{"heat_template_version": "wallaby", "description": "Provides the list of common container volumes and environment used by various cinder services.\n", "parameters": {"EndpointMap": {"default": {}, "description": "Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.", "type": "json"}, "ServiceData": {"default": {}, "description": "Dictionary packing service data", "type": "json"}, "ServiceNetMap": {"default": {}, "description": "Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults.", "type": "json"}, "RoleName": {"default": "", "description": "Role name on which the service is applied", "type": "string"}, "RoleParameters": {"default": {}, "description": "Parameters specific to the role", "type": "json"}, "CinderVolumeOptVolumes": {"default": [], "description": "list of optional volumes to be mounted", "type": "comma_delimited_list"}, "CinderBackupOptVolumes": {"default": [], "description": "list of optional volumes to be mounted", "type": "comma_delimited_list"}, "CinderVolumeOptEnvVars": {"default": {}, "description": "hash of optional environment variables", "type": "json"}, "CinderEnableIscsiBackend": {"default": true, "description": "Whether to enable or not the Iscsi backend for Cinder", "type": "boolean"}, "CinderEnableNVMeOFBackend": {"default": false, "description": "Whether to enable or not the NVMeOF backend for Cinder", "type": "boolean"}, "CinderLVMConfigureVG": {"default": true, "description": "Whether to configure the 'cinder-volumes' VG used by the LVM driver. When disabled (set to False), the LVM driver will work as long as the 'cinder-volumes' VG has been created through some other means.\n", "type": "boolean"}, "CinderLVMLoopDeviceSize": {"default": 10280, "description": "The size of the loopback file used by the cinder LVM driver.", "type": "number"}, "MultipathdEnable": {"default": false, "description": "Whether to enable the multipath daemon", "type": "boolean"}, "CinderVolumeCluster": {"default": "", "description": "The cluster name used for deploying the cinder-volume service in an active-active (A/A) configuration. This configuration requires the Cinder backend drivers support A/A, and the cinder-volume service not be managed by pacemaker. If these criteria are not met then the cluster name must be left blank.\n", "type": "string"}, "CinderImageConversionNfsShare": {"default": "", "description": "When set, the NFS share to be used for Cinder's image conversion directory.", "type": "string"}, "CinderImageConversionNfsOptions": {"default": "_netdev,bg,intr,context=system_u:object_r:container_file_t:s0", "description": "NFS mount options when using an NFS share for Cinder's image conversion directory.", "type": "string"}, "EnableInternalTLS": {"type": "boolean", "default": false}, "EnableEtcdInternalTLS": {"description": "Controls whether etcd and the cinder-volume service use TLS for cinder's lock manager, even when the rest of the internal API network is using TLS.", "type": "boolean", "default": true}, "CephConfigPath": {"type": "string", "default": "/var/lib/tripleo-config/ceph", "description": "The path where the Ceph Cluster config files are stored on the host.\n"}, "CephClientUserName": {"default": "openstack", "type": "string"}, "CephClusterName": {"type": "string", "default": "ceph", "description": "The Ceph cluster name.", "constraints": [{"allowed_pattern": "[a-zA-Z0-9]+", "description": "The Ceph cluster name must be at least 1 character and contain only letters and numbers.\n"}]}, "CephExternalMultiConfig": {"type": "json", "hidden": true, "description": "List of maps describing extra overrides which will be applied when configuring\nextra external Ceph clusters. If this list is non-empty, ceph-ansible will run\nan extra count(list) times using the same parameters as the first run except\neach parameter within each map will override the defaults. If the following\nwere used, the second run would configure the overcloud to also use the ceph2\ncluster with all the previous parameters except /etc/ceph/ceph2.conf would have\na mon_host entry containing the value of external_cluster_mon_ips below, and\nnot the default CephExternalMonHost. Subsequent ceph-ansible runs are restricted\nto just ceph clients. CephExternalMultiConfig may not be used to deploy additional\ninternal Ceph clusters within one Heat stack. The map for each list should contain\nnot tripleo-heat-template parameters but ceph-ansible parameters.\n  - cluster: 'ceph2'\n    fsid: 'e2cba068-5f14-4b0f-b047-acf375c0004a'\n    external_cluster_mon_ips: '172.18.0.5,172.18.0.6,172.18.0.7'\n    keys:\n      - name: \"client.openstack\"\n        caps:\n          mgr: \"allow *\"\n          mon: \"profile rbd\"\n          osd: \"osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms, profile rbd pool=images\"\n        key: \"AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q==\"\n        mode: \"0600\"\n    dashboard_enabled: false\n", "default": []}}, "conditions": {"cvol_active_active_tls_enabled": {"and": [{"not": {"equals": [{"get_param": "CinderVolumeCluster"}, ""]}}, {"get_param": "EnableInternalTLS"}, {"get_param": "EnableEtcdInternalTLS"}]}, "cinder_nfs_conversion_dir_enabled": {"not": {"equals": [{"get_param": "CinderImageConversionNfsShare"}, ""]}}, "cinder_configure_lvm": {"and": [{"get_param": "CinderLVMConfigureVG"}, {"or": [{"get_param": "CinderEnableIscsiBackend"}, {"get_param": "CinderEnableNVMeOFBackend"}]}]}}, "resources": {"ContainersCommon": {"type": "file:///usr/share/openstack-tripleo-heat-templates/deployment/containers-common.yaml"}, "CinderNVMeOF": {"type": "file:///usr/share/openstack-tripleo-heat-templates/deployment/cinder/cinder-backend-nvmeof-puppet.yaml"}}, "outputs": {"cinder_image_conversion_nfs_dir": {"description": "The directory where cinder does its image conversion when the directory is backed by an NFS share.", "value": "/var/lib/cinder_image_conversion"}, "cinder_common_host_prep_tasks": {"description": "Common host prep tasks for cinder-volume and cinder-backup services", "value": {"list_concat": [[{"name": "create fcontext entry for cinder data", "community.general.sefcontext": {"target": "/var/lib/cinder(/.*)?", "setype": "container_file_t", "state": "present"}}, {"name": "create persistent directories", "file": {"path": "{{ item.path }}", "state": "directory", "setype": "{{ item.setype }}", "mode": "{{ item.mode|default(omit) }}"}, "with_items": [{"path": "/var/log/containers/cinder", "setype": "container_file_t", "mode": "0750"}, {"path": "/var/lib/cinder", "setype": "container_file_t"}]}, {"name": "ensure ceph configurations exist", "file": {"path": {"get_param": "CephConfigPath"}, "state": "directory"}}], {"get_attr": ["CinderNVMeOF", "cinder_nvmeof_host_prep_tasks"]}]}}, "cinder_common_volumes": {"description": "Common volumes for all cinder services", "value": {"list_concat": [{"get_attr": ["ContainersCommon", "volumes"]}, ["/var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro", "/var/log/containers/cinder:/var/log/cinder:z"], {"if": ["cvol_active_active_tls_enabled", ["/etc/pki/tls/certs/etcd.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/etcd.crt:ro", "/etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro"]]}]}}, "cinder_common_kolla_config_files": {"description": "Common kolla config_files for cinder-volume and cinder-backup services", "value": [{"source": "/var/lib/kolla/config_files/src/*", "dest": "/", "merge": true, "preserve_properties": true}, {"source": "/var/lib/kolla/config_files/src-ceph/", "dest": "/etc/ceph/", "merge": true, "preserve_properties": true}, {"source": "/var/lib/kolla/config_files/src-iscsid/*", "dest": "/etc/iscsi/", "merge": true, "preserve_properties": true}, {"source": "/var/lib/kolla/config_files/src-tls/*", "dest": "/", "merge": true, "preserve_properties": true, "optional": true}]}, "cinder_common_kolla_permissions": {"description": "Common kolla permissions for cinder-volume and cinder-backup services", "value": {"list_concat": [[{"path": "/var/log/cinder", "owner": "cinder:cinder", "recurse": true}, {"path": {"str_replace": {"template": "/etc/ceph/CLUSTER.client.USER.keyring", "params": {"CLUSTER": {"get_param": "CephClusterName"}, "USER": {"get_param": "CephClientUserName"}}}}, "owner": "cinder:cinder", "perm": "0600"}, {"path": "/etc/pki/tls/certs/etcd.crt", "owner": "cinder:cinder"}, {"path": "/etc/pki/tls/private/etcd.key", "owner": "cinder:cinder"}], {"repeat": {"template": {"path": "/etc/ceph/<%cluster%>.client.*.keyring", "owner": "cinder:cinder", "perm": "0600"}, "for_each": {"<%cluster%>": {"yaql": {"expression": "$.data.multiconfig.select($.cluster)", "data": {"multiconfig": {"get_param": "CephExternalMultiConfig"}}}}}}}]}}, "cinder_volume_host_prep_and_system_upgrade_post_tasks": {"description": "Common host_prep and system_upgrade post tasks for cinder-volume", "value": [{"name": "Support using an NFS share for cinder image conversion", "vars": {"image_conversion_nfs_enabled": {"if": ["cinder_nfs_conversion_dir_enabled", true, false]}}, "when": ["image_conversion_nfs_enabled|bool"], "block": [{"name": "Create cinder image conversion directory", "file": {"path": "/var/lib/cinder_image_conversion", "state": "directory"}}, {"name": "Mount cinder's image conversion NFS share", "vars": {"image_conversion_nfs_share": {"get_param": "CinderImageConversionNfsShare"}, "image_conversion_nfs_options": {"get_param": "CinderImageConversionNfsOptions"}}, "mount": {"path": "/var/lib/cinder_image_conversion", "state": "mounted", "fstype": "nfs4", "src": "{{ image_conversion_nfs_share }}", "opts": "{{ image_conversion_nfs_options }}"}}]}]}, "cinder_volume_host_prep_tasks": {"description": "Host prep tasks for the cinder-volume service (HA or non-HA)", "value": {"list_concat": [{"list_concat": [[{"name": "create fcontext entry for cinder data", "community.general.sefcontext": {"target": "/var/lib/cinder(/.*)?", "setype": "container_file_t", "state": "present"}}, {"name": "create persistent directories", "file": {"path": "{{ item.path }}", "state": "directory", "setype": "{{ item.setype }}", "mode": "{{ item.mode|default(omit) }}"}, "with_items": [{"path": "/var/log/containers/cinder", "setype": "container_file_t", "mode": "0750"}, {"path": "/var/lib/cinder", "setype": "container_file_t"}]}, {"name": "ensure ceph configurations exist", "file": {"path": {"get_param": "CephConfigPath"}, "state": "directory"}}], {"get_attr": ["CinderNVMeOF", "cinder_nvmeof_host_prep_tasks"]}]}, [{"name": "Support using an NFS share for cinder image conversion", "vars": {"image_conversion_nfs_enabled": {"if": ["cinder_nfs_conversion_dir_enabled", true, false]}}, "when": ["image_conversion_nfs_enabled|bool"], "block": [{"name": "Create cinder image conversion directory", "file": {"path": "/var/lib/cinder_image_conversion", "state": "directory"}}, {"name": "Mount cinder's image conversion NFS share", "vars": {"image_conversion_nfs_share": {"get_param": "CinderImageConversionNfsShare"}, "image_conversion_nfs_options": {"get_param": "CinderImageConversionNfsOptions"}}, "mount": {"path": "/var/lib/cinder_image_conversion", "state": "mounted", "fstype": "nfs4", "src": "{{ image_conversion_nfs_share }}", "opts": "{{ image_conversion_nfs_options }}"}}]}], [{"name": "cinder_configure_lvm fact", "set_fact": {"cinder_configure_lvm": {"if": ["cinder_configure_lvm", true, false]}}}, {"when": "cinder_configure_lvm|bool", "block": [{"name": "ensure LVM rpm dependencies are installed", "package": {"name": "lvm2", "state": "latest"}}, {"name": "cinder create LVM volume group dd", "command": {"list_join": ["", ["dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=", {"str_replace": {"template": "VALUE", "params": {"VALUE": {"get_param": "CinderLVMLoopDeviceSize"}}}}, "M"]]}, "args": {"creates": "/var/lib/cinder/cinder-volumes"}}, {"name": "Get or create LVM loopback device", "shell": "exit_code=0\nexisting_device=$(losetup -j /var/lib/cinder/cinder-volumes -l -n -O NAME)\nif [[ -z \"${existing_device}\" ]]; then\n    losetup -f /var/lib/cinder/cinder-volumes --show\n    exit_code=2\nelse\n    echo ${existing_device%$'\\n'*}\nfi\nexit ${exit_code}", "args": {"executable": "/bin/bash"}, "register": "_loopback_device", "changed_when": "_loopback_device.rc == 2", "failed_when": "_loopback_device.rc not in [0,2]"}, {"name": "Create LVM volume group", "community.general.lvg": {"vg": "cinder-volumes", "pvs": "{{ _loopback_device.stdout }}", "state": "present"}, "when": ["not (ansible_check_mode | bool)"]}, {"name": "cinder create service to run losetup for LVM on startup", "copy": {"dest": "/etc/systemd/system/cinder-lvm-losetup.service", "content": "[Unit]\nDescription=Cinder LVM losetup\nDefaultDependencies=no\nConflicts=umount.target\nRequires=lvm2-monitor.service systemd-udev-settle.service\nBefore=local-fs.target umount.target\nAfter=var.mount lvm2-monitor.service systemd-udev-settle.service\n\n[Service]\nType=oneshot\nExecStart=/sbin/losetup {{ _loopback_device.stdout }} /var/lib/cinder/cinder-volumes\nExecStop=/sbin/losetup -d {{ _loopback_device.stdout }}\nRemainAfterExit=yes\n\n[Install]\nWantedBy=local-fs-pre.target\n"}, "when": ["not (ansible_check_mode | bool)"]}, {"name": "cinder enable the LVM losetup service", "systemd": {"name": "cinder-lvm-losetup", "enabled": true, "daemon_reload": true}}]}]]}}, "cinder_volume_upgrade_tasks": {"description": "Upgrade tasks for the cinder-volume service (HA or non-HA)", "value": [{"name": "cinder-volume pre system_upgrade tasks", "tags": ["never", "system_upgrade", "system_upgrade_run", "system_upgrade_nfsmounts"], "when": ["step|int == 3", "upgrade_leapp_enabled"], "block": [{"name": "Unmount cinder's image conversion NFS share", "vars": {"image_conversion_nfs_share": {"get_param": "CinderImageConversionNfsShare"}, "image_conversion_nfs_options": {"get_param": "CinderImageConversionNfsOptions"}, "image_conversion_nfs_enabled": {"if": ["cinder_nfs_conversion_dir_enabled", true, false]}}, "when": "image_conversion_nfs_enabled|bool", "mount": {"path": "/var/lib/cinder_image_conversion", "state": "absent", "fstype": "nfs4"}}]}, {"name": "cinder-volume post system_upgrade tasks", "tags": ["never", "system_upgrade", "system_upgrade_run", "system_upgrade_nfsmounts"], "when": ["step|int == 5", "upgrade_leapp_enabled"], "block": [{"name": "Support using an NFS share for cinder image conversion", "vars": {"image_conversion_nfs_enabled": {"if": ["cinder_nfs_conversion_dir_enabled", true, false]}}, "when": ["image_conversion_nfs_enabled|bool"], "block": [{"name": "Create cinder image conversion directory", "file": {"path": "/var/lib/cinder_image_conversion", "state": "directory"}}, {"name": "Mount cinder's image conversion NFS share", "vars": {"image_conversion_nfs_share": {"get_param": "CinderImageConversionNfsShare"}, "image_conversion_nfs_options": {"get_param": "CinderImageConversionNfsOptions"}}, "mount": {"path": "/var/lib/cinder_image_conversion", "state": "mounted", "fstype": "nfs4", "src": "{{ image_conversion_nfs_share }}", "opts": "{{ image_conversion_nfs_options }}"}}]}]}]}, "cinder_volume_config_settings": {"description": "Config settings for the cinder-volume container (HA or non-HA)", "value": {"if": ["cinder_nfs_conversion_dir_enabled", {"cinder::image_conversion_dir": "/var/lib/cinder_image_conversion"}, {}]}}, "cinder_volume_volumes": {"description": "Volumes for the cinder-volume container (HA or non-HA)", "value": {"list_concat": [{"list_concat": [{"get_attr": ["ContainersCommon", "volumes"]}, ["/var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro", "/var/log/containers/cinder:/var/log/cinder:z"], {"if": ["cvol_active_active_tls_enabled", ["/etc/pki/tls/certs/etcd.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/etcd.crt:ro", "/etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro"]]}]}, {"get_attr": ["CinderNVMeOF", "cinder_nvmeof_volumes"]}, {"get_param": "CinderVolumeOptVolumes"}, ["/var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro", "/var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro", {"list_join": [":", [{"get_param": "CephConfigPath"}], ["/var/lib/kolla/config_files/src-ceph"], ["z"]]}, "/lib/modules:/lib/modules:ro", "/dev:/dev", "/run:/run", "/sys:/sys", "/var/lib/cinder:/var/lib/cinder:z", "/var/lib/iscsi:/var/lib/iscsi:z"], {"if": [{"get_param": "CinderEnableIscsiBackend"}, ["/etc/target:/etc/target:z"]]}, {"if": [{"get_param": "MultipathdEnable"}, ["/etc/multipath:/etc/multipath:z", "/etc/multipath.conf:/etc/multipath.conf:ro"]]}, {"if": ["cinder_nfs_conversion_dir_enabled", [{"str_replace": {"template": "DIR:DIR:slave", "params": {"DIR": "/var/lib/cinder_image_conversion"}}}]]}]}}, "cinder_volume_environment": {"description": "Docker environment for the cinder-volume container (HA or non-HA)", "value": {"map_merge": [{"get_param": "CinderVolumeOptEnvVars"}, {"KOLLA_CONFIG_STRATEGY": "COPY_ALWAYS"}]}}, "cinder_backup_host_prep_tasks": {"description": "Host prep tasks for the cinder-backup service (HA or non-HA)", "value": {"list_concat": [[{"name": "create fcontext entry for cinder data", "community.general.sefcontext": {"target": "/var/lib/cinder(/.*)?", "setype": "container_file_t", "state": "present"}}, {"name": "create persistent directories", "file": {"path": "{{ item.path }}", "state": "directory", "setype": "{{ item.setype }}", "mode": "{{ item.mode|default(omit) }}"}, "with_items": [{"path": "/var/log/containers/cinder", "setype": "container_file_t", "mode": "0750"}, {"path": "/var/lib/cinder", "setype": "container_file_t"}]}, {"name": "ensure ceph configurations exist", "file": {"path": {"get_param": "CephConfigPath"}, "state": "directory"}}], {"get_attr": ["CinderNVMeOF", "cinder_nvmeof_host_prep_tasks"]}]}}, "cinder_backup_volumes": {"description": "Volumes for the cinder-backup container (HA or non-HA)", "value": {"list_concat": [{"list_concat": [{"get_attr": ["ContainersCommon", "volumes"]}, ["/var/lib/config-data/puppet-generated/cinder:/var/lib/kolla/config_files/src:ro", "/var/log/containers/cinder:/var/log/cinder:z"], {"if": ["cvol_active_active_tls_enabled", ["/etc/pki/tls/certs/etcd.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/etcd.crt:ro", "/etc/pki/tls/private/etcd.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/etcd.key:ro"]]}]}, {"get_attr": ["CinderNVMeOF", "cinder_nvmeof_volumes"]}, {"get_param": "CinderBackupOptVolumes"}, ["/var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro", "/var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro", {"list_join": [":", [{"get_param": "CephConfigPath"}], ["/var/lib/kolla/config_files/src-ceph"], ["z"]]}, "/dev:/dev", "/run:/run", "/sys:/sys", "/lib/modules:/lib/modules:ro", "/var/lib/cinder:/var/lib/cinder:z", "/var/lib/iscsi:/var/lib/iscsi:z"], {"if": [{"get_param": "MultipathdEnable"}, ["/etc/multipath:/etc/multipath:z", "/etc/multipath.conf:/etc/multipath.conf:ro"]]}]}}, "cinder_backup_environment": {"description": "Docker environment for the cinder-backup container (HA or non-HA)", "value": {"KOLLA_CONFIG_STRATEGY": "COPY_ALWAYS"}}}}