c9991c2e31
With I57047682cfa82ba6ca4affff54fab5216e9ba51c Heat has added a new template version for wallaby. This would allow us to use 2-argument variant of the ``if`` function that would allow for e.g. conditional definition of resource properties and help cleanup templates. If only two arguments are passed to ``if`` function, the entire enclosing item is removed when the condition is false. Change-Id: I25f981b60c6a66b39919adc38c02a051b6c51269
191 lines
6.5 KiB
YAML
191 lines
6.5 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
Ceph Manager service.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
CephDashboardAdminUser:
|
|
default: 'admin'
|
|
description: Admin user for the dashboard component
|
|
type: string
|
|
CephEnableDashboard:
|
|
type: boolean
|
|
default: false
|
|
description: Parameter used to trigger the dashboard deployment.
|
|
CephDashboardPort:
|
|
type: number
|
|
default: 8444
|
|
description: Parameter that defines the ceph dashboard port.
|
|
CephDashboardAdminRO:
|
|
type: boolean
|
|
default: true
|
|
description: Parameter used to set a read-only admin user.
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CertificateKeySize:
|
|
type: string
|
|
default: '2048'
|
|
description: Specifies the private key size used when creating the
|
|
certificate.
|
|
CephCertificateKeySize:
|
|
type: string
|
|
default: ''
|
|
description: Override the private key size used when creating the
|
|
certificate for this service
|
|
|
|
conditions:
|
|
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
|
|
internal_tls_enabled:
|
|
and:
|
|
- dashboard_enabled
|
|
- equals:
|
|
- get_param: EnableInternalTLS
|
|
- true
|
|
key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']}
|
|
|
|
resources:
|
|
CephBase:
|
|
type: ./ceph-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
CephMgrAnsibleVars:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
vars:
|
|
ceph_mgr_docker_extra_env: '-e MGR_DASHBOARD=0'
|
|
dashboard_admin_user: {get_param: CephDashboardAdminUser}
|
|
dashboard_rgw_api_host: {get_param: [EndpointMap, CephRgwInternal, host]}
|
|
dashboard_rgw_api_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
|
dashboard_rgw_api_scheme: {get_param: [EndpointMap, CephRgwInternal, protocol]}
|
|
dashboard_rgw_api_no_ssl_verify: false
|
|
dashboard_port: {get_param: CephDashboardPort}
|
|
dashboard_admin_user_ro: {get_param: CephDashboardAdminRO}
|
|
dashboard_protocol:
|
|
if:
|
|
- internal_tls_enabled
|
|
- 'https'
|
|
- 'http'
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ceph Manager service.
|
|
value:
|
|
service_name: ceph_mgr
|
|
firewall_rules:
|
|
'113 ceph_mgr':
|
|
dport:
|
|
list_concat:
|
|
- - '6800-7300'
|
|
- if:
|
|
- dashboard_enabled
|
|
- - {get_param: CephDashboardPort}
|
|
- []
|
|
upgrade_tasks: []
|
|
puppet_config:
|
|
config_image: ''
|
|
config_volume: ''
|
|
step_config: ''
|
|
docker_config: {}
|
|
external_deploy_tasks:
|
|
list_concat:
|
|
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
|
|
- - name: ceph_mgr_external_deploy_init
|
|
when: step|int == 1
|
|
tags:
|
|
- ceph
|
|
- ceph_fstobs
|
|
- ceph_systemd
|
|
block:
|
|
- name: set ceph-ansible group vars mgrs
|
|
set_fact:
|
|
ceph_ansible_group_vars_mgrs:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
map_merge:
|
|
- {get_attr: [CephMgrAnsibleVars, value, vars]}
|
|
- dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
|
|
- dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
|
|
- {get_attr: [CephMgrAnsibleVars, value, vars]}
|
|
- name: generate ceph-ansible group vars mgrs
|
|
copy:
|
|
dest: "{{playbook_dir}}/ceph-ansible/group_vars/mgrs.yml"
|
|
content: "{{ceph_ansible_group_vars_mgrs|to_nice_yaml}}"
|
|
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
|
|
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: ceph_dashboard
|
|
network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
|
|
type: node
|
|
- null
|
|
deploy_steps_tasks:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- name: Certificate generation
|
|
when: step|int == 1
|
|
block:
|
|
- include_role:
|
|
name: linux-system-roles.certificate
|
|
vars:
|
|
certificate_requests:
|
|
- name: ceph_dashboard
|
|
dns:
|
|
str_replace:
|
|
template: "{{fqdn_$NETWORK}}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "ceph_dashboard/{{fqdn_$NETWORK}}@{{idm_realm}}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
|
|
run_after: |
|
|
# Get mgr systemd unit
|
|
mgr_unit=$(systemctl list-units | awk '/ceph-mgr/ {print $1}')
|
|
# Restart the mgr systemd unit
|
|
if [ -n "$mgr_unit" ]; then
|
|
systemctl restart "$mgr_unit"
|
|
fi
|
|
key_size:
|
|
if:
|
|
- key_size_override_unset
|
|
- {get_param: CertificateKeySize}
|
|
- {get_param: CephCertificateKeySize}
|
|
ca: ipa
|
|
- null
|