d9404f89c2
The current implementation of the Ceph CSI provisioner is tied too closely with the older Ceph RBD provisioner, which doesn't let the deployer deploy Ceph CSI provisioner without the old RBD provisioner. This patchset will decouple them such that they can be deployed independently from one another. A few other changes are needed as well: 1) The deployment/gate scripts are updated so that the old RBD and CSI RBD provisioners are separately enabled/disabled as needed. The original RBD provisioner is now deprecated. 2) Ceph-mon chart is updated because it had some RBD storageclass data in values.yaml that is not needed for ceph-mon deployment. 3) Fixed a couple of bugs in job-cephfs-client-key.yaml where RBD parameters were being used instead of cephfs parameters. Change-Id: Icb5f78dcefa51990baf1b6d92411eb641c2ea9e2
361 lines
9.3 KiB
YAML
361 lines
9.3 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Default values for ceph-mon.
|
|
# This is a YAML-formatted file.
|
|
# Declare name/value pairs to be passed into your templates.
|
|
# name: value
|
|
|
|
---
|
|
deployment:
|
|
ceph: true
|
|
storage_secrets: true
|
|
|
|
images:
|
|
pull_policy: IfNotPresent
|
|
tags:
|
|
ceph_bootstrap: 'docker.io/openstackhelm/ceph-daemon:change_770201_ubuntu_bionic-20210113'
|
|
ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:change_770201_ubuntu_bionic-20210113'
|
|
ceph_mon: 'docker.io/openstackhelm/ceph-daemon:change_770201_ubuntu_bionic-20210113'
|
|
ceph_mon_check: 'docker.io/openstackhelm/ceph-config-helper:change_770201_ubuntu_bionic-20210113'
|
|
dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0'
|
|
image_repo_sync: 'docker.io/library/docker:17.07.0'
|
|
local_registry:
|
|
active: false
|
|
exclude:
|
|
- dep_check
|
|
- image_repo_sync
|
|
|
|
labels:
|
|
job:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
mon:
|
|
node_selector_key: ceph-mon
|
|
node_selector_value: enabled
|
|
|
|
pod:
|
|
security_context:
|
|
mon:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
ceph_init_dirs:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: true
|
|
ceph_log_ownership:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: true
|
|
ceph_mon:
|
|
runAsUser: 64045
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
moncheck:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
ceph_mon:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
bootstrap:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
ceph_bootstrap:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
storage_keys_generator:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
ceph_storage_keys_generator:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
ceph:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
ceph-mds-keyring-generator:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
ceph-mgr-keyring-generator:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
ceph-mon-keyring-generator:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
ceph-osd-keyring-generator:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
dns_policy: "ClusterFirstWithHostNet"
|
|
replicas:
|
|
mon_check: 1
|
|
lifecycle:
|
|
upgrades:
|
|
daemonsets:
|
|
pod_replacement_strategy: RollingUpdate
|
|
mon:
|
|
enabled: true
|
|
min_ready_seconds: 0
|
|
max_unavailable: 1
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
|
topologyKey:
|
|
default: kubernetes.io/hostname
|
|
weight:
|
|
default: 10
|
|
resources:
|
|
enabled: false
|
|
mon:
|
|
requests:
|
|
memory: "50Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "100Mi"
|
|
cpu: "500m"
|
|
mon_check:
|
|
requests:
|
|
memory: "5Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "50Mi"
|
|
cpu: "500m"
|
|
jobs:
|
|
bootstrap:
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "500m"
|
|
secret_provisioning:
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "500m"
|
|
image_repo_sync:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
tolerations:
|
|
mon_check:
|
|
tolerations:
|
|
- effect: NoExecute
|
|
key: node.kubernetes.io/not-ready
|
|
operator: Exists
|
|
tolerationSeconds: 60
|
|
- effect: NoExecute
|
|
key: node.kubernetes.io/unreachable
|
|
operator: Exists
|
|
tolerationSeconds: 60
|
|
|
|
secrets:
|
|
keyrings:
|
|
mon: ceph-mon-keyring
|
|
mds: ceph-bootstrap-mds-keyring
|
|
osd: ceph-bootstrap-osd-keyring
|
|
mgr: ceph-bootstrap-mgr-keyring
|
|
admin: ceph-client-admin-keyring
|
|
|
|
network:
|
|
public: 192.168.0.0/16
|
|
cluster: 192.168.0.0/16
|
|
|
|
conf:
|
|
templates:
|
|
keyring:
|
|
admin: |
|
|
[client.admin]
|
|
key = {{ key }}
|
|
auid = 0
|
|
caps mds = "allow"
|
|
caps mon = "allow *"
|
|
caps osd = "allow *"
|
|
caps mgr = "allow *"
|
|
mon: |
|
|
[mon.]
|
|
key = {{ key }}
|
|
caps mon = "allow *"
|
|
bootstrap:
|
|
mds: |
|
|
[client.bootstrap-mds]
|
|
key = {{ key }}
|
|
caps mon = "allow profile bootstrap-mds"
|
|
mgr: |
|
|
[client.bootstrap-mgr]
|
|
key = {{ key }}
|
|
caps mgr = "allow profile bootstrap-mgr"
|
|
osd: |
|
|
[client.bootstrap-osd]
|
|
key = {{ key }}
|
|
caps mon = "allow profile bootstrap-osd"
|
|
ceph:
|
|
global:
|
|
# auth
|
|
cephx: true
|
|
cephx_require_signatures: false
|
|
cephx_cluster_require_signatures: true
|
|
cephx_service_require_signatures: false
|
|
objecter_inflight_op_bytes: "1073741824"
|
|
objecter_inflight_ops: 10240
|
|
debug_ms: "0/0"
|
|
mon_osd_down_out_interval: 1800
|
|
mon_osd_down_out_subtree_limit: root
|
|
mon_osd_min_in_ratio: 0
|
|
mon_osd_min_up_ratio: 0
|
|
mon_data_avail_warn: 15
|
|
log_file: /dev/stdout
|
|
mon_cluster_log_file: /dev/stdout
|
|
osd:
|
|
osd_mkfs_type: xfs
|
|
osd_mkfs_options_xfs: -f -i size=2048
|
|
osd_max_object_name_len: 256
|
|
ms_bind_port_min: 6800
|
|
ms_bind_port_max: 7100
|
|
osd_snap_trim_priority: 1
|
|
osd_snap_trim_sleep: 0.1
|
|
osd_pg_max_concurrent_snap_trims: 1
|
|
filestore_merge_threshold: -10
|
|
filestore_split_multiple: 12
|
|
filestore_max_sync_interval: 10
|
|
osd_scrub_begin_hour: 22
|
|
osd_scrub_end_hour: 4
|
|
osd_scrub_during_recovery: false
|
|
osd_scrub_sleep: 0.1
|
|
osd_scrub_chunk_min: 1
|
|
osd_scrub_chunk_max: 4
|
|
osd_scrub_load_threshold: 10.0
|
|
osd_deep_scrub_stride: "1048576"
|
|
osd_scrub_priority: 1
|
|
osd_recovery_op_priority: 1
|
|
osd_recovery_max_active: 1
|
|
osd_mount_options_xfs: "rw,noatime,largeio,inode64,swalloc,logbufs=8,logbsize=256k,allocsize=4M"
|
|
osd_journal_size: 10240
|
|
storage:
|
|
mon:
|
|
directory: /var/lib/openstack-helm/ceph/mon
|
|
|
|
dependencies:
|
|
dynamic:
|
|
common:
|
|
local_image_registry:
|
|
jobs:
|
|
- ceph-mon-image-repo-sync
|
|
services:
|
|
- endpoint: node
|
|
service: local_image_registry
|
|
static:
|
|
bootstrap:
|
|
jobs: null
|
|
services:
|
|
- endpoint: internal
|
|
service: ceph_mon
|
|
job_keyring_generator:
|
|
jobs: null
|
|
mon:
|
|
jobs:
|
|
- ceph-storage-keys-generator
|
|
- ceph-mon-keyring-generator
|
|
moncheck:
|
|
jobs:
|
|
- ceph-storage-keys-generator
|
|
- ceph-mon-keyring-generator
|
|
services:
|
|
- endpoint: discovery
|
|
service: ceph_mon
|
|
storage_keys_generator:
|
|
jobs: null
|
|
image_repo_sync:
|
|
services:
|
|
- endpoint: internal
|
|
service: local_image_registry
|
|
|
|
bootstrap:
|
|
enabled: false
|
|
script: |
|
|
ceph -s
|
|
function ensure_pool () {
|
|
ceph osd pool stats $1 || ceph osd pool create $1 $2
|
|
if [[ $(ceph mon versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
|
|
ceph osd pool application enable $1 $3
|
|
fi
|
|
}
|
|
#ensure_pool volumes 8 cinder
|
|
|
|
# if you change provision_storage_class to false
|
|
# it is presumed you manage your own storage
|
|
# class definition externally
|
|
# We iterate over each storageclass parameters
|
|
# and derive the manifest.
|
|
storageclass:
|
|
rbd:
|
|
parameters:
|
|
adminSecretName: pvc-ceph-conf-combined-storageclass
|
|
cephfs:
|
|
provision_storage_class: true
|
|
provisioner: ceph.com/cephfs
|
|
metadata:
|
|
name: cephfs
|
|
parameters:
|
|
adminId: admin
|
|
userSecretName: pvc-ceph-cephfs-client-key
|
|
adminSecretName: pvc-ceph-conf-combined-storageclass
|
|
adminSecretNamespace: ceph
|
|
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
local_image_registry:
|
|
name: docker-registry
|
|
namespace: docker-registry
|
|
hosts:
|
|
default: localhost
|
|
internal: docker-registry
|
|
node: localhost
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
registry:
|
|
node: 5000
|
|
ceph_mon:
|
|
namespace: null
|
|
hosts:
|
|
default: ceph-mon
|
|
discovery: ceph-mon-discovery
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
mon:
|
|
default: 6789
|
|
mon_msgr2:
|
|
default: 3300
|
|
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_etc: true
|
|
configmap_templates: true
|
|
daemonset_mon: true
|
|
deployment_moncheck: true
|
|
job_image_repo_sync: true
|
|
job_bootstrap: true
|
|
job_keyring: true
|
|
service_mon: true
|
|
service_mon_discovery: true
|
|
job_storage_admin_keys: true
|
|
...
|