e701077c96
The parameter, when set to true, will configure cinder-volume to connect to Etcd through the node's own local IP on the Etcd network, instead of a VIP on the network. This is useful when deploying cinder-volume in an A/A configuration at an edge site with the HCI roles. As Etcd and cinder-volume are both running on the same node (typically 3 nodes configured the same), then each node can just connect directly to Etcd without having to go through a VIP. Additionally, we have no VIP management at the edge sites presently. Change-Id: I8a8825ecff9fc99b5de7390075470356397d85a2 implements: blueprint split-controlplane-templates
363 lines
14 KiB
YAML
363 lines
14 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Cinder Volume service
|
|
|
|
parameters:
|
|
DockerCinderVolumeImage:
|
|
description: image
|
|
type: string
|
|
DockerCinderConfigImage:
|
|
description: The container image to use for the cinder config_volume
|
|
type: string
|
|
DockerCinderVolumeUlimit:
|
|
default: ['nofile=131072']
|
|
description: ulimit for Cinder Volume Container
|
|
type: comma_delimited_list
|
|
CinderVolumeLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.cinder.volume
|
|
path: /var/log/containers/cinder/cinder-volume.log
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
CephClientUserName:
|
|
default: openstack
|
|
type: string
|
|
CephClusterName:
|
|
type: string
|
|
default: ceph
|
|
description: The Ceph cluster name.
|
|
constraints:
|
|
- allowed_pattern: "[a-zA-Z0-9]+"
|
|
description: >
|
|
The Ceph cluster name must be at least 1 character and contain only
|
|
letters and numbers.
|
|
CinderVolumeCluster:
|
|
default: ''
|
|
description: >
|
|
The cluster name used for deploying the cinder-volume service in an
|
|
active-active (A/A) configuration. This configuration requires the
|
|
Cinder backend drivers support A/A, and the cinder-volume service not
|
|
be managed by pacemaker. If these criteria are not met then the cluster
|
|
name must be left blank.
|
|
type: string
|
|
CinderEnableNfsBackend:
|
|
default: false
|
|
description: Whether to enable or not the NFS backend for Cinder
|
|
type: boolean
|
|
CinderEnableIscsiBackend:
|
|
default: true
|
|
description: Whether to enable or not the Iscsi backend for Cinder
|
|
type: boolean
|
|
CinderEnableRbdBackend:
|
|
default: false
|
|
description: Whether to enable or not the Rbd backend for Cinder
|
|
type: boolean
|
|
CinderISCSIAvailabilityZone:
|
|
default: ''
|
|
description: >
|
|
The availability zone of the Iscsi Cinder backend.
|
|
When set, it overrides the default CinderStorageAvailabilityZone.
|
|
type: string
|
|
CinderISCSIHelper:
|
|
default: lioadm
|
|
description: The iSCSI helper to use with cinder.
|
|
type: string
|
|
CinderISCSIProtocol:
|
|
default: iscsi
|
|
description: Whether to use TCP ('iscsi') or iSER RDMA ('iser') for iSCSI
|
|
type: string
|
|
CinderLVMLoopDeviceSize:
|
|
default: 10280
|
|
description: The size of the loopback file used by the cinder LVM driver.
|
|
type: number
|
|
CinderNfsAvailabilityZone:
|
|
default: ''
|
|
description: >
|
|
The availability zone of the NFS Cinder backend.
|
|
When set, it overrides the default CinderStorageAvailabilityZone.
|
|
type: string
|
|
CinderNfsMountOptions:
|
|
default: ''
|
|
description: >
|
|
Mount options for NFS mounts used by Cinder NFS backend. Effective
|
|
when CinderEnableNfsBackend is true.
|
|
type: string
|
|
CinderNfsServers:
|
|
default: ''
|
|
description: >
|
|
NFS servers used by Cinder NFS backend. Effective when
|
|
CinderEnableNfsBackend is true.
|
|
type: comma_delimited_list
|
|
CinderNfsSnapshotSupport:
|
|
default: true
|
|
description: >
|
|
Whether to enable support for snapshots in the NFS driver. Effective
|
|
when CinderEnableNfsBackend is true.
|
|
type: boolean
|
|
CinderNasSecureFileOperations:
|
|
default: false
|
|
description: >
|
|
Controls whether security enhanced NFS file operations are enabled.
|
|
Valid values are 'auto', 'true' or 'false'. Effective when
|
|
CinderEnableNfsBackend is true.
|
|
type: string
|
|
CinderNasSecureFilePermissions:
|
|
default: false
|
|
description: >
|
|
Controls whether security enhanced NFS file permissions are enabled.
|
|
Valid values are 'auto', 'true' or 'false'. Effective when
|
|
CinderEnableNfsBackend is true.
|
|
type: string
|
|
CinderRbdAvailabilityZone:
|
|
default: ''
|
|
description: >
|
|
The availability zone of the RBD Cinder backend.
|
|
When set, it overrides the default CinderStorageAvailabilityZone.
|
|
type: string
|
|
CinderRbdPoolName:
|
|
default: volumes
|
|
type: string
|
|
CinderRbdExtraPools:
|
|
default: []
|
|
description: >
|
|
List of extra Ceph pools for use with RBD backends for Cinder. An
|
|
extra Cinder RBD backend driver is created for each pool in the
|
|
list. This is in addition to the standard RBD backend driver
|
|
associated with the CinderRbdPoolName.
|
|
type: comma_delimited_list
|
|
CephClusterFSID:
|
|
type: string
|
|
description: The Ceph cluster FSID. Must be a UUID.
|
|
MonitoringSubscriptionCinderVolume:
|
|
default: 'overcloud-cinder-volume'
|
|
type: string
|
|
CinderEtcdLocalConnect:
|
|
default: false
|
|
type: boolean
|
|
description: When running Cinder A/A, whether to connect to Etcd
|
|
via the local IP for the Etcd network. If set to true, the ip
|
|
on the local node will be used. If set to false, the VIP on the Etcd
|
|
network will be used instead. Defaults to false.
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../../docker/services/containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
CinderBase:
|
|
type: ./cinder-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
CinderCommon:
|
|
type: ./cinder-common-container-puppet.yaml
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Cinder Volume role.
|
|
value:
|
|
service_name: cinder_volume
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, config_settings]
|
|
- tripleo::profile::base::lvm::enable_udev: false
|
|
- tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
|
|
tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
|
|
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
|
|
tripleo::profile::base::cinder::volume::cinder_volume_cluster: {get_param: CinderVolumeCluster}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_snapshot_support: {get_param: CinderNfsSnapshotSupport}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
|
|
tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_ceph_conf:
|
|
list_join:
|
|
- ''
|
|
- - '/etc/ceph/'
|
|
- {get_param: CephClusterName}
|
|
- '.conf'
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: {get_param: CinderRbdExtraPools}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: {get_param: CephClusterFSID}
|
|
tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName}
|
|
tripleo::cinder_volume::firewall_rules:
|
|
'120 iscsi initiator':
|
|
dport: 3260
|
|
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderISCSIAvailabilityZone}, '']}
|
|
- {}
|
|
- tripleo::profile::base::cinder::volume::iscsi::backend_availability_zone: {get_param: CinderISCSIAvailabilityZone}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderNfsAvailabilityZone}, '']}
|
|
- {}
|
|
- tripleo::profile::base::cinder::volume::nfs::backend_availability_zone: {get_param: CinderNfsAvailabilityZone}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderRbdAvailabilityZone}, '']}
|
|
- {}
|
|
- tripleo::profile::base::cinder::volume::rbd::backend_availability_zone: {get_param: CinderRbdAvailabilityZone}
|
|
-
|
|
if:
|
|
- {equals : [{get_param: CinderEtcdLocalConnect}, true]}
|
|
- tripleo::profile::base::cinder::volume::etcd_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]}
|
|
- {}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [CinderBase, role_data, service_config_settings]
|
|
- fluentd:
|
|
tripleo_fluentd_groups_cinder_volume:
|
|
- cinder
|
|
tripleo_fluentd_sources_cinder_volume:
|
|
- {get_param: CinderVolumeLoggingSource}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: cinder
|
|
puppet_tags: cinder_config,file,concat,file_line
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - "include ::tripleo::profile::base::lvm"
|
|
- "include ::tripleo::profile::base::cinder::volume"
|
|
- get_attr: [MySQLClient, role_data, step_config]
|
|
config_image: {get_param: DockerCinderConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/cinder_volume.json:
|
|
command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-ceph/"
|
|
dest: "/etc/ceph/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-iscsid/*"
|
|
dest: "/etc/iscsi/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/cinder
|
|
owner: cinder:cinder
|
|
recurse: true
|
|
- path:
|
|
str_replace:
|
|
template: /etc/ceph/CLUSTER.client.USER.keyring
|
|
params:
|
|
CLUSTER: {get_param: CephClusterName}
|
|
USER: {get_param: CephClientUserName}
|
|
owner: cinder:cinder
|
|
perm: '0600'
|
|
docker_config:
|
|
step_3:
|
|
cinder_volume_init_logs:
|
|
start_order: 0
|
|
image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
|
|
net: none
|
|
privileged: false
|
|
user: root
|
|
volumes:
|
|
- /var/log/containers/cinder:/var/log/cinder:z
|
|
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
|
|
step_4:
|
|
cinder_volume:
|
|
image: *cinder_volume_image
|
|
ulimit: {get_param: DockerCinderVolumeUlimit}
|
|
ipc: host
|
|
net: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck:
|
|
test:
|
|
list_join:
|
|
- ' '
|
|
- - '/openstack/healthcheck'
|
|
- yaql:
|
|
expression: str($.data.port)
|
|
data:
|
|
port: {get_attr: [CinderBase, role_data, config_settings, 'cinder::rabbit_port']}
|
|
volumes: {get_attr: [CinderCommon, cinder_volume_volumes]}
|
|
environment: {get_attr: [CinderCommon, cinder_volume_environment]}
|
|
host_prep_tasks: {get_attr: [CinderCommon, cinder_volume_host_prep_tasks]}
|
|
post_upgrade_tasks:
|
|
- when: step|int == 1
|
|
import_role:
|
|
name: tripleo-docker-rm
|
|
vars:
|
|
containers_to_rm:
|
|
- cinder_volume
|
|
fast_forward_upgrade_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
block:
|
|
- name: Check if cinder_volume is deployed
|
|
command: systemctl is-enabled --quiet openstack-cinder-volume
|
|
ignore_errors: True
|
|
register: cinder_volume_enabled_result
|
|
- name: Set fact cinder_volume_enabled
|
|
set_fact:
|
|
cinder_volume_enabled: "{{ cinder_volume_enabled_result.rc == 0 }}"
|
|
- name: Stop openstack-cinder-volume
|
|
service: name=openstack-cinder-volume state=stopped enabled=no
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- cinder_volume_enabled|bool
|