From 6d99e0a85b394415777a3f978fe4af778a6ba9ef Mon Sep 17 00:00:00 2001 From: Keith Schincke Date: Wed, 5 Jul 2017 22:16:26 -0400 Subject: Add support for deploying RGW with ceph-ansible This patch allows usage of ceph-ansible to configure the RGW service in the overcloud. Still uses puppet-keystone to create the necessary user and endpoint in the catalog. Co-Authored-By: Giulio Fidente Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4 (cherry picked from commit 5b3cd1dcacff408bcb482bdea6cded8755a39ebb) --- docker/services/ceph-ansible/ceph-base.yaml | 29 ++++++++++ docker/services/ceph-ansible/ceph-rgw.yaml | 87 +++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100644 docker/services/ceph-ansible/ceph-rgw.yaml (limited to 'docker/services') diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 2a592869..18d3e6a3 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -100,6 +100,14 @@ parameters: CephClientUserName: default: openstack type: string + CephRgwClientName: + default: radosgw + type: string + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true CephPoolDefaultSize: description: default minimum replication for RBD copies type: number @@ -115,6 +123,10 @@ parameters: CephIPv6: default: False type: boolean + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true DockerCephDaemonImage: description: image type: string @@ -244,12 +256,29 @@ outputs: mds_cap: "allow *" osd_cap: "allow rw" mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: CephRgwClientName} + key: {get_param: CephRgwKey} + mon_cap: "allow rw" + osd_cap: "allow rwx" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: global: osd_pool_default_size: {get_param: CephPoolDefaultSize} osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum} + rgw_keystone_api_version: 3 + rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + rgw_keystone_accepted_roles: 'Member, _member_, admin' + rgw_keystone_admin_domain: default + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_admin_password: {get_param: SwiftPassword} + rgw_s3_auth_use_keystone: 'true' ntp_service_enabled: false generate_fsid: false ip_version: diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml new file mode 100644 index 00000000..4bed9b46 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-rgw.yaml @@ -0,0 +1,87 @@ +heat_template_version: pike + +description: > + Ceph RadosGW service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftPassword: + description: The password for the swift service account + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph RadosGW service. + value: + service_name: ceph_rgw + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_rgw.firewall_rules: + '122 ceph rgw': + dport: {get_param: [EndpointMap, CephRgwInternal, port]} + - ceph_rgw_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - radosgw_keystone: true + radosgw_keystone_ssl: false + radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]} + radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]} + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ] + ceph::rgw::keystone::auth::tenant: service + ceph::rgw::keystone::auth::user: swift + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} -- cgit 1.2.3-korg