack_client: name: {get_param: CephClientUserName} key: {get_param: CephClientKey} manila: name: {get_param: ManilaCephFSCephFSAuthId} key: {get_param: CephManilaClientKey} radosgw: name: {get_param: CephRgwClientName} key: {get_param: CephRgwKey} extra_keys: {get_param: CephExtraKeys} ceph_config_overrides: {get_param: CephConfigOverrides} tripleo_run_cephadm_spec_path: {get_param: CephSpecPath} tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec} ceph_spec_fqdn: {get_param: CephSpecFqdn} ceph_osd_spec: {get_param: CephOsdSpec} ceph_default_overrides: global: if: - {get_param: CephMsgrSecureMode} - map_merge: - {get_attr: [DefaultCephConfigOverrides, value, vars]} - ms_cluster_mode: secure ms_service_mode: secure ms_client_mode: secure - {get_attr: [DefaultCephConfigOverrides, value, vars]} cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]} tripleo_cephadm_deployed_ceph: {get_param: DeployedCeph} - name: Prepare cephadm user and keys include_role: name: tripleo_run_cephadm tasks_from: enable_ceph_admin_user.yml when: - not external_ceph - (not deployed_ceph and (groups['ceph_mon'] | default([]) | length > 0 or groups['ceph_nfs'] | default([]) | length > 0)) or (deployed_ceph and ((groups['ceph_rgw'] | default([]) != groups['ceph_mon'] | default([]) and groups['ceph_rgw'] | default([]) | length > 0) or (groups['ceph_mds'] | default([]) != groups['ceph_mon'] | default([]) and groups['ceph_mds'] | default([]) | length > 0) or (groups['ceph_nfs'] | default([]) != groups['ceph_mon'] | default([]) and groups['ceph_nfs'] | default([]) | length > 0) or (groups['ceph_rbdmirror'] | default([]) != groups['ceph_mon'] | default([]) and groups['ceph_rbdmirror'] | default([]) | length > 0))) vars: deployed_ceph: {get_param: DeployedCeph} external_ceph: {get_param: ExternalCeph} - name: Deploy or configure the cephadm Ceph cluster include_role: name: tripleo_run_cephadm when: - not external_ceph - groups['ceph_mon'] | default([]) | length > 0 or groups['ceph_nfs'] | default([]) | length > 0 vars: external_ceph: {get_param: ExternalCeph} - name: ceph_base_external_deploy_task when: - (step | int) == 3 - {get_param: DisableCephadm} - not external_ceph block: - name: Pause cephadm include_role: name: tripleo_run_cephadm tasks_from: disable_cephadm.yml vars: external_ceph: {get_param: ExternalCeph} post_upgrade_tasks: - name: Clean puppet-ceph package when: - (step | int) == 3 package: name: puppet-ceph state: absent