tripleo-heat-templates/deployment/cephadm/ceph-base.yaml

632 lines
24 KiB
YAML

heat_template_version: wallaby
description: >
Ceph base service. Shared by all Ceph services.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NodeDataLookup:
type: json
default: {}
description: json containing per-node configuration map
DeploymentServerBlacklist:
default: []
type: comma_delimited_list
description: >
List of server hostnames to blacklist from any triggered deployments.
ContainerCli:
type: string
default: 'podman'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['podman']
CephEnableDashboard:
type: boolean
default: false
description: Parameter used to trigger the dashboard deployment.
CephConfigOverrides:
type: json
description: Extra config settings to dump into ceph.conf
default: {}
ApplyCephConfigOverridesOnUpdate:
type: boolean
default: false
description: >
If true, CephConfigOverrides are applied to the Ceph cluster not
only during the initial deployment but also during each update.
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
CephMsgrSecureMode:
type: boolean
default: false
description: >
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph
daemons and also between Ceph clients and daemons.
CephPools:
description: >
Used to override settings (mainly target_size_ratio or pg_num) in pools.
Pacific has pg_autoscale_mode enabled by default so set target_size_ratio
as a percentage of the expected data consumption. The example below sets
cinder volumes 40%, glance images 10%, nova vms 30% (20% of space free).
Not set by default but overrides are encouraged to avoid data rebalancing.
For example,
CephPools:
- name: volumes
target_size_ratio: 0.4
application: rbd
- name: images
target_size_ratio: 0.1
application: rbd
- name: vms
target_size_ratio: 0.3
application: rbd
default: []
type: json
CinderRbdPoolName:
default: volumes
type: string
CinderRbdExtraPools:
default: []
description: >
List of extra Ceph pools for use with RBD backends for Cinder. An
extra Cinder RBD backend driver is created for each pool in the
list. This is in addition to the standard RBD backend driver
associated with the CinderRbdPoolName.
type: comma_delimited_list
CinderBackupRbdPoolName:
default: backups
type: string
GlanceMultistoreConfig:
type: json
default: {}
description: |
Dictionary of settings when configuring additional glance backends. The
hash key is the backend ID, and the value is a dictionary of parameter
values unique to that backend. Multiple rbd and cinder backends are allowed, but
file and swift backends are limited to one each. Example:
# Default glance store is rbd.
GlanceBackend: rbd
GlanceStoreDescription: 'Default rbd store'
# GlanceMultistoreConfig specifies a second rbd backend, plus a cinder
# backend.
GlanceMultistoreConfig:
rbd2_store:
GlanceBackend: rbd
GlanceStoreDescription: 'Second rbd store'
CephClusterName: ceph2
# Override CephClientUserName if this cluster uses a different
# client name.
CephClientUserName: client2
cinder1_store:
GlanceBackend: cinder
GlanceCinderVolumeType: 'volume-type-1'
GlanceStoreDescription: 'First cinder store'
cinder2_store:
GlanceBackend: cinder
GlanceCinderVolumeType: 'volume-type-2'
GlanceStoreDescription: 'Second cinder store'
GlanceRbdPoolName:
default: images
type: string
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, cinder, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
GnocchiRbdPoolName:
default: metrics
type: string
NovaRbdPoolName:
default: vms
type: string
description: The pool name for RBD backend ephemeral storage.
tags:
- role_specific
CephClientKey:
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
CephClientUserName:
default: openstack
type: string
CephRgwClientName:
default: radosgw
type: string
CephRgwKey:
description: The cephx key for the radosgw client. Can be created
with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
ManilaCephFSDataPoolName:
default: manila_data
type: string
ManilaCephFSMetadataPoolName:
default: manila_metadata
type: string
ManilaCephFSShareBackendName:
default: cephfs
type: string
ManilaCephFSCephFSAuthId:
default: manila
type: string
CephManilaClientKey:
default: ''
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
constraints:
- allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
ContainerCephDaemonImage:
description: image
type: string
# start DEPRECATED options for compatibility with older versions
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
default: 16
CephPoolDefaultSize:
description: default minimum replication for RBD copies
type: number
default: 3
# end DEPRECATED options for compatibility with older versions
ContainerImageRegistryCredentials:
type: json
hidden: true
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
default: {}
CephExtraKeys:
type: json
hidden: true
description: |
List of maps describing extra keys which will be created on the deployed
Ceph cluster. Uses ceph-ansible/library/ceph_key.py ansible module. Each
item in the list must be in the following example format
- name: "client.glance"
caps:
mgr: "allow *"
mon: "profile rbd"
osd: "profile rbd pool=images"
key: "AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg=="
mode: "0600"
default: []
CinderEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
NovaEnableRbdBackend:
default: false
description: Whether to enable the Rbd backend for Nova ephemeral storage.
type: boolean
tags:
- role_specific
CinderBackupBackend:
default: swift
description: The short name of the Cinder Backup backend to use.
type: string
constraints:
- allowed_values: ['swift', 'ceph', 'nfs', 'gcs', 's3']
GnocchiBackend:
default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, file or s3.
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 's3']
EnableInternalTLS:
type: boolean
default: false
CephClientConfigVars:
default: "{{ playbook_dir }}/cephadm/ceph_client.yml"
type: string
description: The undercloud path where cephadm exports the Ceph Client configuration.
CephDynamicSpec:
type: boolean
default: true
description: |
If true the tripleo_run_cephadm role will build an orchestrator-cli-service-spec
file based on the data found in the inventory (which is based on composable roles)
by using the ceph_spec_bootstrap Ansible module in tripleo-ansible.
CephSpecPath:
default: "{{ playbook_dir }}/cephadm/ceph_spec.yaml"
type: string
description: |
The path on the undercloud to a valid Ceph orchestrator CLI service spec file.
If you do not want the spec to be generated automatically and instead prefer
to supply your own spec, then place your spec at this path on the undercloud
and set CephDynamicSpec to false. If CephDynamicSpec is true and CephSpecPath
is set to a valid path, then the spec will be created at that path before it
is used to deploy Ceph. By default the spec will be created by config-download
in config-download/<stack>/cephadm/ceph_spec.yaml.
CephOsdSpec:
description: |
If CephDynamicSpec is true, then any valid OSD service specification set in
CephOsdSpec will appear in the generated Ceph spec for the 'osd' service_type.
Replaces CephAnsibleDisksConfig. This parameter has no effect if CephDynamicSpec
is false. Use this parameter to override the default of using all available block
devices as data_devices. See the Ceph documentation for cephadm drivegroups.
Exclude service_type, service_id, and placement from this parameter. In the
example below all rotating devices will be data devices and all non-rotating
devices will be used as shared devices (wal, db).
CephOsdSpec:
data_devices:
rotational: 1
db_devices:
rotational: 0
type: json
default:
data_devices:
all: true
CephSpecFqdn:
default: false
type: boolean
description: |
If both CephDynamicSpec and CephSpecFqdn are true, then the hostname and
hosts of the generated Ceph spec will have their fully qualified domain
name instead of their short hostname. This parameter has no effect if
CephDynamicSpec is false.
CephCrushRules:
type: json
description: |
List of rules describing the device classes that will be found on the deployed
Ceph cluster. They can be specified in the following form
- name: HDD
root: default
type: host
class: hdd
default: true
default: []
CephAdmDebug:
type: boolean
default: false
description: |
If this parameter is true, then cephadm sets the debug related mgr
config-key and produces a more verbose output.
CephAdmVerbose:
type: boolean
default: false
description: |
If this parameter is true, the cephadm playbook is able to print
some ceph related information during its execution.
DeployedCeph:
default: false
type: boolean
description: |
If the Ceph cluster has already been deployed but needs to be configured
so that the overcloud can use it (create cephx keys, pools, configure RGW
with haproxy, etc), then this parameter should be set to true. Set this
parameter to false to have cephadm deploy the ceph cluster during overcloud
deployment. DeployedCeph and CephDynamicSpec are mutually exclusive.
DisableCephadm:
default: false
type: boolean
description: Disable cephadm after Ceph is deployed
CephRbdTrashPurgeInterval:
default: 15
type: string
description: |
The interval applied to the rbd trash purge scheduler, that can be
expressed in minutes.
CephRbdTrashSchedulerEnable:
default: false
type: boolean
description: Enable Ceph rbd trash scheduler
CephadmDefaultContainer:
default: false
type: boolean
description: |
Use the default container defined in cephadm instead of
the one defined in container_image_prepare_defaults.yaml.
ExternalCeph:
default: false
type: boolean
description: |
If the Ceph cluster has been deployed outside of TripleO.
DeployedCeph and ExternalCeph are mutually exclusive.
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- CephPoolDefaultPgNum
- CephPoolDefaultSize
conditions:
custom_registry_host:
yaql:
data: {get_param: ContainerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
ceph_authenticated_registry:
and:
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty()
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
resources:
ContainerImageUrlParts:
type: OS::Heat::Value
properties:
type: json
value:
host:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
- docker.io
image:
if:
- custom_registry_host
- yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
data: {get_param: ContainerCephDaemonImage}
- yaql:
expression: $.data.rightSplit(':', 1)[0]
data: {get_param: ContainerCephDaemonImage}
image_tag:
yaql:
expression: $.data.rightSplit(':', 1)[1]
data: {get_param: ContainerCephDaemonImage}
DefaultCephConfigOverrides:
type: OS::Heat::Value
properties:
type: json
value:
vars: {}
CephAdmVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
tripleo_cephadm_fsid: {get_param: CephClusterFSID}
tripleo_cephadm_cluster: {get_param: CephClusterName}
tripleo_cephadm_container_cli: {get_param: ContainerCli}
tripleo_ceph_client_vars: {get_param: CephClientConfigVars}
tripleo_cephadm_dashboard_enabled: {get_param: CephEnableDashboard}
cephfs: {get_param: ManilaCephFSShareBackendName}
tripleo_cephadm_container_ns: {get_attr: [ContainerImageUrlParts, value, host]}
tripleo_cephadm_container_image: {get_attr: [ContainerImageUrlParts, value, image]}
tripleo_cephadm_container_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]}
tripleo_cephadm_crush_rules: {get_param: CephCrushRules}
tripleo_cephadm_debug: {get_param: CephAdmDebug}
tripleo_cephadm_verbose: {get_param: CephAdmVerbose}
tripleo_cephadm_rbd_trash: {get_param: CephRbdTrashPurgeInterval}
tripleo_cephadm_enable_trash_scheduler: {get_param: CephRbdTrashSchedulerEnable}
tripleo_cephadm_apply_ceph_conf_overrides_on_update: {get_param: ApplyCephConfigOverridesOnUpdate}
tripleo_cephadm_default_container: {get_param: CephadmDefaultContainer}
ceph_container_registry_auth:
if:
- ceph_authenticated_registry
- true
- false
ceph_container_registry_username:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "")
ceph_container_registry_password:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "")
public_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]
cluster_network:
list_join:
- ','
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
outputs:
role_data:
description: Role data for the Ceph base service.
value:
service_name: ceph_base
upgrade_tasks: []
puppet_config: {}
docker_config: {}
config_settings: {}
external_deploy_tasks:
- name: ceph_base_external_deploy_task
when: step|int == 2
block:
- name: create cephadm working directory and related files
include_role:
name: tripleo_run_cephadm
tasks_from: prepare.yml
vars:
ceph_pools:
gnocchi_pool:
name: {get_param: GnocchiRbdPoolName}
enabled:
if:
- equals:
- {get_param: GnocchiBackend}
- 'rbd'
- true
- false
nova_pool:
name: {get_param: NovaRbdPoolName}
enabled: {get_param: NovaEnableRbdBackend}
glance_pool:
name: {get_param: GlanceRbdPoolName}
enabled:
or:
- yaql:
data: {get_param: GlanceMultistoreConfig}
expression: $.data.values().where($ != null).GlanceBackend.contains("rbd")
- equals:
- {get_param: GlanceBackend}
- 'rbd'
cinder_pool:
name: {get_param: CinderRbdPoolName}
enabled: {get_param: CinderEnableRbdBackend}
cinder_extra_pools: {get_param: CinderRbdExtraPools}
cinder_backup_pool:
name: {get_param: CinderBackupRbdPoolName}
enabled:
if:
- equals:
- {get_param: CinderBackupBackend}
- 'ceph'
- true
- false
extra_pools: {get_param: CephPools}
manila_pools:
data: {get_param: ManilaCephFSDataPoolName}
metadata: {get_param: ManilaCephFSMetadataPoolName}
ceph_keys:
openstack_client:
name: {get_param: CephClientUserName}
key: {get_param: CephClientKey}
manila:
name: {get_param: ManilaCephFSCephFSAuthId}
key: {get_param: CephManilaClientKey}
radosgw:
name: {get_param: CephRgwClientName}
key: {get_param: CephRgwKey}
extra_keys: {get_param: CephExtraKeys}
ceph_config_overrides: {get_param: CephConfigOverrides}
tripleo_run_cephadm_spec_path: {get_param: CephSpecPath}
tripleo_cephadm_dynamic_spec: {get_param: CephDynamicSpec}
ceph_spec_fqdn: {get_param: CephSpecFqdn}
ceph_osd_spec: {get_param: CephOsdSpec}
ceph_default_overrides:
global:
if:
- {get_param: CephMsgrSecureMode}
- map_merge:
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
- ms_cluster_mode: secure
ms_service_mode: secure
ms_client_mode: secure
- {get_attr: [DefaultCephConfigOverrides, value, vars]}
cephadm_extra_vars: {get_attr: [CephAdmVars, value, vars]}
tripleo_cephadm_deployed_ceph: {get_param: DeployedCeph}
- name: Prepare cephadm user and keys
include_role:
name: tripleo_run_cephadm
tasks_from: enable_ceph_admin_user.yml
when:
- not external_ceph
- (not deployed_ceph and
(groups['ceph_mon'] | default([]) | length > 0 or
groups['ceph_nfs'] | default([]) | length > 0))
or
(deployed_ceph and
((groups['ceph_rgw'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_rgw'] | default([]) | length > 0)
or
(groups['ceph_mds'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_mds'] | default([]) | length > 0)
or
(groups['ceph_nfs'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_nfs'] | default([]) | length > 0)
or
(groups['ceph_rbdmirror'] | default([]) !=
groups['ceph_mon'] | default([]) and
groups['ceph_rbdmirror'] | default([]) | length > 0)))
vars:
deployed_ceph: {get_param: DeployedCeph}
external_ceph: {get_param: ExternalCeph}
- name: Deploy or configure the cephadm Ceph cluster
include_role:
name: tripleo_run_cephadm
when:
- not external_ceph
- groups['ceph_mon'] | default([]) | length > 0 or
groups['ceph_nfs'] | default([]) | length > 0
vars:
external_ceph: {get_param: ExternalCeph}
- name: ceph_base_external_deploy_task
when:
- (step | int) == 3
- {get_param: DisableCephadm}
- not external_ceph
block:
- name: Pause cephadm
include_role:
name: tripleo_run_cephadm
tasks_from: disable_cephadm.yml
vars:
external_ceph: {get_param: ExternalCeph}
post_upgrade_tasks:
- name: Clean puppet-ceph package
when:
- (step | int) == 3
package:
name: puppet-ceph
state: absent