d1eb0bc0dc
The admin endpoint is listening on the ctlplane network by default; services should ideally be using the internal api network for this kind of traffic, as the ctlplane network is mostly for provisioning. On the other hand, the admin endpoint shouldn't be as relevant with services switching to keystone v3. Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
91 lines
3.7 KiB
YAML
91 lines
3.7 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
Ceph RadosGW service.
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
AdminToken:
|
|
description: The keystone auth secret and db password.
|
|
type: string
|
|
hidden: true
|
|
CephRgwKey:
|
|
description: The cephx key for the radosgw client. Can be created
|
|
with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
SwiftPassword:
|
|
description: The password for the swift service account, used by the Ceph RGW services.
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
|
|
resources:
|
|
CephBase:
|
|
type: ./ceph-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ceph RadosGW service.
|
|
value:
|
|
service_name: ceph_rgw
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CephBase, role_data, config_settings]
|
|
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
|
|
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
|
|
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
|
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
|
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
|
|
ceph::profile::params::rgw_keystone_admin_domain: default
|
|
ceph::profile::params::rgw_keystone_admin_project: service
|
|
ceph::profile::params::rgw_keystone_admin_user: swift
|
|
ceph::profile::params::rgw_keystone_admin_password: {get_param: SwiftPassword}
|
|
tripleo.ceph_rgw.firewall_rules:
|
|
'122 ceph rgw':
|
|
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
|
|
step_config: |
|
|
include ::tripleo::profile::base::ceph::rgw
|
|
service_config_settings:
|
|
keystone:
|
|
ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
|
ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
|
ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
|
ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
|
|
ceph::rgw::keystone::auth::roles: [ 'admin', 'member', '_member_' ]
|
|
ceph::rgw::keystone::auth::tenant: service
|
|
ceph::rgw::keystone::auth::user: swift
|
|
ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}
|
|
upgrade_tasks:
|
|
- name: Gather RGW instance ID
|
|
tags: step0
|
|
shell: hiera -c /etc/puppet/hiera.yaml ceph::profile::params::rgw_name radosgw.gateway
|
|
register: rgw_id
|
|
- name: Check status
|
|
shell: /usr/bin/systemctl show ceph-radosgw@{{rgw_id.stdout}} --property ActiveState | grep '\bactive\b'
|
|
tags: step0,validation
|
|
- name: Stop RGW instance
|
|
tags: step1
|
|
service: name=ceph-radosgw@{{rgw_id.stdout}} state=stopped
|