2016-02-29 23:35:07 +08:00
---
# You can override vars by using host or group vars
###########
# GENERAL #
###########
mon_group_name : mons
# ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
monitor_secret : "{{ monitor_keyring.stdout }}"
2017-07-05 17:07:00 +08:00
admin_secret : 'admin_secret'
2016-02-29 23:35:07 +08:00
# Secure your cluster
# This will set the following flags on all the pools:
# * nosizechange
# * nopgchange
# * nodelete
secure_cluster : false
secure_cluster_flags :
- nopgchange
- nodelete
- nosizechange
2016-03-10 04:12:52 +08:00
# Enable the Calamari-backed REST API on a Monitor
calamari : false
2016-02-29 23:35:07 +08:00
2017-03-13 20:46:38 +08:00
# Enable debugging for Calamari
calamari_debug : false
2017-06-12 16:36:29 +08:00
2017-10-12 20:55:53 +08:00
##########
# CEPHFS #
##########
cephfs : cephfs # name of the ceph filesystem
cephfs_data : cephfs_data # name of the data pool for a given filesystem
cephfs_metadata : cephfs_metadata # name of the metadata pool for a given filesystem
cephfs_pools :
- { name : "{{ cephfs_data }}" , pgs : "" }
- { name : "{{ cephfs_metadata }}" , pgs : "" }
###############
# CRUSH RULES #
###############
2017-06-12 16:36:29 +08:00
crush_rule_config : false
crush_rule_hdd :
name : HDD
root : HDD
type : rack
default : true
crush_rule_ssd :
name : SSD
root : SSD
type : host
default : false
crush_rules :
- "{{ crush_rule_hdd }}"
- "{{ crush_rule_ssd }}"
2017-10-12 20:55:53 +08:00
2016-02-29 23:35:07 +08:00
#############
# OPENSTACK #
#############
openstack_config : false
openstack_glance_pool :
name : images
2016-12-05 21:21:54 +08:00
pg_num : "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
rule_name : ""
2016-02-29 23:35:07 +08:00
openstack_cinder_pool :
name : volumes
2016-12-05 21:21:54 +08:00
pg_num : "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
rule_name : ""
2016-02-29 23:35:07 +08:00
openstack_nova_pool :
name : vms
2016-12-05 21:21:54 +08:00
pg_num : "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
rule_name : ""
2016-02-29 23:35:07 +08:00
openstack_cinder_backup_pool :
name : backups
2016-12-05 21:21:54 +08:00
pg_num : "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
rule_name : ""
2017-06-20 02:25:59 +08:00
openstack_gnocchi_pool :
name : metrics
pg_num : "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
rule_name : ""
2016-02-29 23:35:07 +08:00
2016-09-21 20:21:41 +08:00
openstack_pools :
- "{{ openstack_glance_pool }}"
- "{{ openstack_cinder_pool }}"
- "{{ openstack_nova_pool }}"
- "{{ openstack_cinder_backup_pool }}"
2017-06-20 02:25:59 +08:00
- "{{ openstack_gnocchi_pool }}"
2016-09-21 20:21:41 +08:00
2017-06-23 18:35:39 +08:00
# The value for 'key' can be a pre-generated key,
# e.g key: "AQDC2UxZH4yeLhAAgTaZb+4wDUlYOsr1OfZSpQ=="
# By default, keys will be auto-generated.
2017-09-06 16:53:30 +08:00
#
2017-07-20 06:20:18 +08:00
# To have have ansible setfacl the generated key, set the acls var like so:
# acls: ["u:nova:r--", "u:cinder:r--", "u:glance:r--", "u:gnocchi:r--"]
2016-02-29 23:35:07 +08:00
openstack_keys :
2017-08-10 04:52:18 +08:00
- { name: client.glance, key : "$(ceph-authtool --gen-print-key)" , mon_cap : "allow r" , osd_cap : "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_glance_pool.name }}" , mode : "0600" , acls : [ ] }
- { name: client.cinder, key : "$(ceph-authtool --gen-print-key)" , mon_cap : "allow r" , osd_cap : "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_cinder_pool.name }}, allow rwx pool={{ openstack_nova_pool.name }}, allow rx pool={{ openstack_glance_pool.name }}" , mode : "0600" , acls : [ ] }
- { name: client.cinder-backup, key : "$(ceph-authtool --gen-print-key)" , mon_cap : "allow r" , osd_cap : "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_cinder_backup_pool.name }}" , mode : "0600" , acls : [ ] }
- { name: client.gnocchi, key : "$(ceph-authtool --gen-print-key)" , mon_cap : "allow r" , osd_cap : "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_gnocchi_pool.name }}" , mode : "0600" , acls : [ ] }
- { name: client.openstack, key : "$(ceph-authtool --gen-print-key)" , mon_cap : "allow r" , osd_cap : "allow class-read object_prefix rbd_children, allow rwx pool=images, allow rwx pool=vms, allow rwx pool=volumes, allow rwx pool=backups" , mode : "0600" , acls : [ ] }
2016-02-29 23:35:07 +08:00
2017-10-12 20:55:53 +08:00
2016-02-29 23:35:07 +08:00
##########
# DOCKER #
##########
2017-07-07 21:48:53 +08:00
2017-09-06 16:53:30 +08:00
# Resource limitation
# For the whole list of limits you can apply see: docs.docker.com/engine/admin/resource_constraints
# Default values are based from: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html/red_hat_ceph_storage_hardware_guide/minimum_recommendations
# These options can be passed using the 'ceph_mon_docker_extra_env' variable.
ceph_mon_docker_memory_limit : 1g
ceph_mon_docker_cpu_limit : 1
2017-07-07 21:48:53 +08:00
# Use this variable to add extra env configuration to run your mon container.
# If you want to set a custom admin keyring you can set this variable like following:
2017-08-31 18:04:40 +08:00
# ceph_mon_docker_extra_env: -e ADMIN_SECRET={{ admin_secret }}
ceph_mon_docker_extra_env :
2016-03-31 22:39:02 +08:00
mon_docker_privileged : false
mon_docker_net_host : true
2016-11-03 17:16:33 +08:00
ceph_config_keys : [ ] # DON'T TOUCH ME
2017-07-05 21:47:48 +08:00
###########
# SYSTEMD #
###########
# ceph_mon_systemd_overrides will override the systemd settings
# for the ceph-mon services.
# For example,to set "PrivateDevices=false" you can specify:
#ceph_mon_systemd_overrides:
# Service:
# PrivateDevices: False