Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Containarise Barbican API
[apex-tripleo-heat-templates.git] / docker / services / ceph-ansible / ceph-base.yaml
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index e6ff392..d78ff7f 100644 (file)
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -30,6 +30,14 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  StackUpdateType:
+    type: string
+    description: >
+      Type of update, to differentiate between UPGRADE and UPDATE cases
+      when StackAction is UPDATE (both are the same stack action).
+    constraints:
+    - allowed_values: ['', 'UPGRADE']
+    default: ''
   CephAnsibleWorkflowName:
     type: string
     description: Name of the Mistral workflow to execute
@@ -38,10 +46,18 @@ parameters:
     type: string
     description: Path to the ceph-ansible playbook to execute
     default: /usr/share/ceph-ansible/site-docker.yml.sample
+  CephAnsibleUpgradePlaybook:
+    type: string
+    description: Path to the ceph-ansible playbook to execute on upgrade
+    default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml
   CephAnsibleExtraConfig:
     type: json
     description: Extra vars for the ceph-ansible playbook
     default: {}
+  CephAnsibleSkipTags:
+    type: string
+    description: List of ceph-ansible tags to skip
+    default: 'package-install,with_pkg'
   CephClusterFSID:
     type: string
     description: The Ceph cluster FSID. Must be a UUID.
@@ -78,7 +94,7 @@ parameters:
     default: vms
     type: string
   CephClientKey:
-    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
   CephClientUserName:
@@ -88,6 +104,14 @@ parameters:
     description: default minimum replication for RBD copies
     type: number
     default: 3
+  ManilaCephFSNativeCephFSAuthId:
+    default: manila
+    type: string
+  CephManilaClientKey:
+    default: ''
+    description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
   CephIPv6:
     default: False
     type: boolean
@@ -101,6 +125,8 @@ conditions:
     yaql:
       data: {get_param: DockerCephDaemonImage}
       expression: $.data.split('/')[0].matches('(\.|:)')
+  perform_upgrade:
+    equals: [{get_param: StackUpdateType}, 'UPGRADE']
 
 resources:
   DockerImageUrlParts:
@@ -112,14 +138,14 @@ resources:
           if:
           - custom_registry_host
           - yaql:
-              expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1]
+              expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
               data: {get_param: DockerCephDaemonImage}
           - docker.io
         image:
           if:
           - custom_registry_host
           - yaql:
-              expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2]
+              expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2]
               data: {get_param: DockerCephDaemonImage}
           - yaql:
               expression: $.data.rightSplit(':', 1)[0]
@@ -146,10 +172,16 @@ outputs:
           - name: ceph_base_ansible_workflow
             workflow: { get_param: CephAnsibleWorkflowName }
             input:
+              ansible_skip_tags: {get_param: CephAnsibleSkipTags}
               ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig}
-              ceph_ansible_playbook: {get_param: CephAnsiblePlaybook}
+              ceph_ansible_playbook:
+                if:
+                  - perform_upgrade
+                  - {get_param: CephAnsibleUpgradePlaybook}
+                  - {get_param: CephAnsiblePlaybook}
       config_settings:
         ceph_common_ansible_vars:
+          ireallymeanit: 'yes'
           fsid: { get_param: CephClusterFSID }
           docker: true
           ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]}
@@ -157,6 +189,7 @@ outputs:
           ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
           containerized_deployment: true
           public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
+          monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
           cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
           user_config: true
           ceph_stable: true
@@ -200,11 +233,17 @@ outputs:
                  CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
                  GLANCE_POOL: {get_param: GlanceRbdPoolName}
                  GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
-            acls:
-            - "u:glance:r--"
-            - "u:nova:r--"
-            - "u:cinder:r--"
-            - "u:gnocchi:r--"
+            mode: "0644"
+          - name:
+              list_join:
+              - '.'
+              - - client
+                - {get_param: ManilaCephFSNativeCephFSAuthId}
+            key: {get_param: CephManilaClientKey}
+            mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+            mds_cap: "allow *"
+            osd_cap: "allow rw"
+            mode: "0644"
           keys: *openstack_keys
           pools: []
           ceph_conf_overrides: