1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
heat_template_version: 2015-04-30
description: 'Ceph Cluster config data for Puppet'
parameters:
ceph_storage_count:
default: 0
type: number
description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation.
ceph_external_mon_ips:
default: ''
type: string
description: List of external Ceph Mon host IPs.
ceph_client_key:
default: ''
type: string
description: Ceph key used to create the client user keyring.
ceph_fsid:
default: ''
type: string
ceph_admin_key:
default: ''
type: string
ceph_mon_key:
default: ''
type: string
ceph_mon_names:
type: comma_delimited_list
ceph_mon_ips:
type: comma_delimited_list
NovaRbdPoolName:
default: vms
type: string
CinderRbdPoolName:
default: volumes
type: string
GlanceRbdPoolName:
default: images
type: string
GnocchiRbdPoolName:
default: metrics
type: string
CephClientUserName:
default: openstack
type: string
CephIPv6:
default: False
type: boolean
resources:
CephClusterConfigImpl:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
config:
hiera:
datafiles:
ceph_cluster:
mapped_data:
ceph_ipv6: {get_param: CephIPv6}
ceph_storage_count: {get_param: ceph_storage_count}
ceph_mon_initial_members:
list_join:
- ','
- {get_param: ceph_mon_names}
ceph_mon_host:
list_join:
- ','
- {get_param: ceph_mon_ips}
ceph_mon_host_v6:
str_replace:
template: "'[IPS_LIST]'"
params:
IPS_LIST:
list_join:
- '],['
- {get_param: ceph_mon_ips}
ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
ceph::profile::params::fsid: {get_param: ceph_fsid}
ceph::profile::params::mon_key: {get_param: ceph_mon_key}
# We should use a separated key for the non-admin clients
ceph::profile::params::client_keys:
str_replace:
template: "{
client.admin: {
secret: 'ADMIN_KEY',
mode: '0600',
cap_mon: 'allow *',
cap_osd: 'allow *',
cap_mds: 'allow *'
},
client.bootstrap-osd: {
secret: 'ADMIN_KEY',
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
cap_mon: 'allow profile bootstrap-osd'
},
client.CLIENT_USER: {
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
CLIENT_USER: {get_param: CephClientUserName}
CLIENT_KEY: {get_param: ceph_client_key}
ADMIN_KEY: {get_param: ceph_admin_key}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
- - 'client'
- {get_param: CephClientUserName}
gnocchi::storage::ceph::ceph_keyring:
list_join:
- '.'
- - '/etc/ceph/ceph'
- 'client'
- {get_param: CephClientUserName}
- 'keyring'
ceph_client_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
outputs:
config_id:
description: The ID of the CephClusterConfigImpl resource.
value:
{get_resource: CephClusterConfigImpl}
|