X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fceph-ansible%2Fceph-base.yaml;h=18d3e6a39b89b13e781b58a2f583c2fd7c79520b;hb=896517755b917a5018e6529100d2cda5487a35d9;hp=85fe06081dcf032520e274331adcc01e7557e33a;hpb=de3717ecf8cafb07c5f2edbe725daccde1c856b6;p=apex-tripleo-heat-templates.git diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 85fe0608..18d3e6a3 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + StackUpdateType: + type: string + description: > + Type of update, to differentiate between UPGRADE and UPDATE cases + when StackAction is UPDATE (both are the same stack action). + constraints: + - allowed_values: ['', 'UPGRADE'] + default: '' CephAnsibleWorkflowName: type: string description: Name of the Mistral workflow to execute @@ -38,10 +46,18 @@ parameters: type: string description: Path to the ceph-ansible playbook to execute default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleUpgradePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute on upgrade + default: /usr/share/ceph-ansible/infrastructure-playbooks/switch-from-non-containerized-to-containerized-ceph-daemons.yml CephAnsibleExtraConfig: type: json description: Extra vars for the ceph-ansible playbook default: {} + CephAnsibleSkipTags: + type: string + description: List of ceph-ansible tags to skip + default: 'package-install,with_pkg' CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. @@ -78,29 +94,77 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: default: openstack type: string + CephRgwClientName: + default: radosgw + type: string + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true CephPoolDefaultSize: description: default minimum replication for RBD copies type: number default: 3 + ManilaCephFSNativeCephFSAuthId: + default: manila + type: string + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true CephIPv6: default: False type: boolean + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true DockerCephDaemonImage: description: image type: string - default: 'ceph/daemon:tag-build-master-jewel-centos-7' conditions: custom_registry_host: yaql: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') + perform_upgrade: + equals: [{get_param: StackUpdateType}, 'UPGRADE'] + +resources: + DockerImageUrlParts: + type: OS::Heat::Value + properties: + type: json + value: + host: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] + data: {get_param: DockerCephDaemonImage} + - docker.io + image: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[2] + data: {get_param: DockerCephDaemonImage} + - yaql: + expression: $.data.rightSplit(':', 1)[0] + data: {get_param: DockerCephDaemonImage} + image_tag: + yaql: + expression: $.data.rightSplit(':', 1)[1] + data: {get_param: DockerCephDaemonImage} outputs: role_data: @@ -119,27 +183,22 @@ outputs: - name: ceph_base_ansible_workflow workflow: { get_param: CephAnsibleWorkflowName } input: + ansible_skip_tags: {get_param: CephAnsibleSkipTags} ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} - ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + ceph_ansible_playbook: + if: + - perform_upgrade + - {get_param: CephAnsibleUpgradePlaybook} + - {get_param: CephAnsiblePlaybook} config_settings: ceph_common_ansible_vars: + ireallymeanit: 'yes' fsid: { get_param: CephClusterFSID } docker: true - ceph_docker_registry: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[1] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - docker.io - ceph_docker_image: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[2] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + ceph_release: jewel + ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} + ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]} + ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} @@ -186,17 +245,40 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - acls: - - "u:glance:r--" - - "u:nova:r--" - - "u:cinder:r--" - - "u:gnocchi:r--" + mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: ManilaCephFSNativeCephFSAuthId} + key: {get_param: CephManilaClientKey} + mon_cap: 'allow r, allow command \\\"auth del\\\", allow command \\\"auth caps\\\", allow command \\\"auth get\\\", allow command \\\"auth get-or-create\\\"' + mds_cap: "allow *" + osd_cap: "allow rw" + mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: CephRgwClientName} + key: {get_param: CephRgwKey} + mon_cap: "allow rw" + osd_cap: "allow rwx" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: global: osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'Member, _member_, admin' + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_s3_auth_use_keystone: 'true' ntp_service_enabled: false generate_fsid: false ip_version: