openstack/tripleo-heat-templates
Code Issues Proposed changes
d1fcf403dc
tripleo-heat-templates/puppet/services/cinder-volume.yaml
Alan Bishop 4a48ad89a1 Add support for Cinder "NAS secure" driver params 
Add new parameters that control the NAS security settings in Cinder's
NFS and NetApp back end drivers. The settings are disabled by default.

Partial-Bug: #1688332
Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308
Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
2017-06-12 10:58:13 -04:00

154 lines
6.2 KiB
YAML
Raw Blame History

heat_template_version: pike
description: >
OpenStack Cinder Volume service configured with Puppet
parameters:
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
type: boolean
CinderEnableIscsiBackend:
default: true
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CinderISCSIHelper:
default: lioadm
description: The iSCSI helper to use with cinder.
type: string
CinderISCSIProtocol:
default: iscsi
description: Whether to use TCP ('iscsi') or iSER RDMA ('iser') for iSCSI
type: string
CinderLVMLoopDeviceSize:
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsMountOptions:
default: ''
description: >
Mount options for NFS mounts used by Cinder NFS backend. Effective
when CinderEnableNfsBackend is true.
type: string
CinderNfsServers:
default: ''
description: >
NFS servers used by Cinder NFS backend. Effective when
CinderEnableNfsBackend is true.
type: comma_delimited_list
CinderNasSecureFileOperations:
default: false
description: >
Controls whether security enhanced NFS file operations are enabled.
Valid values are 'auto', 'true' or 'false'. Effective when
CinderEnableNfsBackend is true.
type: string
CinderNasSecureFilePermissions:
default: false
description: >
Controls whether security enhanced NFS file permissions are enabled.
Valid values are 'auto', 'true' or 'false'. Effective when
CinderEnableNfsBackend is true.
type: string
CinderRbdPoolName:
default: volumes
type: string
CephClientUserName:
default: openstack
type: string
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MonitoringSubscriptionCinderVolume:
default: 'overcloud-cinder-volume'
type: string
CinderVolumeLoggingSource:
type: json
default:
tag: openstack.cinder.volume
path: /var/log/cinder/cinder-volume.log
resources:
CinderBase:
type: ./cinder-base.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
logging_source: {get_param: CinderVolumeLoggingSource}
logging_groups:
- cinder
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
tripleo.cinder_volume.firewall_rules:
'120 iscsi initiator':
dport: 3260
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::volume
upgrade_tasks:
- name: Check if cinder_volume is deployed
command: systemctl is-enabled openstack-cinder-volume
tags: common
ignore_errors: True
register: cinder_volume_enabled
- name: "PreUpgrade step0,validation: Check service openstack-cinder-volume is running"
shell: /usr/bin/systemctl show 'openstack-cinder-volume' --property ActiveState | grep '\bactive\b'
when: cinder_volume_enabled.rc == 0
tags: step0,validation
- name: Stop cinder_volume service
tags: step1
when: cinder_volume_enabled.rc == 0
service: name=openstack-cinder-volume state=stopped
View Git Blame Copy Permalink