You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
218 lines
7.4 KiB
218 lines
7.4 KiB
heat_template_version: wallaby |
|
|
|
description: > |
|
Ceph RadosGW service. |
|
|
|
parameters: |
|
ServiceData: |
|
default: {} |
|
description: Dictionary packing service data |
|
type: json |
|
ServiceNetMap: |
|
default: {} |
|
description: Mapping of service_name -> network name. Typically set |
|
via parameter_defaults in the resource registry. This |
|
mapping overrides those in ServiceNetMapDefaults. |
|
type: json |
|
DefaultPasswords: |
|
default: {} |
|
type: json |
|
RoleName: |
|
default: '' |
|
description: Role name on which the service is applied |
|
type: string |
|
RoleParameters: |
|
default: {} |
|
description: Parameters specific to the role |
|
type: json |
|
EndpointMap: |
|
default: {} |
|
description: Mapping of service endpoint -> protocol. Typically set |
|
via parameter_defaults in the resource registry. |
|
type: json |
|
SwiftPassword: |
|
description: The password for the swift service account |
|
type: string |
|
hidden: true |
|
KeystoneRegion: |
|
type: string |
|
default: 'regionOne' |
|
description: Keystone region for endpoint |
|
CephEnableDashboard: |
|
type: boolean |
|
default: false |
|
description: Parameter used to trigger the dashboard deployment. |
|
EnableInternalTLS: |
|
type: boolean |
|
default: false |
|
CertificateKeySize: |
|
type: string |
|
default: '2048' |
|
description: Specifies the private key size used when creating the |
|
certificate. |
|
CephRgwCertificateKeySize: |
|
type: string |
|
default: '' |
|
description: Override the private key size used when creating the |
|
certificate for this service |
|
|
|
conditions: |
|
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]} |
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} |
|
key_size_override_unset: {equals: [{get_param: CephCertificateKeySize}, '']} |
|
|
|
resources: |
|
CephBase: |
|
type: ./ceph-base.yaml |
|
properties: |
|
ServiceData: {get_param: ServiceData} |
|
ServiceNetMap: {get_param: ServiceNetMap} |
|
DefaultPasswords: {get_param: DefaultPasswords} |
|
EndpointMap: {get_param: EndpointMap} |
|
RoleName: {get_param: RoleName} |
|
RoleParameters: {get_param: RoleParameters} |
|
|
|
CephRgwAnsibleVars: |
|
type: OS::Heat::Value |
|
properties: |
|
type: json |
|
value: |
|
vars: |
|
radosgw_keystone: true |
|
radosgw_keystone_ssl: false |
|
radosgw_address_block: |
|
list_join: |
|
- ',' |
|
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}] |
|
radosgw_frontend_port: |
|
yaql: |
|
data: {get_param: [EndpointMap, CephRgwInternal]} |
|
expression: int($.data.port) |
|
|
|
|
|
CephRgwConfigOverrides: |
|
type: OS::Heat::Value |
|
properties: |
|
type: json |
|
value: |
|
vars: |
|
global: |
|
rgw_keystone_api_version: 3 |
|
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} |
|
rgw_keystone_accepted_roles: 'member, Member, admin' |
|
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator |
|
rgw_keystone_admin_domain: default |
|
rgw_keystone_admin_project: service |
|
rgw_keystone_admin_user: swift |
|
rgw_keystone_admin_password: {get_param: SwiftPassword} |
|
rgw_keystone_implicit_tenants: 'true' |
|
rgw_keystone_revocation_interval: '0' |
|
rgw_s3_auth_use_keystone: 'true' |
|
rgw_swift_versioning_enabled: 'true' |
|
rgw_swift_account_in_url: 'true' |
|
rgw_trust_forwarded_https: 'true' |
|
|
|
outputs: |
|
role_data: |
|
description: Role data for the Ceph RadosGW service. |
|
value: |
|
service_name: ceph_rgw |
|
firewall_rules: |
|
'122 ceph rgw': |
|
dport: |
|
list_concat: |
|
- - {get_param: [EndpointMap, CephRgwInternal, port]} |
|
- if: |
|
- dashboard_enabled |
|
- - '9100' |
|
- [] |
|
keystone_resources: |
|
swift: |
|
endpoints: |
|
public: {get_param: [EndpointMap, CephRgwPublic, uri]} |
|
internal: {get_param: [EndpointMap, CephRgwInternal, uri]} |
|
admin: {get_param: [EndpointMap, CephRgwAdmin, uri]} |
|
users: |
|
swift: |
|
password: {get_param: SwiftPassword} |
|
roles: |
|
- admin |
|
- member |
|
region: {get_param: KeystoneRegion} |
|
service: 'object-store' |
|
roles: |
|
- member |
|
- ResellerAdmin |
|
- swiftoperator |
|
upgrade_tasks: {get_attr: [CephBase, role_data, upgrade_tasks]} |
|
post_upgrade_tasks: {get_attr: [CephBase, role_data, post_upgrade_tasks]} |
|
puppet_config: |
|
config_image: '' |
|
config_volume: '' |
|
step_config: '' |
|
docker_config: {} |
|
external_deploy_tasks: |
|
list_concat: |
|
- {get_attr: [CephBase, role_data, external_deploy_tasks]} |
|
- - name: ceph_rgw_external_deploy_init |
|
when: step|int == 1 |
|
tags: |
|
- ceph |
|
block: |
|
- name: set ceph-ansible group vars rgws |
|
set_fact: |
|
cephadm_rgw_vars: |
|
if: |
|
- internal_tls_enabled |
|
- map_merge: |
|
- {get_attr: [CephRgwAnsibleVars, value, vars]} |
|
- radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem' |
|
- {get_attr: [CephRgwAnsibleVars, value, vars]} |
|
ceph_rgw_config_overrides: {get_attr: [CephRgwConfigOverrides, value, vars]} |
|
metadata_settings: |
|
if: |
|
- internal_tls_enabled |
|
- |
|
- service: ceph_rgw |
|
network: {get_param: [ServiceNetMap, CephRgwNetwork]} |
|
type: node |
|
- null |
|
deploy_steps_tasks: |
|
- name: Certificate generation |
|
when: |
|
- step|int == 1 |
|
- enable_internal_tls |
|
block: |
|
- include_role: |
|
name: linux-system-roles.certificate |
|
vars: |
|
certificate_requests: |
|
- name: ceph_rgw |
|
dns: |
|
str_replace: |
|
template: "{{fqdn_$NETWORK}}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]} |
|
principal: |
|
str_replace: |
|
template: "ceph_rgw/{{fqdn_$NETWORK}}@{{idm_realm}}" |
|
params: |
|
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]} |
|
run_after: | |
|
# Create PEM file |
|
pemfile=/etc/pki/tls/certs/ceph_rgw.pem |
|
cat /etc/pki/tls/certs/ceph_rgw.crt /etc/ipa/ca.crt /etc/pki/tls/private/ceph_rgw.key > $pemfile |
|
chmod 0640 $pemfile |
|
chown 472:472 $pemfile |
|
# Get ceph rgw systemd unit |
|
rgw_unit=$(systemctl list-unit-files | awk '/radosgw/ {print $1}') |
|
# Restart the rgw systemd unit |
|
if [ -n "$rgw_unit" ]; then |
|
systemctl restart "$rgw_unit" |
|
fi |
|
key_size: |
|
if: |
|
- key_size_override_unset |
|
- {get_param: CertificateKeySize} |
|
- {get_param: CephRgwCertificateKeySize} |
|
ca: ipa
|
|
|