823ec82238
Traditionally, Ganesha consumes /etc/idmapd.conf, which controls mapping of user/owner identities under NFSv4+. With containerized service deployment, this file has beenan immutable part of the container image and could not be modified. Recently ceph-ansible was modified to allow the user to set the path for idmapd.conf and to override ini settings in this file by supplying json configuration for the overrides in the same way that it can be supplied for ceph.conf overrides [1]. Also, the default path setting for the idmapd.conf file is /etc/ganesha/idmap.conf, which already is reflected into containerized ganesha under /etc/ganesha, solving the immutability issue. If no overrides are supplied, the file put in this location will match that originally frozen into the container, so there is no issue here with backwards compatibility. This change exposes parameters for idmap.conf file path and override contents in TripleO and passes them into ceph-ansible. It also sets up these parameters for cephadm. Cephadm support for OpenStack Ganesha is WIP so there will likely need to be a followup patch to make these effective when cephadm replaces ceph ansible. [1] https://github.com/ceph/ceph-ansible/pull/6422 Change-Id: I422e49f0027efbbb25256d8b4718eb0aa78d90a4 (cherry picked from commit9a42686dc7
) (cherry picked from commitb2a8641a5c
)
152 lines
5.6 KiB
YAML
152 lines
5.6 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Ceph NFS Ganeshaservice.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ManilaCephFSCephFSAuthId:
|
|
type: string
|
|
default: 'manila'
|
|
ManilaCephFSNFSIdmapConf:
|
|
type: string
|
|
default: '/etc/ganesha/idmap.conf'
|
|
ManilaCephFSNFSIdmapOverrides:
|
|
type: json
|
|
description: Extra config settings to dump into idmap.conf
|
|
default: {}
|
|
|
|
resources:
|
|
CephBase:
|
|
type: ./ceph-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
CephNfsAnsibleVars:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
vars:
|
|
ceph_nfs_bind_addr: {get_param: [EndpointMap, GaneshaInternal, host_nobrackets]}
|
|
ceph_nfs_enable_service: false
|
|
ceph_nfs_use_pacemaker: true
|
|
ceph_nfs_dynamic_exports: true
|
|
ceph_nfs_service_suffix: pacemaker
|
|
nfs_obj_gw: false
|
|
ceph_nfs_rados_backend: true
|
|
ceph_nfs_disable_caching: true
|
|
ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId}
|
|
ceph_nfs_idmap_conf: {get_param: ManilaCephFSNFSIdmapConf}
|
|
ceph_nfs_idmap_overrides: {get_param: ManilaCephFSNFSIdmapOverrides}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ceph NFS Ganesha service.
|
|
value:
|
|
service_name: ceph_nfs
|
|
firewall_rules:
|
|
'120 ceph_nfs':
|
|
dport:
|
|
# We support only NFS 4.1 to start
|
|
- 2049
|
|
upgrade_tasks:
|
|
- name: Create hiera data to upgrade ceph_nfs in a stepwise manner.
|
|
when:
|
|
- step|int == 1
|
|
- cluster_recreate|bool
|
|
block:
|
|
- name: set ceph_nfs upgrade node facts in a single-node environment
|
|
set_fact:
|
|
ceph_nfs_short_node_names_upgraded: "{{ ceph_nfs_short_node_names }}"
|
|
cacheable: no
|
|
when: groups['ceph_nfs'] | length <= 1
|
|
- name: set ceph_nfs upgrade node facts from the limit option
|
|
set_fact:
|
|
ceph_nfs_short_node_names_upgraded: "{{ ceph_nfs_short_node_names_upgraded|default([]) + [item.split('.')[0]] }}"
|
|
cacheable: no
|
|
when:
|
|
- groups['ceph_nfs'] | length > 1
|
|
- item.split('.')[0] in ansible_limit.split(':')
|
|
loop: "{{ ceph_nfs_short_node_names | default([]) }}"
|
|
- fail:
|
|
msg: >
|
|
You can't upgrade ceph_nfs without staged
|
|
upgrade. You need to use the limit option in order
|
|
to do so.
|
|
when: >-
|
|
ceph_nfs_short_node_names_upgraded is not defined or
|
|
ceph_nfs_short_node_names_upgraded | length == 0
|
|
- debug:
|
|
msg: "Prepare ceph_nfs upgrade for {{ ceph_nfs_short_node_names_upgraded }}"
|
|
- name: add the ceph_nfs short name to hiera data for the upgrade.
|
|
include_role:
|
|
name: tripleo_upgrade_hiera
|
|
tasks_from: set.yml
|
|
vars:
|
|
tripleo_upgrade_key: ceph_nfs_short_node_names_override
|
|
tripleo_upgrade_value: "{{ceph_nfs_short_node_names_upgraded}}"
|
|
- name: remove the extra hiera data needed for the upgrade.
|
|
include_role:
|
|
name: tripleo_upgrade_hiera
|
|
tasks_from: remove.yml
|
|
vars:
|
|
tripleo_upgrade_key: ceph_nfs_short_node_names_override
|
|
when: ceph_nfs_short_node_names_upgraded | length == ceph_nfs_short_node_names | length
|
|
step_config: 'include tripleo::profile::pacemaker::ceph_nfs'
|
|
puppet_config:
|
|
config_image: ''
|
|
config_volume: ''
|
|
step_config: ''
|
|
# step_config seems to be ignored if docker_config is present
|
|
#docker_config: {}
|
|
external_deploy_tasks:
|
|
list_concat:
|
|
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
|
|
- - name: ceph_nfs_external_deploy_init
|
|
when: step|int == 1
|
|
tags:
|
|
- ceph
|
|
- ceph_fstobs
|
|
- ceph_systemd
|
|
block:
|
|
- name: set ceph-ansible group vars nfss
|
|
set_fact:
|
|
ceph_ansible_group_vars_nfss: {get_attr: [CephNfsAnsibleVars, value, vars]}
|
|
- name: generate ceph-ansible group vars nfss
|
|
copy:
|
|
dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml"
|
|
content: "{{ceph_ansible_group_vars_nfss|to_nice_yaml}}"
|
|
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
|
|
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|