heat_template_version: wallaby description: > OpenStack containerized Iscsid service parameters: ContainerIscsidImage: description: image type: string tags: - role_specific ContainerIscsidConfigImage: description: The container image to use for the iscsid config_volume type: string tags: - role_specific EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json LVMFilterEnabled: default: false description: Enables configuration of LVM2 with a filter so that devices not in use on the host or explicitly allowed are ignored by LVM2. Can be configured per-role. When disabled, the proposed lvm.conf file will be created regardless and left in /tmp/tripleo_lvmfilter.conf for debugging purposes. type: boolean tags: - role_specific LVMFilterAllowlist: default: [] description: A list of block devices which should be allowed in the LVM2 `global_filter`. Supports regular expressions, like `/dev/sd.*` and can be configured per-role. Any block device in use at boot time will be automatically allowed. type: comma_delimited_list tags: - role_specific LVMFilterDenylist: default: ['.*'] description: A list of block devices which should be disallowed in the LVM2 `global_filter`. Supports regular expressions, like `/dev/sd.*` and can be configured per-role. type: comma_delimited_list tags: - role_specific IscsidCHAPAlgorithms: default: 'SHA3-256,SHA256,SHA1,MD5' description: A comma separated list of algorithms to be used for the CHAP algorithm. type: string resources: ContainersCommon: type: ../containers-common.yaml RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - tripleo_tripleo_lvmfilter_enabled: LVMFilterEnabled tripleo_tripleo_lvmfilter_devices_allowlist: LVMFilterAllowlist tripleo_tripleo_lvmfilter_devices_denylist: LVMFilterDenylist ContainerIscsidImage: ContainerIscsidImage ContainerIscsidConfigImage: ContainerIscsidConfigImage - values: {get_param: [RoleParameters]} - values: LVMFilterEnabled: {get_param: LVMFilterEnabled} LVMFilterAllowlist: {get_param: LVMFilterAllowlist} LVMFilterDenylist: {get_param: LVMFilterDenylist} ContainerIscsidImage: {get_param: ContainerIscsidImage} ContainerIscsidConfigImage: {get_param: ContainerIscsidConfigImage} outputs: role_data: description: Role data for the Iscsid role. value: service_name: iscsid config_settings: tripleo::profile::base::iscsid::chap_algs: {get_param: IscsidCHAPAlgorithms} service_config_settings: {} deploy_steps_tasks: - name: Run lvmfilter role include_role: name: tripleo_lvmfilter when: - step|int == 1 - name: Iscsid role include_role: name: tripleo_iscsid tasks_from: iscsid.yaml when: - step|int == 3 ansible_group_vars: map_merge: - {get_attr: [RoleParametersValue, value]} - tripleo_iscsid_image: {get_attr: [RoleParametersValue, value, ContainerIscsidImage]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: iscsid puppet_tags: iscsid_config step_config: | include tripleo::profile::base::iscsid config_image: {get_attr: [RoleParametersValue, value, ContainerIscsidConfigImage]} volumes: # NOTE(bogdando) Containerized or running on baremetal services # on a node must use the same iSCSI Qualified Name (IQN). # However, overcloud nodes must have a unique IQN. Allow full # (write) access to /etc/iscsi so that puppet ensures the IQN # is unique and is reset once, and only once. # NOTE(abishop) The host directory is mounted at /tmp/iscsi.host # to allow puppet to manage its own files, but still be able to # sync with the host. See I89023603147e21d5c211041f70fc2c988d5f4de1 # for details. - /etc/iscsi:/tmp/iscsi.host:z host_prep_tasks: - name: Iscsid install tasks include_role: name: tripleo_iscsid tasks_from: iscsid_install.yaml upgrade_tasks: []