177 lines
6.5 KiB
YAML
177 lines
6.5 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
Ceph base service. Shared by all Ceph services.
|
|
|
|
parameters:
|
|
# NOTE(gfidente): needs a default to cope with external Ceph deployments were we don't pass (and need) an Admin key
|
|
CephAdminKey:
|
|
default: ''
|
|
description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
CephClientKey:
|
|
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
CephClientUserName:
|
|
default: openstack
|
|
type: string
|
|
CephClusterFSID:
|
|
type: string
|
|
description: The Ceph cluster FSID. Must be a UUID.
|
|
CinderRbdPoolName:
|
|
default: volumes
|
|
type: string
|
|
CinderRbdExtraPools:
|
|
default: []
|
|
description: >
|
|
List of extra Ceph pools for use with RBD backends for Cinder. An
|
|
extra Cinder RBD backend driver is created for each pool in the
|
|
list. This is in addition to the standard RBD backend driver
|
|
associated with the CinderRbdPoolName.
|
|
type: comma_delimited_list
|
|
CinderBackupRbdPoolName:
|
|
default: backups
|
|
type: string
|
|
GlanceRbdPoolName:
|
|
default: images
|
|
type: string
|
|
GnocchiRbdPoolName:
|
|
default: metrics
|
|
type: string
|
|
NovaRbdPoolName:
|
|
default: vms
|
|
type: string
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ManilaCephFSNativeCephFSAuthId:
|
|
type: string
|
|
default: 'manila'
|
|
CephManilaClientKey:
|
|
default: ''
|
|
description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
|
|
type: string
|
|
hidden: true
|
|
# DEPRECATED options for compatibility with overcloud.yaml
|
|
# This should be removed and manipulation of the ControllerServices list
|
|
# used instead, but we need client support for that first
|
|
ControllerEnableCephStorage:
|
|
default: false
|
|
description: Whether to deploy Ceph Storage (OSD) on the Controller
|
|
type: boolean
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: Do not use deprecated params, they will be removed.
|
|
parameters:
|
|
- ControllerEnableCephStorage
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ceph base service.
|
|
value:
|
|
service_name: ceph_base
|
|
config_settings:
|
|
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
|
|
ceph::profile::params::osds: {/srv/data: {}}
|
|
ceph::profile::params::manage_repo: false
|
|
ceph::profile::params::authentication_type: cephx
|
|
ceph::profile::params::fsid: {get_param: CephClusterFSID}
|
|
# FIXME(gfidente): we should not have to list the packages explicitly in the templates,
|
|
# but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed
|
|
ceph::params::packages:
|
|
- ceph-base
|
|
- ceph-mon
|
|
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
|
|
# for the given network; replacement examples (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
ceph::profile::params::cluster_network:
|
|
str_replace:
|
|
template: "NETWORK_subnet"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
|
|
ceph::profile::params::public_network:
|
|
str_replace:
|
|
template: "NETWORK_subnet"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
|
|
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
|
|
ceph::profile::params::client_keys:
|
|
map_replace:
|
|
- client.admin:
|
|
secret: {get_param: CephAdminKey}
|
|
mode: '0600'
|
|
cap_mon: 'allow *'
|
|
cap_osd: 'allow *'
|
|
cap_mds: 'allow *'
|
|
client.bootstrap-osd:
|
|
secret: {get_param: CephAdminKey}
|
|
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
|
|
cap_mon: 'allow profile bootstrap-osd'
|
|
CEPH_CLIENT_KEY:
|
|
secret: {get_param: CephClientKey}
|
|
mode: '0640'
|
|
user: 'ceph'
|
|
group: 'ceph'
|
|
cap_mon: 'allow r'
|
|
cap_osd:
|
|
str_replace:
|
|
template: 'allow class-read object_prefix rbd_children, allow rwx pool=CEPH_CLIENT_POOLS'
|
|
params:
|
|
CEPH_CLIENT_POOLS:
|
|
list_join:
|
|
- ', allow rwx pool='
|
|
- - {get_param: CinderRbdPoolName}
|
|
- {get_param: CinderBackupRbdPoolName}
|
|
- {get_param: NovaRbdPoolName}
|
|
- {get_param: GlanceRbdPoolName}
|
|
- {get_param: GnocchiRbdPoolName}
|
|
# CinderRbdExtraPools is a list (do not indent further)
|
|
- {get_param: CinderRbdExtraPools}
|
|
MANILA_CLIENT_KEY:
|
|
mode: '0640'
|
|
user: 'ceph'
|
|
group: 'ceph'
|
|
secret: {get_param: CephManilaClientKey}
|
|
cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
|
|
cap_mds: 'allow *'
|
|
cap_osd: 'allow rw'
|
|
- keys:
|
|
CEPH_CLIENT_KEY:
|
|
list_join: ['.', ['client', {get_param: CephClientUserName}]]
|
|
MANILA_CLIENT_KEY:
|
|
list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
|
|
service_config_settings:
|
|
ceph_osd:
|
|
ceph::params::packages:
|
|
- ceph-base
|
|
- ceph-mon
|
|
- ceph-osd
|