openstack/tripleo-heat-templates
Code Issues Proposed changes
643c3d25d9
tripleo-heat-templates/deployment/ceph-ansible/ceph-nfs.yaml
Tom Barron 823ec82238 set ganesha idmap.conf file path and overrides 
Traditionally,  Ganesha consumes /etc/idmapd.conf, which controls
mapping of user/owner identities under NFSv4+.  With containerized service
deployment, this file has beenan immutable part of the container image
and could not be modified.

Recently ceph-ansible was modified to allow the user to set the path
for idmapd.conf and to override ini settings in this file by supplying
json configuration for the overrides in the same way that it can be
supplied for ceph.conf overrides [1].  Also, the default path setting
for the idmapd.conf file is /etc/ganesha/idmap.conf, which already is
reflected into containerized ganesha under /etc/ganesha, solving the
immutability issue.  If no overrides are supplied, the file put in this
location will match that originally frozen into the container, so there
is no issue here with backwards compatibility.

This change exposes parameters for idmap.conf file path and override
contents in TripleO and passes them into ceph-ansible.  It also sets up
these parameters for cephadm.  Cephadm support for OpenStack Ganesha
is WIP so there will likely need to be a followup patch to make these
effective when cephadm replaces ceph ansible.

[1] https://github.com/ceph/ceph-ansible/pull/6422

Change-Id: I422e49f0027efbbb25256d8b4718eb0aa78d90a4
(cherry picked from commit 9a42686dc7)
(cherry picked from commit b2a8641a5c)
2021-06-09 12:26:28 +00:00

152 lines
5.6 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Ceph NFS Ganeshaservice.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ManilaCephFSCephFSAuthId:
type: string
default: 'manila'
ManilaCephFSNFSIdmapConf:
type: string
default: '/etc/ganesha/idmap.conf'
ManilaCephFSNFSIdmapOverrides:
type: json
description: Extra config settings to dump into idmap.conf
default: {}
resources:
CephBase:
type: ./ceph-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
CephNfsAnsibleVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
ceph_nfs_enable_service: false
ceph_nfs_use_pacemaker: true
ceph_nfs_dynamic_exports: true
ceph_nfs_service_suffix: pacemaker
nfs_obj_gw: false
ceph_nfs_rados_backend: true
ceph_nfs_disable_caching: true
ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
ceph_nfs_idmap_conf: {get_param: ManilaCephFSNFSIdmapConf}
ceph_nfs_idmap_overrides: {get_param: ManilaCephFSNFSIdmapOverrides}
outputs:
role_data:
description: Role data for the Ceph NFS Ganesha service.
value:
service_name: ceph_nfs
firewall_rules:
'120 ceph_nfs':
dport:
# We support only NFS 4.1 to start
- 2049
upgrade_tasks:
- name: Create hiera data to upgrade ceph_nfs in a stepwise manner.
when:
- step|int == 1
- cluster_recreate|bool
block:
- name: set ceph_nfs upgrade node facts in a single-node environment
set_fact:
ceph_nfs_short_node_names_upgraded: "{{ ceph_nfs_short_node_names }}"
cacheable: no
when: groups['ceph_nfs'] | length <= 1
- name: set ceph_nfs upgrade node facts from the limit option
set_fact:
ceph_nfs_short_node_names_upgraded: "{{ ceph_nfs_short_node_names_upgraded|default([]) + [item.split('.')[0]] }}"
cacheable: no
when:
- groups['ceph_nfs'] | length > 1
- item.split('.')[0] in ansible_limit.split(':')
loop: "{{ ceph_nfs_short_node_names | default([]) }}"
- fail:
msg: >
You can't upgrade ceph_nfs without staged
upgrade. You need to use the limit option in order
to do so.
when: >-
ceph_nfs_short_node_names_upgraded is not defined or
ceph_nfs_short_node_names_upgraded | length == 0
- debug:
msg: "Prepare ceph_nfs upgrade for {{ ceph_nfs_short_node_names_upgraded }}"
- name: add the ceph_nfs short name to hiera data for the upgrade.
include_role:
name: tripleo_upgrade_hiera
tasks_from: set.yml
vars:
tripleo_upgrade_key: ceph_nfs_short_node_names_override
tripleo_upgrade_value: "{{ceph_nfs_short_node_names_upgraded}}"
- name: remove the extra hiera data needed for the upgrade.
include_role:
name: tripleo_upgrade_hiera
tasks_from: remove.yml
vars:
tripleo_upgrade_key: ceph_nfs_short_node_names_override
when: ceph_nfs_short_node_names_upgraded | length == ceph_nfs_short_node_names | length
step_config: 'include tripleo::profile::pacemaker::ceph_nfs'
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
# step_config seems to be ignored if docker_config is present
#docker_config: {}
external_deploy_tasks:
list_concat:
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
- - name: ceph_nfs_external_deploy_init
when: step|int == 1
tags:
- ceph
- ceph_fstobs
- ceph_systemd
block:
- name: set ceph-ansible group vars nfss
set_fact:
ceph_ansible_group_vars_nfss: {get_attr: [CephNfsAnsibleVars, value, vars]}
- name: generate ceph-ansible group vars nfss
copy:
dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml"
content: "{{ceph_ansible_group_vars_nfss|to_nice_yaml}}"
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
View Git Blame Copy Permalink