openstack
/
tripleo-heat-templates
Code Issues Proposed changes
tripleo-heat-templates/deployment/cephadm/ceph-base.yaml

704 lines
26 KiB
YAML
Raw Blame History

heat_template_version: wallaby
description: >
Ceph base service. Shared by all Ceph services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
StackUpdateType:
type: string
description: >
Type of update, to differentiate between UPGRADE and UPDATE cases
when StackAction is UPDATE (both are the same stack action).
constraints:
- allowed_values: ['', 'UPGRADE']
default: ''
NodeDataLookup:
type: json
default: {}
description: json containing per-node configuration map
DeploymentServerBlacklist:
default: []
type: comma_delimited_list
description: >
List of server hostnames to blacklist from any triggered deployments.
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
CephConfigOverrides:
type: json
description: Extra config settings to dump into ceph.conf
default: {}
ApplyCephConfigOverridesOnUpdate:
type: boolean
default: false
description: >
If true, CephConfigOverrides are applied to the Ceph cluster not
only during the initial deployment but also during each update.
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CephMsgrSecureMode:
type: boolean
default: false
description: >
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph
daemons and also between Ceph clients and daemons.
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
default: 16
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
additional ones. Example:
[{"name": "volumes", "pg_num": 64, "rule_name": "replicated_rule"},
{"name": "vms", "target_size_ratio": "0.4", "rule_name": "replicated_rule"}]
default: []
type: json
CinderRbdPoolName:
default: volumes
type: string
CinderRbdExtraPools:
default: []
description: >
List of extra Ceph pools for use with RBD backends for Cinder. An
extra Cinder RBD backend driver is created for each pool in the
list. This is in addition to the standard RBD backend driver
associated with the CinderRbdPoolName.
type: comma_delimited_list
CinderBackupRbdPoolName:
default: backups
type: string
GlanceMultistoreConfig:
type: json
default: {}
description: |
Dictionary of settings when configuring additional glance backends. The
hash key is the backend ID, and the value is a dictionary of parameter
values unique to that backend. Multiple rbd and cinder backends are allowed, but
file and swift backends are limited to one each. Example:
# Default glance store is rbd.
GlanceBackend: rbd
GlanceStoreDescription: 'Default rbd store'
# GlanceMultistoreConfig specifies a second rbd backend, plus a cinder
# backend.
GlanceMultistoreConfig:
rbd2_store:
GlanceBackend: rbd
GlanceStoreDescription: 'Second rbd store'
CephClusterName: ceph2
# Override CephClientUserName if this cluster uses a different
# client name.
CephClientUserName: client2
cinder1_store:
GlanceBackend: cinder
GlanceCinderVolumeType: 'volume-type-1'
GlanceStoreDescription: 'First cinder store'
cinder2_store:
GlanceBackend: cinder
GlanceCinderVolumeType: 'volume-type-2'
GlanceStoreDescription: 'Seconde cinder store'
GlanceRbdPoolName:
default: images
type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, cinder, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
GnocchiRbdPoolName:
default: metrics
type: string
NovaRbdPoolName:
default: vms
type: string
description: The pool name for RBD backend ephemeral storage.
tags:
- role_specific
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClientUserName:
default: openstack
type: string
CephRgwClientName:
default: radosgw
type: string
CephRgwKey:
description: The cephx key for the radosgw client. Can be created
with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
default: 3
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
ManilaCephFSShareBackendName:
default: cephfs
type: string
ManilaCephFSCephFSAuthId:
default: manila
type: string
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephIPv6:
default: False
type: boolean
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
ContainerCephDaemonImage:
description: image
type: string
# start DEPRECATED options for compatibility with older versions
CephAnsiblePlaybookVerbosity:
default: 1
description: The number of '-v', '-vv', etc. passed to ansible-playbook command
type: number
constraints:
- range: { min: 1, max: 5 }
CephAnsibleEnvironmentVariables:
default: {}
description: Mapping of Ansible environment variables to override defaults.
type: json
SwiftFetchDirGetTempurl:
default: ''
description: A temporary Swift URL to download the fetch_directory from.
type: string
SwiftFetchDirPutTempurl:
default: ''
description: A temporary Swift URL to upload the fetch_directory to.
type: string
LocalCephAnsibleFetchDirectoryBackup:
default: ''
description: Filesystem path on undercloud to persist a copy of the data
from the ceph-ansible fetch directory. Used as an alternative
to backing up the fetch_directory in Swift. Path must be
writable and readable by the user running ansible from
config-download, e.g. the mistral user in the mistral-executor
container is able to read/write to /var/lib/mistral/ceph_fetch
type: string
CephOsdPercentageMin:
default: 0
description: The minimum percentage of Ceph OSDs which must be running and
in the Ceph cluster, according to ceph osd stat, for the
deployment not to fail. Used to catch deployment errors early.
Set this value to 0 to disable this check. Deprecated in Wallaby
because of the move from ceph-ansible to cephadm; the later only
brings up OSDs out of band and deployment does not block while
waiting for them to come up, thus we cannot do this anymore.
type: number
CephAnsiblePlaybook:
type: comma_delimited_list
description: >
List of paths to the ceph-ansible playbooks to execute. If not
specified, the playbook will be determined automatically
depending on type of operation being performed
(deploy/update/upgrade).
default: ['default']
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: {}
CephAnsibleSkipTags:
type: string
description: List of ceph-ansible tags to skip
default: 'package-install,with_pkg'
CephAnsibleRepo:
type: string
description: |
The repository that should be used to install the right ceph-ansible
package. This value can be used by tripleo-validations to double check
the right ceph-ansible version is installed.
default: 'centos-ceph-nautilus'
CephAnsibleWarning:
type: boolean
description: |
In particular scenarios we want this validation to show the warning but
don't fail because the package is installed on the system but repos are
disabled.
default: true
# end DEPRECATED options for compatibility with older versions
ContainerImageRegistryCredentials:
type: json
hidden: true
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
default: {}
CephExtraKeys:
type: json
hidden: true
description: |
List of maps describing extra keys which will be created on the deployed
Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each
item in the list must be in the following example format
- name: "client.glance"
caps:
mgr: "allow *"
mon: "profile rbd"
osd: "profile rbd pool=images"
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
mode: "0600"
default: []
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
NovaEnableRbdBackend:
default: false
description: Whether to enable the Rbd backend for Nova ephemeral storage.
type: boolean
tags:
- role_specific
CinderBackupBackend:
default: swift
description: The short name of the Cinder Backup backend to use.
type: string
constraints:
- allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3']
GnocchiBackend:
default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, file or s3.
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 's3']
EnableInternalTLS:
type: boolean
default: false
CephClientConfigVars:
default: "{{ playbook_dir }}/cephadm/ceph_client.yml"
type: string
description: The undercloud path where cephadm exports the Ceph Client configuration.
CephAnsibleSkipClient:
description: |
This boolean (when true) prevents the ceph-ansible client role execution
by adding the ceph-ansible tag 'ceph_client' to the --skip-tags list.
type: boolean
default: true
CephDynamicSpec:
type: boolean
default: true
description: |
If true the tripleo_run_cephadm role will build an orchestrator-cli-service-spec
file based on the data found in the inventory (which is based on composable roles)
by using the ceph_spec_bootstrap Ansible module in tripleo-ansible.
CephSpecPath:
default: "{{ playbook_dir }}/cephadm/ceph_spec.yaml"
type: string
description: |
The path on the undercloud to a valid Ceph orchestrator CLI service spec file.
If you do not want the spec to be generated automatically and instead prefer
to supply your own spec, then place your spec at this path on the undercloud
and set CephDynamicSpec to false. If CephDynamicSpec is true and CephSpecPath
is set to a valid path, then the spec will be created at that path before it
is used to deploy Ceph. By default the spec will be created by config-download
in config-download/<stack>/cephadm/ceph_spec.yaml.
CephOsdSpec:
description: |
If CephDynamicSpec is true, then any valid OSD service specification set in
CephOsdSpec will appear in the genereated Ceph spec for the 'osd' service_type.
Replaces CephAnsibleDisksConfig. This parameter has no effect if CephDynamicSpec
is false. Use this paramter to override the default of using all available block
devices as data_devices. See the Ceph documentation for cephadm drivegroups.
Exclude service_type, service_id, and placement from this parameter. In the
example below all rotating devices will be data devices and all non-rotating
devices will be used as shared devices (wal, db).
CephOsdSpec:
data_devices:
rotational: 1
db_devices:
rotational: 0
type: json
default:
data_devices:
all: true
CephSpecFqdn:
default: false
type: boolean
description: |
If both CephDynamicSpec and CephSpecFqdn are true, then the hostname and
hosts of the generated Ceph spec will have their fully qualified domain
name instead of their short hostname. This parameter has no effect if
CephDynamicSpec is false.
CephCrushRules:
type: json
description: |
List of rules describing the device classes that will be found on the deployed
Ceph cluster. They can be specified in the following form
- name: HDD
root: default
type: host
class: hdd
default: true
default: []
CephAdmDebug:
type: boolean
default: false
description: |
If this parameter is true, then cephadm sets the debug related mgr
config-key and produces a more verbose output.
CephAdmVerbose:
type: boolean
default: false
description: |
If this parameter is true, the cephadm playbook is able to print
some ceph related information during its execution.
DeployedCeph:
default: false
type: boolean
description: |
If the Ceph cluster has already been deployed but needs to be configured
so that the overcloud can use it (create cephx keys, pools, configure RGW
with haproxy, etc), then this parameter should be set to true. Set this
parameter to false to have cephadm deploy the ceph cluster during overcloud
deployment. DeployedCeph and CephDynamicSpec are mutually exclusive.
DisableCephadm:
default: false
type: boolean
description: Disable cephadm after Ceph is deployed
CephRbdTrashPurgeInterval:
default: 15
type: string
description: |
The interval applied to the rbd trash purge scheduler, that can be
expressed in minutes.
CephadmDefaultContainer:
default: false
type: boolean
description: |
Use the default continer defined in cephadm instead of
the one defined in container_image_prepare_defaults.yaml.
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- LocalCephAnsibleFetchDirectoryBackup
- SwiftFetchDirGetTempurl
- SwiftFetchDirPutTempurl
- CephIPv6
- CephAnsibleEnvironmentVariables
- CephAnsibleExtraConfig
- CephAnsiblePlaybook
- CephAnsiblePlaybookVerbosity
- CephAnsibleRepo
- CephAnsibleSkipTags
- CephAnsibleSkipClient
- CephAnsibleWarning
- CephOsdPercentageMin
conditions:
custom_registry_host:
yaql:
data: {get_param: ContainerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
ceph_authenticated_registry:
and:
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty()
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
resources:
ContainerImageUrlParts:
type: OS::Heat::Value
properties:
type: json
value:
host:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCephDaemonImage}
image_tag:
yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
DefaultCephConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars:
osd_pool_default_size: {get_param: CephPoolDefaultSize}
osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
CephAdmVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_fsid: {get_param: CephClusterFSID}
tripleo_cephadm_cluster: {get_param: CephClusterName}
tripleo_cephadm_container_cli: {get_param: ContainerCli}
tripleo_ceph_client_vars: {get_param: CephClientConfigVars}
tripleo_cephadm_dashboard_enabled: {get_param: CephEnableDashboard}
cephfs: {get_param: ManilaCephFSShareBackendName}
tripleo_cephadm_container_ns: {get_attr: [ContainerImageUrlParts, value, host]}
tripleo_cephadm_container_image: {get_attr: [ContainerImageUrlParts, value, image]}
tripleo_cephadm_container_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]}
tripleo_cephadm_crush_rules: {get_param: CephCrushRules}
tripleo_cephadm_debug: {get_param: CephAdmDebug}
tripleo_cephadm_verbose: {get_param: CephAdmVerbose}
tripleo_cephadm_rbd_trash: {get_param: CephRbdTrashPurgeInterval}
tripleo_cephadm_apply_ceph_conf_overrides_on_update: {get_param: ApplyCephConfigOverridesOnUpdate}
tripleo_cephadm_default_container: {get_param: CephadmDefaultContainer}
ceph_container_registry_auth:
if:
- ceph_authenticated_registry
- true
- false
ceph_container_registry_username:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "")
ceph_container_registry_password:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "")
public_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]
cluster_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
outputs:
role_data:
description: Role data for the Ceph base service.
value:
service_name: ceph_base
upgrade_tasks: []
puppet_config: {}
docker_config: {}
config_settings: {}
external_deploy_tasks:
- name: ceph_base_external_deploy_task
when: step|int == 2
tags:
- ceph
block:
- name: create cephadm working directory and related files
include_role:
name: tripleo_run_cephadm
tasks_from: prepare.yml
vars:
ceph_pools:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
or:
- yaql:
data: {get_param: GlanceMultistoreConfig}
expression: $.data.values().where($ != null).GlanceBackend.contains("rbd")
- equals:
- {get_param: GlanceBackend}
- 'rbd'
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
pg_num: {get_param: CephPoolDefaultPgNum}
manila_pools:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
data_pg_num: {get_param: CephPoolDefaultPgNum}
metadata_pg_num: {get_param: CephPoolDefaultPgNum}
ceph_keys:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
ceph_config_overrides: {get_param: CephConfigOverrides}
tripleo_run_cephadm_spec_path: {get_param: CephSpecPath}
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
ceph_spec_fqdn: {get_param: CephSpecFqdn}
ceph_osd_spec: {get_param: CephOsdSpec}
ceph_default_overrides:
global:
if:
- {get_param: CephMsgrSecureMode}
- map_merge:
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
- ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]}
tripleo_cephadm_deployed_ceph: {get_param: DeployedCeph}
- name: Prepare cephadm user and keys
include_role:
name: tripleo_run_cephadm
tasks_from: enable_ceph_admin_user.yml
when: (not deployed_ceph and
(groups['ceph_mon'] | default([]) | length > 0 or
groups['ceph_nfs'] | default([]) | length > 0))
or
(deployed_ceph and
((groups['ceph_rgw'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_rgw'] | default([]) | length > 0)
or
(groups['ceph_mds'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_mds'] | default([]) | length > 0)
or
(groups['ceph_nfs'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_nfs'] | default([]) | length > 0)
or
(groups['ceph_rbdmirror'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_rbdmirror'] | default([]) | length > 0)))
vars:
deployed_ceph: {get_param: DeployedCeph}
- name: Deploy or configure the cephadm Ceph cluster
include_role:
name: tripleo_run_cephadm
when: groups['ceph_mon'] | default([]) | length > 0 or
groups['ceph_nfs'] | default([]) | length > 0
- name: ceph_base_external_deploy_task
when:
- (step | int) == 3
- {get_param: DisableCephadm}
tags:
- ceph
block:
- name: Pause cephadm
include_role:
name: tripleo_run_cephadm
tasks_from: disable_cephadm.yml
post_upgrade_tasks:
- name: Clean puppet-ceph package
when:
- (step | int) == 3
package:
name: puppet-ceph
state: absent
View Git Blame Copy Permalink