601 lines
22 KiB
YAML
601 lines
22 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
Ceph base service. Shared by all Ceph services.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
StackUpdateType:
|
|
type: string
|
|
description: >
|
|
Type of update, to differentiate between UPGRADE and UPDATE cases
|
|
when StackAction is UPDATE (both are the same stack action).
|
|
constraints:
|
|
- allowed_values: ['', 'UPGRADE']
|
|
default: ''
|
|
NodeDataLookup:
|
|
type: json
|
|
default: {}
|
|
description: json containing per-node configuration map
|
|
DeploymentServerBlacklist:
|
|
default: []
|
|
type: comma_delimited_list
|
|
description: >
|
|
List of server hostnames to blacklist from any triggered deployments.
|
|
ContainerCli:
|
|
type: string
|
|
default: 'podman'
|
|
description: CLI tool used to manage containers.
|
|
constraints:
|
|
- allowed_values: ['docker', 'podman']
|
|
CephEnableDashboard:
|
|
type: boolean
|
|
default: false
|
|
description: Parameter used to trigger the dashboard deployment.
|
|
CephConfigOverrides:
|
|
type: json
|
|
description: Extra config settings to dump into ceph.conf
|
|
default: {}
|
|
CephClusterFSID:
|
|
type: string
|
|
description: The Ceph cluster FSID. Must be a UUID.
|
|
CephClusterName:
|
|
type: string
|
|
default: ceph
|
|
description: The Ceph cluster name.
|
|
constraints:
|
|
- allowed_pattern: "[a-zA-Z0-9]+"
|
|
description: >
|
|
The Ceph cluster name must be at least 1 character and contain only
|
|
letters and numbers.
|
|
CephMsgrSecureMode:
|
|
type: boolean
|
|
default: false
|
|
description: >
|
|
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph
|
|
daemons and also between Ceph clients and daemons.
|
|
CephPoolDefaultPgNum:
|
|
description: default pg_num to use for the RBD pools
|
|
type: number
|
|
default: 16
|
|
CephPools:
|
|
description: >
|
|
It can be used to override settings for one of the predefined pools, or to create
|
|
additional ones. Example:
|
|
[{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"},
|
|
{"name": "vms", "target_size_ratio": "0.4", "rule_name": "replicated_rule"}]
|
|
default: []
|
|
type: json
|
|
CinderRbdPoolName:
|
|
default: volumes
|
|
type: string
|
|
CinderRbdExtraPools:
|
|
default: []
|
|
description: >
|
|
List of extra Ceph pools for use with RBD backends for Cinder. An
|
|
extra Cinder RBD backend driver is created for each pool in the
|
|
list. This is in addition to the standard RBD backend driver
|
|
associated with the CinderRbdPoolName.
|
|
type: comma_delimited_list
|
|
CinderBackupRbdPoolName:
|
|
default: backups
|
|
type: string
|
|
GlanceRbdPoolName:
|
|
default: images
|
|
type: string
|
|
GlanceBackend:
|
|
default: swift
|
|
description: The short name of the Glance backend to use. Should be one
|
|
of swift, rbd, cinder, or file
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
|
|
GnocchiRbdPoolName:
|
|
default: metrics
|
|
type: string
|
|
NovaRbdPoolName:
|
|
default: vms
|
|
type: string
|
|
description: The pool name for RBD backend ephemeral storage.
|
|
tags:
|
|
- role_specific
|
|
CephClientKey:
|
|
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
constraints:
|
|
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
|
|
CephClientUserName:
|
|
default: openstack
|
|
type: string
|
|
CephRgwClientName:
|
|
default: radosgw
|
|
type: string
|
|
CephRgwKey:
|
|
description: The cephx key for the radosgw client. Can be created
|
|
with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
constraints:
|
|
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
|
|
CephPoolDefaultSize:
|
|
description: default minimum replication for RBD copies
|
|
type: number
|
|
default: 3
|
|
ManilaCephFSDataPoolName:
|
|
default: manila_data
|
|
type: string
|
|
ManilaCephFSMetadataPoolName:
|
|
default: manila_metadata
|
|
type: string
|
|
ManilaCephFSShareBackendName:
|
|
default: cephfs
|
|
type: string
|
|
ManilaCephFSCephFSAuthId:
|
|
default: manila
|
|
type: string
|
|
CephManilaClientKey:
|
|
default: ''
|
|
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
constraints:
|
|
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
|
|
CephIPv6:
|
|
default: False
|
|
type: boolean
|
|
SwiftPassword:
|
|
description: The password for the swift service account
|
|
type: string
|
|
hidden: true
|
|
ContainerCephDaemonImage:
|
|
description: image
|
|
type: string
|
|
# start DEPRECATED options for compatibility with older versions
|
|
CephAnsiblePlaybookVerbosity:
|
|
default: 1
|
|
description: The number of '-v', '-vv', etc. passed to ansible-playbook command
|
|
type: number
|
|
constraints:
|
|
- range: { min: 1, max: 5 }
|
|
CephAnsibleEnvironmentVariables:
|
|
default: {}
|
|
description: Mapping of Ansible environment variables to override defaults.
|
|
type: json
|
|
SwiftFetchDirGetTempurl:
|
|
default: ''
|
|
description: A temporary Swift URL to download the fetch_directory from.
|
|
type: string
|
|
SwiftFetchDirPutTempurl:
|
|
default: ''
|
|
description: A temporary Swift URL to upload the fetch_directory to.
|
|
type: string
|
|
LocalCephAnsibleFetchDirectoryBackup:
|
|
default: ''
|
|
description: Filesystem path on undercloud to persist a copy of the data
|
|
from the ceph-ansible fetch directory. Used as an alternative
|
|
to backing up the fetch_directory in Swift. Path must be
|
|
writable and readable by the user running ansible from
|
|
config-download, e.g. the mistral user in the mistral-executor
|
|
container is able to read/write to /var/lib/mistral/ceph_fetch
|
|
type: string
|
|
CephOsdPercentageMin:
|
|
default: 0
|
|
description: The minimum percentage of Ceph OSDs which must be running and
|
|
in the Ceph cluster, according to ceph osd stat, for the
|
|
deployment not to fail. Used to catch deployment errors early.
|
|
Set this value to 0 to disable this check. Deprecated in Wallaby
|
|
because of the move from ceph-ansible to cephadm; the later only
|
|
brings up OSDs out of band and deployment does not block while
|
|
waiting for them to come up, thus we cannot do this anymore.
|
|
type: number
|
|
CephAnsiblePlaybook:
|
|
type: comma_delimited_list
|
|
description: >
|
|
List of paths to the ceph-ansible playbooks to execute. If not
|
|
specified, the playbook will be determined automatically
|
|
depending on type of operation being performed
|
|
(deploy/update/upgrade).
|
|
default: ['default']
|
|
CephAnsibleExtraConfig:
|
|
type: json
|
|
description: Extra vars for the ceph-ansible playbook
|
|
default: {}
|
|
CephAnsibleSkipTags:
|
|
type: string
|
|
description: List of ceph-ansible tags to skip
|
|
default: 'package-install,with_pkg'
|
|
CephAnsibleRepo:
|
|
type: string
|
|
description: |
|
|
The repository that should be used to install the right ceph-ansible
|
|
package. This value can be used by tripleo-validations to double check
|
|
the right ceph-ansible version is installed.
|
|
default: 'centos-ceph-nautilus'
|
|
CephAnsibleWarning:
|
|
type: boolean
|
|
description: |
|
|
In particular scenarios we want this validation to show the warning but
|
|
don't fail because the package is installed on the system but repos are
|
|
disabled.
|
|
default: true
|
|
# end DEPRECATED options for compatibility with older versions
|
|
ContainerImageRegistryCredentials:
|
|
type: json
|
|
hidden: true
|
|
description: |
|
|
Mapping of image registry hosts to login credentials. Must be in the following example format
|
|
|
|
docker.io:
|
|
username: pa55word
|
|
'192.0.2.1:8787':
|
|
registry_username: password
|
|
default: {}
|
|
CephExtraKeys:
|
|
type: json
|
|
hidden: true
|
|
description: |
|
|
List of maps describing extra keys which will be created on the deployed
|
|
Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each
|
|
item in the list must be in the following example format
|
|
- name: "client.glance"
|
|
caps:
|
|
mgr: "allow *"
|
|
mon: "profile rbd"
|
|
osd: "profile rbd pool=images"
|
|
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
|
|
mode: "0600"
|
|
default: []
|
|
CinderEnableRbdBackend:
|
|
default: false
|
|
description: Whether to enable or not the Rbd backend for Cinder
|
|
type: boolean
|
|
NovaEnableRbdBackend:
|
|
default: false
|
|
description: Whether to enable the Rbd backend for Nova ephemeral storage.
|
|
type: boolean
|
|
tags:
|
|
- role_specific
|
|
CinderBackupBackend:
|
|
default: swift
|
|
description: The short name of the Cinder Backup backend to use.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3']
|
|
GnocchiBackend:
|
|
default: swift
|
|
description: The short name of the Gnocchi backend to use. Should be one
|
|
of swift, rbd, file or s3.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['swift', 'file', 'rbd', 's3']
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CephClientConfigVars:
|
|
default: "{{ playbook_dir }}/cephadm/ceph_client.yml"
|
|
type: string
|
|
description: The undercloud path where cephadm exports the Ceph Client configuration.
|
|
CephAnsibleSkipClient:
|
|
description: |
|
|
This boolean (when true) prevents the ceph-ansible client role execution
|
|
by adding the ceph-ansible tag 'ceph_client' to the --skip-tags list.
|
|
type: boolean
|
|
default: true
|
|
CephDynamicSpec:
|
|
type: boolean
|
|
default: true
|
|
description: |
|
|
If true the tripleo_run_cephadm role will build an orchestrator-cli-service-spec
|
|
file based on the data found in the inventory (which is based on composable roles)
|
|
by using the ceph_spec_bootstrap Ansible module in tripleo-ansible.
|
|
CephSpecPath:
|
|
default: "{{ playbook_dir }}/cephadm/ceph_spec.yaml"
|
|
type: string
|
|
description: |
|
|
The path on the undercloud to a valid Ceph orchestrator CLI service spec file.
|
|
If you do not want the spec to be generated automatically and instead prefer
|
|
to supply your own spec, then place your spec at this path on the undercloud
|
|
and set CephDynamicSpec to false. If CephDynamicSpec is true and CephSpecPath
|
|
is set to a valid path, then the spec will be created at that path before it
|
|
is used to deploy Ceph. By default the spec will be created by config-download
|
|
in config-download/<stack>/cephadm/ceph_spec.yaml.
|
|
CephOsdSpec:
|
|
description: |
|
|
If CephDynamicSpec is true, then any valid OSD service specification set in
|
|
CephOsdSpec will appear in the genereated Ceph spec for the 'osd' service_type.
|
|
Replaces CephAnsibleDisksConfig. This parameter has no effect if CephDynamicSpec
|
|
is false. Use this paramter to override the default of using all available block
|
|
devices as data_devices. See the Ceph documentation for cephadm drivegroups.
|
|
Exclude service_type, service_id, and placement from this parameter. In the
|
|
example below all rotating devices will be data devices and all non-rotating
|
|
devices will be used as shared devices (wal, db).
|
|
CephOsdSpec:
|
|
data_devices:
|
|
rotational: 1
|
|
db_devices:
|
|
rotational: 0
|
|
type: json
|
|
default:
|
|
data_devices:
|
|
all: true
|
|
CephSpecFqdn:
|
|
default: false
|
|
type: boolean
|
|
description: |
|
|
If both CephDynamicSpec and CephSpecFqdn are true, then the hostname and
|
|
hosts of the generated Ceph spec will have their fully qualified domain
|
|
name instead of their short hostname. This parameter has no effect if
|
|
CephDynamicSpec is false.
|
|
CephCrushRules:
|
|
type: json
|
|
description: |
|
|
List of rules describing the device classes that will be found on the deployed
|
|
Ceph cluster. They can be specified in the following form
|
|
- name: HDD
|
|
root: default
|
|
type: host
|
|
class: hdd
|
|
default: true
|
|
default: []
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: Do not use deprecated params, they will be removed.
|
|
parameters:
|
|
- LocalCephAnsibleFetchDirectoryBackup
|
|
- SwiftFetchDirGetTempurl
|
|
- SwiftFetchDirPutTempurl
|
|
- CephIPv6
|
|
- CephAnsibleEnvironmentVariables
|
|
- CephAnsibleExtraConfig
|
|
- CephAnsiblePlaybook
|
|
- CephAnsiblePlaybookVerbosity
|
|
- CephAnsibleRepo
|
|
- CephAnsibleSkipTags
|
|
- CephAnsibleSkipClient
|
|
- CephAnsibleWarning
|
|
- CephOsdPercentageMin
|
|
|
|
conditions:
|
|
custom_registry_host:
|
|
yaql:
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
expression: $.data.split('/')[0].matches('(\.|:)')
|
|
ceph_authenticated_registry:
|
|
and:
|
|
- not:
|
|
yaql:
|
|
data:
|
|
cred: {get_param: ContainerImageRegistryCredentials}
|
|
ns:
|
|
yaql:
|
|
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty()
|
|
- not:
|
|
yaql:
|
|
data:
|
|
cred: {get_param: ContainerImageRegistryCredentials}
|
|
ns:
|
|
yaql:
|
|
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
|
|
|
|
resources:
|
|
ContainerImageUrlParts:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
host:
|
|
if:
|
|
- custom_registry_host
|
|
- yaql:
|
|
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
- docker.io
|
|
image:
|
|
if:
|
|
- custom_registry_host
|
|
- yaql:
|
|
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
- yaql:
|
|
expression: $.data.rightSplit(':', 1)[0]
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
image_tag:
|
|
yaql:
|
|
expression: $.data.rightSplit(':', 1)[1]
|
|
data: {get_param: ContainerCephDaemonImage}
|
|
|
|
DefaultCephConfigOverrides:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
vars:
|
|
osd_pool_default_size: {get_param: CephPoolDefaultSize}
|
|
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
|
|
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
|
|
|
|
CephAdmVars:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
vars:
|
|
tripleo_cephadm_fsid: {get_param: CephClusterFSID}
|
|
tripleo_cephadm_cluster: {get_param: CephClusterName}
|
|
tripleo_cephadm_container_cli: {get_param: ContainerCli}
|
|
tripleo_ceph_client_vars: {get_param: CephClientConfigVars}
|
|
tripleo_cephadm_dashboard_enabled: {get_param: CephEnableDashboard}
|
|
cephfs: {get_param: ManilaCephFSShareBackendName}
|
|
tripleo_cephadm_container_ns: {get_attr: [ContainerImageUrlParts, value, host]}
|
|
tripleo_cephadm_container_image: {get_attr: [ContainerImageUrlParts, value, image]}
|
|
tripleo_cephadm_container_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]}
|
|
tripleo_cephadm_crush_rules: {get_param: CephCrushRules}
|
|
ceph_container_registry_auth:
|
|
if:
|
|
- ceph_authenticated_registry
|
|
- true
|
|
- false
|
|
ceph_container_registry_username:
|
|
yaql:
|
|
data:
|
|
cred: {get_param: ContainerImageRegistryCredentials}
|
|
ns: {get_attr: [ContainerImageUrlParts, value, host]}
|
|
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "")
|
|
ceph_container_registry_password:
|
|
yaql:
|
|
data:
|
|
cred: {get_param: ContainerImageRegistryCredentials}
|
|
ns: {get_attr: [ContainerImageUrlParts, value, host]}
|
|
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "")
|
|
public_network:
|
|
list_join:
|
|
- ','
|
|
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]
|
|
cluster_network:
|
|
list_join:
|
|
- ','
|
|
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ceph base service.
|
|
value:
|
|
service_name: ceph_base
|
|
upgrade_tasks: []
|
|
puppet_config: {}
|
|
docker_config: {}
|
|
config_settings: {}
|
|
external_deploy_tasks:
|
|
- name: ceph_base_external_deploy_task
|
|
when: step|int == 2
|
|
tags:
|
|
- ceph
|
|
block:
|
|
- name: create cephadm working directory and related files
|
|
include_role:
|
|
name: tripleo_run_cephadm
|
|
tasks_from: prepare.yml
|
|
vars:
|
|
ceph_pools:
|
|
gnocchi_pool:
|
|
name: {get_param: GnocchiRbdPoolName}
|
|
enabled:
|
|
if:
|
|
- equals:
|
|
- {get_param: GnocchiBackend}
|
|
- 'rbd'
|
|
- true
|
|
- false
|
|
nova_pool:
|
|
name: {get_param: NovaRbdPoolName}
|
|
enabled: {get_param: NovaEnableRbdBackend}
|
|
glance_pool:
|
|
name: {get_param: GlanceRbdPoolName}
|
|
enabled:
|
|
if:
|
|
- equals:
|
|
- {get_param: GlanceBackend}
|
|
- 'rbd'
|
|
- true
|
|
- false
|
|
cinder_pool:
|
|
name: {get_param: CinderRbdPoolName}
|
|
enabled: {get_param: CinderEnableRbdBackend}
|
|
cinder_extra_pools: {get_param: CinderRbdExtraPools}
|
|
cinder_backup_pool:
|
|
name: {get_param: CinderBackupRbdPoolName}
|
|
enabled:
|
|
if:
|
|
- equals:
|
|
- {get_param: CinderBackupBackend}
|
|
- 'ceph'
|
|
- true
|
|
- false
|
|
extra_pools: {get_param: CephPools}
|
|
pg_num: {get_param: CephPoolDefaultPgNum}
|
|
manila_pools:
|
|
data: {get_param: ManilaCephFSDataPoolName}
|
|
metadata: {get_param: ManilaCephFSMetadataPoolName}
|
|
data_pg_num: {get_param: CephPoolDefaultPgNum}
|
|
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
|
|
ceph_keys:
|
|
openstack_client:
|
|
name: {get_param: CephClientUserName}
|
|
key: {get_param: CephClientKey}
|
|
manila:
|
|
name: {get_param: ManilaCephFSCephFSAuthId}
|
|
key: {get_param: CephManilaClientKey}
|
|
radosgw:
|
|
name: {get_param: CephRgwClientName}
|
|
key: {get_param: CephRgwKey}
|
|
extra_keys: {get_param: CephExtraKeys}
|
|
ceph_config_overrides: {get_param: CephConfigOverrides}
|
|
tripleo_run_cephadm_spec_path: {get_param: CephSpecPath}
|
|
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
|
|
ceph_spec_fqdn: {get_param: CephSpecFqdn}
|
|
ceph_osd_spec: {get_param: CephOsdSpec}
|
|
ceph_default_overrides:
|
|
global:
|
|
if:
|
|
- {get_param: CephMsgrSecureMode}
|
|
- map_merge:
|
|
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
|
|
- ms_cluster_mode: secure
|
|
ms_service_mode: secure
|
|
ms_client_mode: secure
|
|
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
|
|
cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]}
|
|
# This is supposed to run a playbook which is responsible to
|
|
# deploy Ceph using cephadm.
|
|
# The storage network is supposed to be available since we are
|
|
# at step 2
|
|
# TODO: (fpantano) Remove this section when --network-ports is
|
|
# available and Ceph deployment can be moved **before**
|
|
# the overcloud.
|
|
- name: Prepare cephadm user and keys
|
|
include_role:
|
|
name: tripleo_run_cephadm
|
|
tasks_from: enable_ceph_admin_user.yml
|
|
when: groups['ceph_mon'] | default([]) | length > 0 or
|
|
groups['ceph_nfs'] | default([]) | length > 0
|
|
- name: Deploy the ceph cluster using cephadm
|
|
include_role:
|
|
name: tripleo_run_cephadm
|
|
when: groups['ceph_mon'] | default([]) | length > 0 or
|
|
groups['ceph_nfs'] | default([]) | length > 0
|
|
post_upgrade_tasks:
|
|
- name: Clean puppet-ceph package
|
|
when:
|
|
- (step | int) == 3
|
|
package:
|
|
name: puppet-ceph
|
|
state: absent
|