heat_template_version: rocky description: > Ceph base service. Shared by all Ceph services. parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json CephDashboardAdminPassword: description: Admin password for the dashboard component type: string hidden: true CephGrafanaAdminPassword: description: Admin password for grafana component type: string hidden: true RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json StackUpdateType: type: string description: > Type of update, to differentiate between UPGRADE and UPDATE cases when StackAction is UPDATE (both are the same stack action). constraints: - allowed_values: ['', 'UPGRADE'] default: '' NodeDataLookup: type: json default: {} description: json containing per-node configuration map DeploymentServerBlacklist: default: [] type: comma_delimited_list description: > List of server hostnames to blacklist from any triggered deployments. ContainerCli: type: string default: 'podman' description: CLI tool used to manage containers. constraints: - allowed_values: ['docker', 'podman'] CephEnableDashboard: type: boolean default: false description: Parameter used to trigger the dashboard deployment. CephAnsiblePlaybook: type: comma_delimited_list description: > List of paths to the ceph-ansible playbooks to execute. If not specified, the playbook will be determined automatically depending on type of operation being performed (deploy/update/upgrade). default: ['default'] CephAnsibleExtraConfig: type: json description: Extra vars for the ceph-ansible playbook default: {} CephAnsibleSkipTags: type: string description: List of ceph-ansible tags to skip default: 'package-install,with_pkg' CephConfigOverrides: type: json description: Extra config settings to dump into ceph.conf default: {} CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. CephClusterName: type: string default: ceph description: The Ceph cluster name. constraints: - allowed_pattern: "[a-zA-Z0-9]+" description: > The Ceph cluster name must be at least 1 character and contain only letters and numbers. CephMsgrSecureMode: type: boolean default: false description: > Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph daemons and also between Ceph clients and daemons. CephPoolDefaultPgNum: description: default pg_num to use for the RBD pools type: number default: 128 CephPools: description: > It can be used to override settings for one of the predefined pools, or to create additional ones. Example: [{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"}] default: [] type: json CinderRbdPoolName: default: volumes type: string CinderRbdExtraPools: default: [] description: > List of extra Ceph pools for use with RBD backends for Cinder. An extra Cinder RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName. type: comma_delimited_list CinderBackupRbdPoolName: default: backups type: string GlanceRbdPoolName: default: images type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one of swift, rbd, cinder, or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd', 'cinder'] GnocchiRbdPoolName: default: metrics type: string NovaRbdPoolName: default: vms type: string description: The pool name for RBD backend ephemeral storage. tags: - role_specific CephClientKey: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true constraints: - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephClientUserName: default: openstack type: string CephRgwClientName: default: radosgw type: string CephRgwKey: description: The cephx key for the radosgw client. Can be created with ceph-authtool --gen-print-key. type: string hidden: true constraints: - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephPoolDefaultSize: description: default minimum replication for RBD copies type: number default: 3 ManilaCephFSDataPoolName: default: manila_data type: string ManilaCephFSMetadataPoolName: default: manila_metadata type: string # start DEPRECATED options for compatibility with older versions ManilaCephFSDataPoolPGNum: default: 128 type: number ManilaCephFSMetadataPoolPGNum: default: 128 type: number # end DEPRECATED options for compatibility with older versions ManilaCephFSShareBackendName: default: cephfs type: string ManilaCephFSCephFSAuthId: default: manila type: string CephManilaClientKey: default: '' description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true constraints: - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephIPv6: default: False type: boolean SwiftPassword: description: The password for the swift service account type: string hidden: true ContainerCephDaemonImage: description: image type: string ContainerCeph3DaemonImage: description: image type: string default: '' CephAnsiblePlaybookVerbosity: default: 1 description: The number of '-v', '-vv', etc. passed to ansible-playbook command type: number constraints: - range: { min: 1, max: 5 } CephAnsibleEnvironmentVariables: default: {} description: Mapping of Ansible environment variables to override defaults. type: json # start DEPRECATED options for compatibility with older versions SwiftFetchDirGetTempurl: default: '' description: A temporary Swift URL to download the fetch_directory from. type: string SwiftFetchDirPutTempurl: default: '' description: A temporary Swift URL to upload the fetch_directory to. type: string LocalCephAnsibleFetchDirectoryBackup: default: '' description: Filesystem path on undercloud to persist a copy of the data from the ceph-ansible fetch directory. Used as an alternative to backing up the fetch_directory in Swift. Path must be writable and readable by the user running ansible from config-download, e.g. the mistral user in the mistral-executor container is able to read/write to /var/lib/mistral/ceph_fetch type: string # end DEPRECATED options for compatibility with older versions CephOsdPercentageMin: default: 66 description: The minimum percentage of Ceph OSDs which must be running and in the Ceph cluster, according to ceph osd stat, for the deployment not to fail. Used to catch deployment errors early. Set this value to 0 to disable this check. type: number ContainerImageRegistryCredentials: type: json hidden: true description: | Mapping of image registry hosts to login credentials. Must be in the following example format docker.io: username: pa55word '192.0.2.1:8787': registry_username: password default: {} CephExtraKeys: type: json hidden: true description: | List of maps describing extra keys which will be created on the deployed Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each item in the list must be in the following example format - name: "client.glance" caps: mgr: "allow *" mon: "profile rbd" osd: "profile rbd pool=images" key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg==" mode: "0600" default: [] CephExternalMultiConfig: type: json hidden: true description: | List of maps describing extra overrides which will be applied when configuring extra external Ceph clusters. If this list is non-empty, ceph-ansible will run an extra count(list) times using the same parameters as the first run except each parameter within each map will override the defaults. If the following were used, the second run would configure the overcloud to also use the ceph2 cluster with all the previous parameters except /etc/ceph/ceph2.conf would have a mon_host entry containing the value of external_cluster_mon_ips below, and not the default CephExternalMonHost. Subsequent ceph-ansible runs are restricted to just ceph clients. CephExternalMultiConfig may not be used to deploy additional internal Ceph clusters within one Heat stack. The map for each list should contain not tripleo-heat-template parameters but ceph-ansible parameters. - cluster: 'ceph2' fsid: 'e2cba068-5f14-4b0f-b047-acf375c0004a' external_cluster_mon_ips: '172.18.0.5,172.18.0.6,172.18.0.7' keys: - name: "client.openstack" caps: mgr: "allow *" mon: "profile rbd" osd: "osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms, profile rbd pool=images" key: "AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q==" mode: "0600" dashboard_enabled: false default: [] CephAnsibleRepo: type: string description: | The repository that should be used to install the right ceph-ansible package. This value can be used by tripleo-validations to double check the right ceph-ansible version is installed. default: 'centos-ceph-nautilus' CephAnsibleWarning: type: boolean description: | In particular scenarios we want this validation to show the warning but don't fail because the package is installed on the system but repos are disabled. default: true CinderEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Cinder type: boolean NovaEnableRbdBackend: default: false description: Whether to enable the Rbd backend for Nova ephemeral storage. type: boolean tags: - role_specific CinderBackupBackend: default: swift description: The short name of the Cinder Backup backend to use. type: string constraints: - allowed_values: ['swift', 'ceph', 'nfs'] GnocchiBackend: default: swift description: The short name of the Gnocchi backend to use. Should be one of swift, rbd, file or s3. type: string constraints: - allowed_values: ['swift', 'file', 'rbd', 's3'] EnableInternalTLS: type: boolean default: false parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - ManilaCephFSDataPoolPGNum - ManilaCephFSMetadataPoolPGNum - LocalCephAnsibleFetchDirectoryBackup - SwiftFetchDirGetTempurl - SwiftFetchDirPutTempurl conditions: fast_forward_upgrade: {not: {equals: [{get_param: ContainerCeph3DaemonImage},'']}} deprecated_data_pool_pgnum: {not: {equals: [{get_param: ManilaCephFSDataPoolPGNum}, 128]}} deprecated_metadata_pool_pgnum: {not: {equals: [{get_param: ManilaCephFSMetadataPoolPGNum}, 128]}} dashboard_is_enabled: {equals: [{get_param: CephEnableDashboard}, true]} msgr_secure_mode: {equals: [{get_param: CephMsgrSecureMode}, true]} custom_registry_host: yaql: data: {get_param: ContainerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') perform_upgrade: equals: [{get_param: StackUpdateType}, 'UPGRADE'] ceph_ansible_skip_tags_set: not: equals: - {get_param: CephAnsibleSkipTags} - '' ceph_authenticated_registry: and: - not: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty() - not: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty() internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: ContainerImageUrlParts: type: OS::Heat::Value properties: type: json value: host: if: - custom_registry_host - if: - fast_forward_upgrade - yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCeph3DaemonImage} - yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} - docker.io image: if: - custom_registry_host - if: - fast_forward_upgrade - yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2] data: {get_param: ContainerCeph3DaemonImage} - yaql: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2] data: {get_param: ContainerCephDaemonImage} - if: - fast_forward_upgrade - yaql: expression: $.data.rightSplit(':', 1)[0] data: {get_param: ContainerCeph3DaemonImage} - yaql: expression: $.data.rightSplit(':', 1)[0] data: {get_param: ContainerCephDaemonImage} image_tag: if: - fast_forward_upgrade - yaql: expression: $.data.rightSplit(':', 1)[1] data: {get_param: ContainerCeph3DaemonImage} - yaql: expression: $.data.rightSplit(':', 1)[1] data: {get_param: ContainerCephDaemonImage} MsgrSecureModeOverrides: type: OS::Heat::Value properties: type: json value: vars: global: ms_cluster_mode: secure ms_service_mode: secure ms_client_mode: secure DefaultCephConfigOverrides: type: OS::Heat::Value properties: type: json value: vars: global: osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum} CephBasePoolVars: type: OS::Heat::Value properties: type: json value: vars: gnocchi_pool: name: {get_param: GnocchiRbdPoolName} enabled: if: - equals: - {get_param: GnocchiBackend} - 'rbd' - true - false nova_pool: name: {get_param: NovaRbdPoolName} enabled: {get_param: NovaEnableRbdBackend} glance_pool: name: {get_param: GlanceRbdPoolName} enabled: if: - equals: - {get_param: GlanceBackend} - 'rbd' - true - false cinder_pool: name: {get_param: CinderRbdPoolName} enabled: {get_param: CinderEnableRbdBackend} cinder_extra_pools: {get_param: CinderRbdExtraPools} cinder_backup_pool: name: {get_param: CinderBackupRbdPoolName} enabled: if: - equals: - {get_param: CinderBackupBackend} - 'ceph' - true - false extra_pools: {get_param: CephPools} pg_num: {get_param: CephPoolDefaultPgNum} CephManilaPoolVars: type: OS::Heat::Value properties: type: json value: vars: data: {get_param: ManilaCephFSDataPoolName} metadata: {get_param: ManilaCephFSMetadataPoolName} data_pg_num: if: - deprecated_data_pool_pgnum - {get_param: ManilaCephFSDataPoolPGNum} - {get_param: CephPoolDefaultPgNum} metadata_pg_num: if: - deprecated_metadata_pool_pgnum - {get_param: ManilaCephFSMetadataPoolPGNum} - {get_param: CephPoolDefaultPgNum} CephKeyVars: type: OS::Heat::Value properties: type: json value: vars: openstack_client: name: {get_param: CephClientUserName} key: {get_param: CephClientKey} manila: name: {get_param: ManilaCephFSCephFSAuthId} key: {get_param: CephManilaClientKey} radosgw: name: {get_param: CephRgwClientName} key: {get_param: CephRgwKey} extra_keys: {get_param: CephExtraKeys} CephBaseAnsibleVars: type: OS::Heat::Value properties: type: json value: vars: containerized_deployment: true user_config: true ceph_stable: true ceph_origin: distro openstack_config: true pools: [] ntp_service_enabled: true generate_fsid: false fsid: { get_param: CephClusterFSID } cluster: { get_param: CephClusterName } configure_firewall: false ceph_docker_registry: {get_attr: [ContainerImageUrlParts, value, host]} ceph_docker_image: {get_attr: [ContainerImageUrlParts, value, image]} ceph_docker_image_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]} ceph_docker_registry_auth: if: - ceph_authenticated_registry - true - false ceph_docker_registry_username: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: {get_attr: [ContainerImageUrlParts, value, host]} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "") ceph_docker_registry_password: yaql: data: cred: {get_param: ContainerImageRegistryCredentials} ns: {get_attr: [ContainerImageUrlParts, value, host]} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "") public_network: list_join: - ',' - get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}] monitor_address_block: list_join: - ',' - get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}] cluster_network: list_join: - ',' - get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}] ip_version: if: - {get_param: CephIPv6} - ipv6 - ipv4 dashboard_enabled: {get_param: CephEnableDashboard} cephfs: {get_param: ManilaCephFSShareBackendName} outputs: role_data: description: Role data for the Ceph base service. value: service_name: ceph_base upgrade_tasks: - name: Reinstall ceph-common package which was removed in tripleo-packages-baremetal-puppet.yaml workaround package: name: - ceph-common state: present when: - step|int == 1 - ansible_distribution_major_version == '8' post_upgrade_tasks: [] puppet_config: config_image: '' config_volume: '' step_config: '' docker_config: {} config_settings: {} external_deploy_tasks: - name: ceph_base_external_deploy_init when: step|int == 1 tags: - ceph - ceph_systemd - ceph_fstobs block: - name: ensure ceph-ansible is installed include_role: role: ceph tasks_from: ceph-ansible-installed vars: fail_without_ceph_ansible: {get_param: CephAnsibleWarning} ceph_ansible_repo: {get_param: CephAnsibleRepo} tags: - opendev-validation - opendev-validation-ceph - name: Check if Ceph dependencies are installed import_role: role: ceph tasks_from: ceph-dependencies-installed tags: - opendev-validation - opendev-validation-ceph vars: fail_without_deps: true packages: lvm2 tripleo_delegate_to: "{{ groups['overcloud'] | default([]) }}" - name: set tripleo-ceph-prepare facts set_fact: ceph_pools: {get_attr: [CephBasePoolVars, value, vars]} manila_pools: {get_attr: [CephManilaPoolVars, value, vars]} ceph_keys: {get_attr: [CephKeyVars, value, vars]} ceph_default_overrides: if: - msgr_secure_mode - yaql: expression: ($.data.default).mergeWith($.data.secure) data: default: {get_attr: [DefaultCephConfigOverrides, value, vars]} secure: {get_attr: [MsgrSecureModeOverrides, value, vars]} - {get_attr: [DefaultCephConfigOverrides, value, vars]} ceph_config_overrides: {get_param: CephConfigOverrides} - name: set ceph-ansible facts set_fact: blacklisted_hostnames: {get_param: DeploymentServerBlacklist} ceph_ansible_group_vars_all: if: - dashboard_is_enabled - map_merge: - if: - internal_tls_enabled - dashboard_tls_external: true dashboard_grafana_api_no_ssl_verify: true - {} - {get_attr: [CephBaseAnsibleVars, value, vars]} - dashboard_admin_password: {get_param: CephDashboardAdminPassword} - grafana_admin_password: {get_param: CephGrafanaAdminPassword} - {get_attr: [CephBaseAnsibleVars, value, vars]} ceph_ansible_extra_vars: map_merge: - {get_param: CephAnsibleExtraConfig} - ireallymeanit: "yes" fetch_directory: "{{playbook_dir}}/ceph-ansible/fetch_dir" container_binary: {get_param: ContainerCli} uuid_content: yaql: expression: dict($.data.keys().select($.toLower()).zip($.data.values())) data: {get_param: NodeDataLookup} ceph_external_multi_config: {get_param: CephExternalMultiConfig} - name: include common ceph defaults include_role: name: tripleo-ceph-common - name: create ceph-ansible working direcotry include_role: name: tripleo-ceph-work-dir tasks_from: prepare - name: prepare for ceph-ansible uuid gathering include_role: name: tripleo-ceph-uuid tasks_from: prepare - name: ceph_base_external_deploy_task when: step|int == 2 tags: - ceph - ceph_systemd - ceph_fstobs block: - name: set ceph-ansible facts set_fact: ceph_ansible_playbook_verbosity: {get_param: CephAnsiblePlaybookVerbosity} ceph_ansible_playbooks_param: {get_param: CephAnsiblePlaybook} ceph_ansible_environment_variables: yaql: data: {get_param: CephAnsibleEnvironmentVariables} expression: $.data.items().select($.join('=')) ceph_ansible_skip_tags: {get_param: CephAnsibleSkipTags} - name: get ssh private key include_role: name: tripleo-ceph-work-dir tasks_from: get_ssh_private_key - name: run nodes-uuid include_role: name: tripleo-ceph-uuid tasks_from: gather - name: run ceph-ansible include_role: name: tripleo-ceph-run-ansible - name: ensure ceph health is OK before proceeding import_role: role: ceph tasks_from: ceph-health vars: fail_on_ceph_health_err: true osd_percentage_min: {get_param: CephOsdPercentageMin} tripleo_delegate_to: "{{ groups['ceph_mon'] | default([]) }}" tags: - opendev-validation - opendev-validation-ceph external_update_tasks: - when: step|int == 0 tags: ceph block: - name: set ceph_ansible_playbooks_default set_fact: ceph_ansible_playbooks_default: ["/usr/share/ceph-ansible/infrastructure-playbooks/rolling_update.yml"] external_upgrade_tasks: - when: step|int == 0 tags: - never - ceph_systemd block: - name: stop if _limit is unset fail: msg: The ceph-ansible systemd units migration playbook limit is not set; please use -e ceph_ansible_limit=##nodename## when: (ceph_ansible_limit is not defined) or (ceph_ansible_limit|length == 0) - name: set ceph_ansible_playbooks_default set_fact: ceph_ansible_playbooks_default: ["/usr/share/ceph-ansible/infrastructure-playbooks/docker-to-podman.yml"] - when: step|int == 0 tags: - never - ceph_fstobs block: - name: stop if _limit is unset fail: msg: The ceph-ansible filestore to bluestore playbook limit is not set; please use -e ceph_ansible_limit=##nodename## when: (ceph_ansible_limit is not defined) or (ceph_ansible_limit|length == 0) - name: set ceph_ansible_playbooks_default set_fact: ceph_ansible_playbooks_default: ["/usr/share/ceph-ansible/infrastructure-playbooks/filestore-to-bluestore.yml"] - when: step|int == 0 tags: ceph block: - name: set ceph_ansible_playbooks_default set_fact: ceph_ansible_playbooks_default: ["/usr/share/ceph-ansible/infrastructure-playbooks/rolling_update.yml"]