tripleo-heat-templates/deployment/cephadm/ceph-base.yaml
2021-07-02 12:51:40 +00:00

601 lines
22 KiB
YAML

heat_template_version: wallaby
description: >
Ceph base service. Shared by all Ceph services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackUpdateType:
type: string
description: >
Type of update, to differentiate between UPGRADE and UPDATE cases
when StackAction is UPDATE (both are the same stack action).
constraints:
- allowed_values: ['', 'UPGRADE']
default: ''
NodeDataLookup:
type: json
default: {}
description: json containing per-node configuration map
DeploymentServerBlacklist:
default: []
type: comma_delimited_list
description: >
List of server hostnames to blacklist from any triggered deployments.
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
CephConfigOverrides:
type: json
description: Extra config settings to dump into ceph.conf
default: {}
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CephMsgrSecureMode:
type: boolean
default: false
description: >
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph
daemons and also between Ceph clients and daemons.
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
default: 16
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
[{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"},
{"name": "vms", "target_size_ratio": "0.4", "rule_name": "replicated_rule"}]
default: []
type: json
CinderRbdPoolName:
default: volumes
type: string
CinderRbdExtraPools:
default: []
description: >
List of extra Ceph pools for use with RBD backends for Cinder. An
extra Cinder RBD backend driver is created for each pool in the
list. This is in addition to the standard RBD backend driver
associated with the CinderRbdPoolName.
type: comma_delimited_list
CinderBackupRbdPoolName:
default: backups
type: string
GlanceRbdPoolName:
default: images
type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, cinder, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
GnocchiRbdPoolName:
default: metrics
type: string
NovaRbdPoolName:
default: vms
type: string
description: The pool name for RBD backend ephemeral storage.
tags:
- role_specific
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClientUserName:
default: openstack
type: string
CephRgwClientName:
default: radosgw
type: string
CephRgwKey:
description: The cephx key for the radosgw client. Can be created
with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
default: 3
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
ManilaCephFSShareBackendName:
default: cephfs
type: string
ManilaCephFSCephFSAuthId:
default: manila
type: string
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephIPv6:
default: False
type: boolean
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
ContainerCephDaemonImage:
description: image
type: string
# start DEPRECATED options for compatibility with older versions
CephAnsiblePlaybookVerbosity:
default: 1
description: The number of '-v', '-vv', etc. passed to ansible-playbook command
type: number
constraints:
- range: { min: 1, max: 5 }
CephAnsibleEnvironmentVariables:
default: {}
description: Mapping of Ansible environment variables to override defaults.
type: json
SwiftFetchDirGetTempurl:
default: ''
description: A temporary Swift URL to download the fetch_directory from.
type: string
SwiftFetchDirPutTempurl:
default: ''
description: A temporary Swift URL to upload the fetch_directory to.
type: string
LocalCephAnsibleFetchDirectoryBackup:
default: ''
description: Filesystem path on undercloud to persist a copy of the data
from the ceph-ansible fetch directory. Used as an alternative
to backing up the fetch_directory in Swift. Path must be
writable and readable by the user running ansible from
config-download, e.g. the mistral user in the mistral-executor
container is able to read/write to /var/lib/mistral/ceph_fetch
type: string
CephOsdPercentageMin:
default: 0
description: The minimum percentage of Ceph OSDs which must be running and
in the Ceph cluster, according to ceph osd stat, for the
deployment not to fail. Used to catch deployment errors early.
Set this value to 0 to disable this check. Deprecated in Wallaby
because of the move from ceph-ansible to cephadm; the later only
brings up OSDs out of band and deployment does not block while
waiting for them to come up, thus we cannot do this anymore.
type: number
CephAnsiblePlaybook:
type: comma_delimited_list
description: >
List of paths to the ceph-ansible playbooks to execute. If not
specified, the playbook will be determined automatically
depending on type of operation being performed
(deploy/update/upgrade).
default: ['default']
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: {}
CephAnsibleSkipTags:
type: string
description: List of ceph-ansible tags to skip
default: 'package-install,with_pkg'
CephAnsibleRepo:
type: string
description: |
The repository that should be used to install the right ceph-ansible
package. This value can be used by tripleo-validations to double check
the right ceph-ansible version is installed.
default: 'centos-ceph-nautilus'
CephAnsibleWarning:
type: boolean
description: |
In particular scenarios we want this validation to show the warning but
don't fail because the package is installed on the system but repos are
disabled.
default: true
# end DEPRECATED options for compatibility with older versions
ContainerImageRegistryCredentials:
type: json
hidden: true
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
default: {}
CephExtraKeys:
type: json
hidden: true
description: |
List of maps describing extra keys which will be created on the deployed
Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each
item in the list must be in the following example format
- name: "client.glance"
caps:
mgr: "allow *"
mon: "profile rbd"
osd: "profile rbd pool=images"
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
mode: "0600"
default: []
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
NovaEnableRbdBackend:
default: false
description: Whether to enable the Rbd backend for Nova ephemeral storage.
type: boolean
tags:
- role_specific
CinderBackupBackend:
default: swift
description: The short name of the Cinder Backup backend to use.
type: string
constraints:
- allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3']
GnocchiBackend:
default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, file or s3.
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 's3']
EnableInternalTLS:
type: boolean
default: false
CephClientConfigVars:
default: "{{ playbook_dir }}/cephadm/ceph_client.yml"
type: string
description: The undercloud path where cephadm exports the Ceph Client configuration.
CephAnsibleSkipClient:
description: |
This boolean (when true) prevents the ceph-ansible client role execution
by adding the ceph-ansible tag 'ceph_client' to the --skip-tags list.
type: boolean
default: true
CephDynamicSpec:
type: boolean
default: true
description: |
If true the tripleo_run_cephadm role will build an orchestrator-cli-service-spec
file based on the data found in the inventory (which is based on composable roles)
by using the ceph_spec_bootstrap Ansible module in tripleo-ansible.
CephSpecPath:
default: "{{ playbook_dir }}/cephadm/ceph_spec.yaml"
type: string
description: |
The path on the undercloud to a valid Ceph orchestrator CLI service spec file.
If you do not want the spec to be generated automatically and instead prefer
to supply your own spec, then place your spec at this path on the undercloud
and set CephDynamicSpec to false. If CephDynamicSpec is true and CephSpecPath
is set to a valid path, then the spec will be created at that path before it
is used to deploy Ceph. By default the spec will be created by config-download
in config-download/<stack>/cephadm/ceph_spec.yaml.
CephOsdSpec:
description: |
If CephDynamicSpec is true, then any valid OSD service specification set in
CephOsdSpec will appear in the genereated Ceph spec for the 'osd' service_type.
Replaces CephAnsibleDisksConfig. This parameter has no effect if CephDynamicSpec
is false. Use this paramter to override the default of using all available block
devices as data_devices. See the Ceph documentation for cephadm drivegroups.
Exclude service_type, service_id, and placement from this parameter. In the
example below all rotating devices will be data devices and all non-rotating
devices will be used as shared devices (wal, db).
CephOsdSpec:
data_devices:
rotational: 1
db_devices:
rotational: 0
type: json
default:
data_devices:
all: true
CephSpecFqdn:
default: false
type: boolean
description: |
If both CephDynamicSpec and CephSpecFqdn are true, then the hostname and
hosts of the generated Ceph spec will have their fully qualified domain
name instead of their short hostname. This parameter has no effect if
CephDynamicSpec is false.
CephCrushRules:
type: json
description: |
List of rules describing the device classes that will be found on the deployed
Ceph cluster. They can be specified in the following form
- name: HDD
root: default
type: host
class: hdd
default: true
default: []
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- LocalCephAnsibleFetchDirectoryBackup
- SwiftFetchDirGetTempurl
- SwiftFetchDirPutTempurl
- CephIPv6
- CephAnsibleEnvironmentVariables
- CephAnsibleExtraConfig
- CephAnsiblePlaybook
- CephAnsiblePlaybookVerbosity
- CephAnsibleRepo
- CephAnsibleSkipTags
- CephAnsibleSkipClient
- CephAnsibleWarning
- CephOsdPercentageMin
conditions:
custom_registry_host:
yaql:
data: {get_param: ContainerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
ceph_authenticated_registry:
and:
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty()
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
resources:
ContainerImageUrlParts:
type: OS::Heat::Value
properties:
type: json
value:
host:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCephDaemonImage}
image_tag:
yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
DefaultCephConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
CephAdmVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_fsid: {get_param: CephClusterFSID}
tripleo_cephadm_cluster: {get_param: CephClusterName}
tripleo_cephadm_container_cli: {get_param: ContainerCli}
tripleo_ceph_client_vars: {get_param: CephClientConfigVars}
tripleo_cephadm_dashboard_enabled: {get_param: CephEnableDashboard}
cephfs: {get_param: ManilaCephFSShareBackendName}
tripleo_cephadm_container_ns: {get_attr: [ContainerImageUrlParts, value, host]}
tripleo_cephadm_container_image: {get_attr: [ContainerImageUrlParts, value, image]}
tripleo_cephadm_container_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]}
tripleo_cephadm_crush_rules: {get_param: CephCrushRules}
ceph_container_registry_auth:
if:
- ceph_authenticated_registry
- true
- false
ceph_container_registry_username:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "")
ceph_container_registry_password:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "")
public_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]
cluster_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
outputs:
role_data:
description: Role data for the Ceph base service.
value:
service_name: ceph_base
upgrade_tasks: []
puppet_config: {}
docker_config: {}
config_settings: {}
external_deploy_tasks:
- name: ceph_base_external_deploy_task
when: step|int == 2
tags:
- ceph
block:
- name: create cephadm working directory and related files
include_role:
name: tripleo_run_cephadm
tasks_from: prepare.yml
vars:
ceph_pools:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
if:
- equals:
- {get_param: GlanceBackend}
- 'rbd'
- true
- false
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
manila_pools:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
ceph_keys:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
ceph_config_overrides: {get_param: CephConfigOverrides}
tripleo_run_cephadm_spec_path: {get_param: CephSpecPath}
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
ceph_spec_fqdn: {get_param: CephSpecFqdn}
ceph_osd_spec: {get_param: CephOsdSpec}
ceph_default_overrides:
global:
if:
- {get_param: CephMsgrSecureMode}
- map_merge:
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
- ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]}
# This is supposed to run a playbook which is responsible to
# deploy Ceph using cephadm.
# The storage network is supposed to be available since we are
# at step 2
# TODO: (fpantano) Remove this section when --network-ports is
# available and Ceph deployment can be moved **before**
# the overcloud.
- name: Prepare cephadm user and keys
include_role:
name: tripleo_run_cephadm
tasks_from: enable_ceph_admin_user.yml
when: groups['ceph_mon'] | default([]) | length > 0 or
groups['ceph_nfs'] | default([]) | length > 0
- name: Deploy the ceph cluster using cephadm
include_role:
name: tripleo_run_cephadm
when: groups['ceph_mon'] | default([]) | length > 0 or
groups['ceph_nfs'] | default([]) | length > 0
post_upgrade_tasks:
- name: Clean puppet-ceph package
when:
- (step | int) == 3
package:
name: puppet-ceph
state: absent