From ad8589212cee744351b9d224265fed9ed1dbf447 Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Tue, 11 Jul 2017 12:10:45 +0200 Subject: Let mds create manila key and fs ceph-ansible will take care of setting up client keys both in ceph and on client side. It will also create filesystem for manila. To assure that manila manifest can work in future both with puppet and with ceph-ansible, creation of filesystem is moved to ceph-mds manifest and creation of manila key on ceph side is moved to ceph-base (so manila key is always created), manila key is added to ceph-external for external ceph deployments. Key creation is removed from manila.pp in patch I2b5567a39ac8737e80758b705818cc1807dc8bf1 Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68 Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27 Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c --- docker/services/ceph-ansible/ceph-base.yaml | 2 +- docker/services/nova-libvirt.yaml | 2 +- environments/storage/external-ceph.yaml | 2 +- puppet/services/ceph-base.yaml | 18 +++++++++++++++++- puppet/services/ceph-external.yaml | 18 +++++++++++++++++- puppet/services/ceph-mds.yaml | 12 ++++++++++++ puppet/services/manila-backend-cephfs.yaml | 9 --------- puppet/services/nova-compute.yaml | 2 +- puppet/services/nova-libvirt.yaml | 2 +- 9 files changed, 51 insertions(+), 16 deletions(-) diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index e65c503b..476230d9 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -78,7 +78,7 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 62c25bb2..47414083 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -61,7 +61,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml index f1c9d516..0f2d0396 100644 --- a/environments/storage/external-ceph.yaml +++ b/environments/storage/external-ceph.yaml @@ -13,7 +13,7 @@ parameter_defaults: # Type: string CephAdminKey: '' - # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + # The Ceph client key. Can be created with ceph-authtool --gen-print-key. # Mandatory. This parameter must be set by the user. # Type: string CephClientKey: diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce9f9b9d..f6573f6c 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -11,7 +11,7 @@ parameters: type: string hidden: true CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -61,6 +61,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list # used instead, but we need client support for that first @@ -133,6 +141,14 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 97e44159..1459b851 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,7 @@ description: > parameters: CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -68,6 +68,14 @@ parameters: image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. type: string + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -94,9 +102,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] ceph::profile::params::manage_repo: false # FIXME(gfidente): we should not have to list the packages explicitly in # the templates, but this should stay until the following is fixed: diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index c561ea0e..ad799edb 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -35,6 +35,15 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string resources: CephBase: @@ -60,5 +69,8 @@ outputs: '112 ceph_mds': dport: - '6800-7300' + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: | include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9d6b508b..9207d99f 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -52,12 +52,6 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: false - ManilaCephFSDataPoolName: - default: manila_data - type: string - ManilaCephFSMetadataPoolName: - default: manila_metadata - type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -81,7 +75,4 @@ outputs: manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} - ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} - ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} - ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 36866a3a..22a743e0 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -37,7 +37,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 04936c33..9947becc 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -34,7 +34,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: -- cgit 1.2.3-korg