2017-07-29 04:35:23 +08:00
---
# You can override vars by using host or group vars
###########
# GENERAL #
###########
2017-08-03 21:30:25 +08:00
######################################
# Releases name to number dictionary #
######################################
ceph_release_num :
dumpling : 0.67
emperor : 0.72
firefly : 0.80
giant : 0.87
hammer : 0.94
infernalis : 9
jewel : 10
kraken : 11
luminous : 12
mimic : 13
2018-06-01 01:02:46 +08:00
nautilus : 14
2019-04-05 00:52:49 +08:00
octopus : 15
2020-03-24 02:22:46 +08:00
pacific : 16
2021-02-02 06:39:07 +08:00
quincy : 17
2022-10-07 16:49:00 +08:00
reef : 18
2018-06-06 05:42:08 +08:00
dev : 99
2017-08-03 21:30:25 +08:00
2017-07-29 04:35:23 +08:00
# The 'cluster' variable determines the name of the cluster.
# Changing the default value to something else means that you will
# need to change all the command line calls as well, for example if
# your cluster name is 'foo':
# "ceph health" will become "ceph --cluster foo health"
#
# An easier way to handle this is to use the environment variable CEPH_ARGS
# So run: "export CEPH_ARGS="--cluster foo"
# With that you will be able to run "ceph health" normally
cluster : ceph
2017-08-03 21:30:25 +08:00
# Inventory host group variables
2017-07-29 04:35:23 +08:00
mon_group_name : mons
osd_group_name : osds
rgw_group_name : rgws
mds_group_name : mdss
nfs_group_name : nfss
rbdmirror_group_name : rbdmirrors
client_group_name : clients
2018-06-06 12:07:33 +08:00
iscsi_gw_group_name : iscsigws
2017-07-29 04:35:23 +08:00
mgr_group_name : mgrs
2019-04-04 10:54:41 +08:00
rgwloadbalancer_group_name : rgwloadbalancers
2020-07-25 06:05:41 +08:00
monitoring_group_name : monitoring
2022-03-03 20:44:53 +08:00
adopt_label_group_names :
- "{{ mon_group_name }}"
- "{{ osd_group_name }}"
- "{{ rgw_group_name }}"
- "{{ mds_group_name }}"
- "{{ nfs_group_name }}"
- "{{ rbdmirror_group_name }}"
- "{{ client_group_name }}"
- "{{ iscsi_gw_group_name }}"
- "{{ mgr_group_name }}"
- "{{ rgwloadbalancer_group_name }}"
- "{{ monitoring_group_name }}"
2017-07-29 04:35:23 +08:00
2018-06-11 20:51:58 +08:00
# If configure_firewall is true, then ansible will try to configure the
# appropriate firewalling rules so that Ceph daemons can communicate
# with each others.
2018-10-19 19:16:23 +08:00
configure_firewall : True
2018-06-11 20:51:58 +08:00
2017-11-20 22:11:38 +08:00
# Open ports on corresponding nodes if firewall is installed on it
ceph_mon_firewall_zone : public
2018-06-04 10:40:14 +08:00
ceph_mgr_firewall_zone : public
2017-11-20 22:11:38 +08:00
ceph_osd_firewall_zone : public
ceph_rgw_firewall_zone : public
ceph_mds_firewall_zone : public
ceph_nfs_firewall_zone : public
ceph_rbdmirror_firewall_zone : public
ceph_iscsi_firewall_zone : public
2018-12-06 02:59:47 +08:00
ceph_dashboard_firewall_zone : public
2019-04-04 10:54:41 +08:00
ceph_rgwloadbalancer_firewall_zone : public
2017-07-29 04:35:23 +08:00
2022-02-07 21:23:49 +08:00
# cephadm account for remote connections
cephadm_ssh_user : root
cephadm_ssh_priv_key_path : "/home/{{ cephadm_ssh_user }}/.ssh/id_rsa"
cephadm_ssh_pub_key_path : "{{ cephadm_ssh_priv_key_path }}.pub"
cephadm_mgmt_network : "{{ public_network }}"
2018-06-11 20:51:58 +08:00
2017-08-03 21:30:25 +08:00
############
# PACKAGES #
############
2019-04-16 15:58:52 +08:00
debian_package_dependencies : [ ]
2017-07-29 04:35:23 +08:00
centos_package_dependencies :
- epel-release
2021-03-03 22:43:50 +08:00
- "{{ (ansible_facts['distribution_major_version'] is version('8', '>=')) | ternary('python3-libselinux', 'libselinux-python') }}"
2017-07-29 04:35:23 +08:00
2019-04-16 15:58:52 +08:00
redhat_package_dependencies : [ ]
2019-08-20 18:32:19 +08:00
suse_package_dependencies : [ ]
2017-10-12 21:55:20 +08:00
2017-08-03 21:30:25 +08:00
# Whether or not to install the ceph-test package.
ceph_test : false
2018-09-06 00:59:50 +08:00
# Enable the ntp service by default to avoid clock skew on ceph nodes
# Disable if an appropriate NTP client is already installed and configured
2017-07-29 04:35:23 +08:00
ntp_service_enabled : true
2018-09-06 00:59:50 +08:00
# Set type of NTP client daemon to use, valid entries are chronyd, ntpd or timesyncd
2019-06-12 17:09:44 +08:00
ntp_daemon_type : chronyd
2018-09-06 00:59:50 +08:00
2017-08-03 21:30:25 +08:00
# This variable determines if ceph packages can be updated. If False, the
# package resources will use "state=present". If True, they will use
# "state=latest".
upgrade_ceph_packages : False
ceph_use_distro_backports : false # DEBIAN ONLY
2020-01-21 22:30:16 +08:00
ceph_directories_mode : "0755"
2017-07-29 04:35:23 +08:00
2017-08-03 21:30:25 +08:00
###########
# INSTALL #
###########
# ORIGIN SOURCE
2017-07-29 04:35:23 +08:00
#
2017-08-03 21:30:25 +08:00
# Choose between:
2017-10-12 21:55:20 +08:00
# - 'repository' means that you will get ceph installed through a new repository. Later below choose between 'community', 'rhcs', 'dev' or 'obs'
2017-08-03 21:30:25 +08:00
# - 'distro' means that no separate repo file will be added
# you will get whatever version of Ceph is included in your Linux distro.
2017-07-29 04:35:23 +08:00
# 'local' means that the ceph binaries will be copied over from the local machine
2018-08-28 04:58:20 +08:00
ceph_origin : dummy
2017-08-03 21:30:25 +08:00
valid_ceph_origins :
- repository
- distro
- local
2017-07-29 04:35:23 +08:00
2018-08-28 04:58:20 +08:00
ceph_repository : dummy
2017-08-03 21:30:25 +08:00
valid_ceph_repository :
- community
- rhcs
- dev
- uca
- custom
2017-10-12 21:55:20 +08:00
- obs
2017-07-29 04:35:23 +08:00
2017-08-03 21:30:25 +08:00
# REPOSITORY: COMMUNITY VERSION
#
# Enabled when ceph_repository == 'community'
#
2021-02-02 00:47:10 +08:00
ceph_mirror : https://download.ceph.com
2017-07-29 04:35:23 +08:00
ceph_stable_key : https://download.ceph.com/keys/release.asc
2022-10-07 16:49:00 +08:00
ceph_stable_release : reef
2017-07-29 04:35:23 +08:00
ceph_stable_repo : "{{ ceph_mirror }}/debian-{{ ceph_stable_release }}"
2017-08-21 20:38:21 +08:00
nfs_ganesha_stable : true # use stable repos for nfs-ganesha
2022-06-15 19:45:48 +08:00
centos_release_nfs : centos-release-nfs-ganesha4
nfs_ganesha_stable_deb_repo : http://ppa.launchpad.net/nfs-ganesha/nfs-ganesha-4/ubuntu
2022-01-19 17:19:37 +08:00
nfs_ganesha_apt_keyserver : keyserver.ubuntu.com
nfs_ganesha_apt_key_id : EA914D611053D07BD332E18010353E8834DC57CA
2022-06-15 19:45:48 +08:00
libntirpc_stable_deb_repo : http://ppa.launchpad.net/nfs-ganesha/libntirpc-4/ubuntu
2017-08-21 20:38:21 +08:00
2017-07-29 04:35:23 +08:00
# Use the option below to specify your applicable package tree, eg. when using non-LTS Ubuntu versions
# # for a list of available Debian distributions, visit http://download.ceph.com/debian-{{ ceph_stable_release }}/dists/
# for more info read: https://github.com/ceph/ceph-ansible/issues/305
2021-03-03 22:43:50 +08:00
#ceph_stable_distro_source: "{{ ansible_facts['distribution_release'] }}"
2017-07-29 04:35:23 +08:00
2017-08-03 21:30:25 +08:00
2020-03-27 02:41:14 +08:00
# REPOSITORY: RHCS VERSION RED HAT STORAGE (from 5.0)
2017-08-03 21:30:25 +08:00
#
# Enabled when ceph_repository == 'rhcs'
#
2020-03-27 02:41:14 +08:00
# This version is supported on RHEL 8
2017-07-29 04:35:23 +08:00
#
2020-03-27 02:41:14 +08:00
ceph_rhcs_version : "{{ ceph_stable_rh_storage_version | default(5) }}"
2017-07-29 04:35:23 +08:00
2017-08-03 21:30:25 +08:00
# REPOSITORY: UBUNTU CLOUD ARCHIVE
#
# Enabled when ceph_repository == 'uca'
#
2017-07-29 04:35:23 +08:00
# This allows the install of Ceph from the Ubuntu Cloud Archive. The Ubuntu Cloud Archive
# usually has newer Ceph releases than the normal distro repository.
#
2017-08-03 21:30:25 +08:00
#
UCA: Uncomment UCA variables in defaults, fix consequent breakage
The Ubuntu Cloud Archive-related (UCA) defaults in
roles/ceph-defaults/defaults/main.yml were commented out, which means
if you set `ceph_repository` to "uca", you get undefined variable
errors, e.g.
```
The task includes an option with an undefined variable. The error was: 'ceph_stable_repo_uca' is undefined
The error appears to have been in '/nfs/users/nfs_m/mv3/software/ceph-ansible/roles/ceph-common/tasks/installs/debian_uca_repository.yml': line 6, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: add ubuntu cloud archive repository
^ here
```
Unfortunately, uncommenting these results in some other breakage,
because further roles were written that use the fact of
`ceph_stable_release_uca` being defined as a proxy for "we're using
UCA", so try and install packages from the bionic-updates/queens
release, for example, which doesn't work. So there are a few `apt` tasks
that need modifying to not use `ceph_stable_release_uca` unless
`ceph_origin` is `repository` and `ceph_repository` is `uca`.
Closes: #3475
Signed-off-by: Matthew Vernon <mv3@sanger.ac.uk>
2019-03-27 21:34:47 +08:00
ceph_stable_repo_uca : "http://ubuntu-cloud.archive.canonical.com/ubuntu"
ceph_stable_openstack_release_uca : queens
2021-03-03 22:43:50 +08:00
ceph_stable_release_uca : "{{ ansible_facts['distribution_release'] }}-updates/{{ ceph_stable_openstack_release_uca }}"
2017-07-29 04:35:23 +08:00
2017-10-12 21:55:20 +08:00
# REPOSITORY: openSUSE OBS
#
# Enabled when ceph_repository == 'obs'
#
# This allows the install of Ceph from the openSUSE OBS repository. The OBS repository
# usually has newer Ceph releases than the normal distro repository.
#
#
2021-03-03 22:43:50 +08:00
ceph_obs_repo : "https://download.opensuse.org/repositories/filesystems:/ceph:/{{ ceph_stable_release }}/openSUSE_Leap_{{ ansible_facts['distribution_version'] }}/"
2017-07-29 04:35:23 +08:00
2017-08-03 21:30:25 +08:00
# REPOSITORY: DEV
#
# Enabled when ceph_repository == 'dev'
#
2022-05-25 02:40:00 +08:00
ceph_dev_branch: main # development branch you would like to use e.g : main, wip-hack
2017-07-29 04:35:23 +08:00
ceph_dev_sha1 : latest # distinct sha1 to use, defaults to 'latest' (as in latest built)
2017-08-21 20:38:21 +08:00
nfs_ganesha_dev : false # use development repos for nfs-ganesha
# Set this to choose the version of ceph dev libraries used in the nfs-ganesha packages from shaman
2022-05-25 02:40:00 +08:00
# flavors so far include: ceph_main, ceph_jewel, ceph_kraken, ceph_luminous
nfs_ganesha_flavor : "ceph_main"
2017-07-29 04:35:23 +08:00
2017-08-05 02:18:11 +08:00
ceph_iscsi_config_dev : true # special repo for deploying iSCSI gateways
2017-08-03 21:30:25 +08:00
# REPOSITORY: CUSTOM
#
# Enabled when ceph_repository == 'custom'
#
2017-07-29 04:35:23 +08:00
# Use a custom repository to install ceph. For RPM, ceph_custom_repo should be
# a URL to the .repo file to be installed on the targets. For deb,
# ceph_custom_repo should be the URL to the repo base.
2017-08-03 21:30:25 +08:00
#
2020-08-20 16:13:43 +08:00
#ceph_custom_key: https://server.domain.com/ceph-custom-repo/key.asc
2017-07-29 04:35:23 +08:00
ceph_custom_repo : https://server.domain.com/ceph-custom-repo
2017-08-03 21:30:25 +08:00
# ORIGIN: LOCAL CEPH INSTALLATION
#
# Enabled when ceph_repository == 'local'
#
# Path to DESTDIR of the ceph install
#ceph_installation_dir: "/path/to/ceph_installation/"
# Whether or not to use installer script rundep_installer.sh
# This script takes in rundep and installs the packages line by line onto the machine
# If this is set to false then it is assumed that the machine ceph is being copied onto will already have
# all runtime dependencies installed
#use_installer: false
# Root directory for ceph-ansible
#ansible_dir: "/path/to/ceph-ansible"
2017-07-29 04:35:23 +08:00
######################
# CEPH CONFIGURATION #
######################
## Ceph options
#
# Each cluster requires a unique, consistent filesystem ID. By
2020-10-06 13:53:06 +08:00
# default, the playbook generates one for you.
# If you want to customize how the fsid is
2017-07-29 04:35:23 +08:00
# generated, you may find it useful to disable fsid generation to
# avoid cluttering up your ansible repo. If you set `generate_fsid` to
# false, you *must* generate `fsid` in another way.
# ACTIVATE THE FSID VARIABLE FOR NON-VAGRANT DEPLOYMENT
fsid : "{{ cluster_uuid.stdout }}"
generate_fsid : true
ceph_conf_key_directory : /etc/ceph
2021-03-03 22:43:50 +08:00
ceph_uid : "{{ '64045' if not containerized_deployment | bool and ansible_facts['os_family'] == 'Debian' else '167' }}"
2020-01-16 22:38:08 +08:00
2018-06-25 21:12:56 +08:00
# Permissions for keyring files in /etc/ceph
ceph_keyring_permissions : '0600'
2017-07-29 04:35:23 +08:00
cephx : true
## Client options
#
rbd_cache : "true"
rbd_cache_writethrough_until_flush : "true"
rbd_concurrent_management_ops : 20
rbd_client_directories : true # this will create rbd_client_log_path and rbd_client_admin_socket_path directories with proper permissions
# Permissions for the rbd_client_log_path and
# rbd_client_admin_socket_path. Depending on your use case for Ceph
# you may want to change these values. The default, which is used if
# any of the variables are unset or set to a false value (like `null`
# or `false`) is to automatically determine what is appropriate for
# the Ceph version with non-OpenStack workloads -- ceph:ceph and 0770
# for infernalis releases, and root:root and 1777 for pre-infernalis
# releases.
#
# For other use cases, including running Ceph with OpenStack, you'll
# want to set these differently:
#
# For OpenStack on RHEL, you'll want:
# rbd_client_directory_owner: "qemu"
# rbd_client_directory_group: "libvirtd" (or "libvirt", depending on your version of libvirt)
# rbd_client_directory_mode: "0755"
#
# For OpenStack on Ubuntu or Debian, set:
# rbd_client_directory_owner: "libvirt-qemu"
# rbd_client_directory_group: "kvm"
# rbd_client_directory_mode: "0755"
#
# If you set rbd_client_directory_mode, you must use a string (e.g.,
# 'rbd_client_directory_mode: "0755"', *not*
# 'rbd_client_directory_mode: 0755', or Ansible will complain: mode
# must be in octal or symbolic form
2020-01-16 22:38:08 +08:00
rbd_client_directory_owner : ceph
rbd_client_directory_group : ceph
rbd_client_directory_mode : "0770"
2017-07-29 04:35:23 +08:00
rbd_client_log_path : /var/log/ceph
rbd_client_log_file : "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor
rbd_client_admin_socket_path : /var/run/ceph # must be writable by QEMU and allowed by SELinux or AppArmor
## Monitor options
#
# You must define either monitor_interface, monitor_address or monitor_address_block.
# These variables must be defined at least in all.yml and overrided if needed (inventory host file or group_vars/*.yml).
# Eg. If you want to specify for each monitor which address the monitor will bind to you can set it in your **inventory host file** by using 'monitor_address' variable.
# Preference will go to monitor_address if both monitor_address and monitor_interface are defined.
2018-08-28 04:58:20 +08:00
monitor_interface : interface
2019-12-10 01:23:15 +08:00
monitor_address : x.x.x.x
2017-10-19 00:03:30 +08:00
monitor_address_block : subnet
2017-07-29 04:35:23 +08:00
# set to either ipv4 or ipv6, whichever your network is using
ip_version : ipv4
2019-04-16 16:31:44 +08:00
mon_host_v1 :
enabled : True
suffix : ':6789'
mon_host_v2 :
suffix : ':3300'
2020-08-06 00:02:48 +08:00
enable_ceph_volume_debug : False
2018-05-01 03:21:12 +08:00
##########
# CEPHFS #
##########
2020-02-28 23:03:15 +08:00
# When pg_autoscale_mode is set to True, you must add the target_size_ratio key with a correct value
# `pg_num` and `pgp_num` keys will be ignored, even if specified.
# eg:
# cephfs_data_pool:
# name: "{{ cephfs_data if cephfs_data is defined else 'cephfs_data' }}"
# target_size_ratio: 0.2
2018-05-01 03:21:12 +08:00
cephfs : cephfs # name of the ceph filesystem
2019-04-19 03:12:55 +08:00
cephfs_data_pool :
2018-04-10 17:32:58 +08:00
name : "{{ cephfs_data if cephfs_data is defined else 'cephfs_data' }}"
2019-04-19 03:12:55 +08:00
cephfs_metadata_pool :
2018-04-10 17:32:58 +08:00
name : "{{ cephfs_metadata if cephfs_metadata is defined else 'cephfs_metadata' }}"
2018-05-01 03:21:12 +08:00
cephfs_pools :
2019-04-19 03:12:55 +08:00
- "{{ cephfs_data_pool }}"
- "{{ cephfs_metadata_pool }}"
2018-05-01 03:21:12 +08:00
2017-07-29 04:35:23 +08:00
## OSD options
#
2021-05-21 19:25:25 +08:00
lvmetad_disabled : false
2018-09-11 01:23:20 +08:00
is_hci : false
hci_safety_factor : 0.2
non_hci_safety_factor : 0.7
2022-07-11 16:23:56 +08:00
safety_factor : "{{ hci_safety_factor if is_hci | bool else non_hci_safety_factor }}"
2020-12-10 03:02:45 +08:00
osd_memory_target : 4294967296
2017-07-29 04:35:23 +08:00
journal_size : 5120 # OSD journal size in MB
2018-09-21 01:24:07 +08:00
block_db_size : -1 # block db size in bytes for the ceph-volume lvm batch. -1 means use the default of 'as big as possible'.
2018-08-28 04:58:20 +08:00
public_network : 0.0 .0 .0 /0
2018-01-30 21:39:58 +08:00
cluster_network : "{{ public_network | regex_replace(' ', '') }}"
2017-07-29 04:35:23 +08:00
osd_mkfs_type : xfs
osd_mkfs_options_xfs : -f -i size=2048
osd_mount_options_xfs : noatime,largeio,inode64,swalloc
2018-09-27 15:57:26 +08:00
osd_objectstore : bluestore
2017-07-29 04:35:23 +08:00
2019-02-11 20:52:37 +08:00
# Any device containing these patterns in their path will be excluded.
2019-12-17 04:12:47 +08:00
osd_auto_discovery_exclude : "dm-*|loop*|md*|rbd*"
2019-02-11 20:52:37 +08:00
2017-07-29 04:35:23 +08:00
## MDS options
#
2018-06-05 03:58:57 +08:00
mds_max_mds : 1
2017-07-29 04:35:23 +08:00
## Rados Gateway options
#
2021-02-22 22:26:10 +08:00
radosgw_frontend_type: beast # For additional frontends see : https://docs.ceph.com/en/latest/radosgw/frontends/
2018-07-27 23:46:38 +08:00
2021-07-29 23:42:03 +08:00
radosgw_frontend_port : 8080
2019-06-19 20:59:15 +08:00
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
radosgw_frontend_ssl_certificate : ""
2019-12-03 20:23:13 +08:00
radosgw_frontend_ssl_certificate_data : "" # certificate contents to be written to path defined by radosgw_frontend_ssl_certificate
2021-07-29 23:42:03 +08:00
radosgw_frontend_options : ""
2019-02-26 22:16:37 +08:00
radosgw_thread_pool_size : 512
2018-07-27 23:46:38 +08:00
2017-08-07 17:23:32 +08:00
# You must define either radosgw_interface, radosgw_address.
# These variables must be defined at least in all.yml and overrided if needed (inventory host file or group_vars/*.yml).
# Eg. If you want to specify for each radosgw node which address the radosgw will bind to you can set it in your **inventory host file** by using 'radosgw_address' variable.
# Preference will go to radosgw_address if both radosgw_address and radosgw_interface are defined.
radosgw_interface : interface
2019-12-10 01:23:15 +08:00
radosgw_address : x.x.x.x
2017-10-19 00:03:30 +08:00
radosgw_address_block : subnet
2018-01-28 03:40:09 +08:00
radosgw_keystone_ssl : false # activate this when using keystone PKI keys
2018-11-09 08:56:57 +08:00
radosgw_num_instances : 1
2017-07-29 04:35:23 +08:00
# Rados Gateway options
email_address : foo@bar.com
## Testing mode
# enable this mode _only_ when you have a single node
# if you don't want it keep the option commented
#common_single_host_mode: true
## Handlers - restarting daemons after a config change
# if for whatever reasons the content of your ceph configuration changes
# ceph daemons will be restarted as well. At the moment, we can not detect
# which config option changed so all the daemons will be restarted. Although
# this restart will be serialized for each node, in between a health check
# will be performed so we make sure we don't move to the next node until
# ceph is not healthy
# Obviously between the checks (for monitors to be in quorum and for osd's pgs
# to be clean) we have to wait. These retries and delays can be configurable
# for both monitors and osds.
2017-08-31 17:22:33 +08:00
#
# Monitor handler checks
2019-06-20 01:13:37 +08:00
handler_health_mon_check_retries : 10
handler_health_mon_check_delay : 20
2017-08-31 17:22:33 +08:00
#
# OSD handler checks
2017-07-29 04:35:23 +08:00
handler_health_osd_check_retries : 40
handler_health_osd_check_delay : 30
handler_health_osd_check : true
2017-08-31 17:22:33 +08:00
#
# MDS handler checks
handler_health_mds_check_retries : 5
handler_health_mds_check_delay : 10
#
# RGW handler checks
handler_health_rgw_check_retries : 5
handler_health_rgw_check_delay : 10
2017-07-29 04:35:23 +08:00
2017-09-27 05:16:43 +08:00
# NFS handler checks
handler_health_nfs_check_retries : 5
handler_health_nfs_check_delay : 10
2017-09-27 08:08:40 +08:00
# RBD MIRROR handler checks
handler_health_rbd_mirror_check_retries : 5
handler_health_rbd_mirror_check_delay : 10
# MGR handler checks
handler_health_mgr_check_retries : 5
handler_health_mgr_check_delay : 10
2020-01-30 18:33:38 +08:00
## health mon/osds check retries/delay:
health_mon_check_retries : 20
health_mon_check_delay : 10
health_osd_check_retries : 20
health_osd_check_delay : 10
2022-08-01 22:28:23 +08:00
##############
# RBD-MIRROR #
##############
ceph_rbd_mirror_pool : "rbd"
2020-01-30 18:33:38 +08:00
2017-08-21 20:38:21 +08:00
###############
# NFS-GANESHA #
###############
2020-07-09 21:03:48 +08:00
#
# Access type options
#
# Enable NFS File access
# If set to true, then ganesha is set up to export the root of the
# Ceph filesystem, and ganesha's attribute and directory caching is disabled
# as much as possible since libcephfs clients also caches the same
# information.
2017-07-29 04:35:23 +08:00
#
# Set this to true to enable File access via NFS. Requires an MDS role.
2017-08-21 20:38:21 +08:00
nfs_file_gw : false
2017-07-29 04:35:23 +08:00
# Set this to true to enable Object access via NFS. Requires an RGW role.
2019-05-20 21:58:10 +08:00
nfs_obj_gw : "{{ False if groups.get(mon_group_name, []) | length == 0 else True }}"
2017-07-29 04:35:23 +08:00
2018-10-30 22:01:46 +08:00
#############
# MULTISITE #
#############
2019-10-05 03:31:25 +08:00
# Changing this value allows multisite code to run
2018-10-30 22:01:46 +08:00
rgw_multisite : false
2019-10-05 03:31:25 +08:00
# If the desired multisite configuration involves only one realm, one zone group and one zone (per cluster), then the multisite variables can be set here.
# Please see README-MULTISITE.md for more information.
2019-02-01 04:43:21 +08:00
#
2019-10-05 03:31:25 +08:00
# If multiple realms or multiple zonegroups or multiple zones need to be created on a cluster then,
# the multisite config variables should be editted in their respective zone .yaml file and realm .yaml file.
2021-04-15 22:20:39 +08:00
# See README-MULTISITE.md for more information.
2019-10-05 03:31:25 +08:00
# The following Multi-site related variables should be set by the user.
2019-02-01 04:43:21 +08:00
#
2018-10-30 22:01:46 +08:00
# rgw_zone is set to "default" to enable compression for clusters configured without rgw multi-site
2019-10-05 03:31:25 +08:00
# If multisite is configured, rgw_zone should not be set to "default".
#
2018-10-30 22:01:46 +08:00
rgw_zone : default
2019-10-05 03:31:25 +08:00
#rgw_zonemaster: true
#rgw_zonesecondary: false
2018-10-30 22:01:46 +08:00
#rgw_zonegroup: solarsystem # should be set by the user
2019-10-05 03:31:25 +08:00
#rgw_zonegroupmaster: true
2018-10-30 22:01:46 +08:00
#rgw_zone_user: zone.user
2019-10-05 03:31:25 +08:00
#rgw_zone_user_display_name: "Zone User"
2018-10-30 22:01:46 +08:00
#rgw_realm: milkyway # should be set by the user
2019-10-05 03:31:25 +08:00
#rgw_multisite_proto: "http"
2018-10-30 22:01:46 +08:00
#system_access_key: 6kWkikvapSnHyE22P7nO # should be re-created by the user
#system_secret_key: MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt # should be re-created by the user
# Multi-site remote pull URL variables
2019-10-05 03:31:25 +08:00
#rgw_pull_port: "{{ radosgw_frontend_port }}"
#rgw_pull_proto: "http" # should be the same as rgw_multisite_proto for the master zone cluster
#rgw_pullhost: localhost # rgw_pullhost only needs to be declared if there is a zone secondary.
2018-10-30 22:01:46 +08:00
2017-07-29 04:35:23 +08:00
###################
# CONFIG OVERRIDE #
###################
# Ceph configuration file override.
# This allows you to specify more configuration options
# using an INI style format.
2018-02-26 16:49:57 +08:00
#
# When configuring RGWs, make sure you use the form [client.rgw.*]
# instead of [client.radosgw.*].
# For more examples check the profiles directory of https://github.com/ceph/ceph-ansible.
#
2020-01-28 23:27:34 +08:00
# The following sections are supported: [global], [mon], [osd], [mds], [client]
2017-07-29 04:35:23 +08:00
#
# Example:
# ceph_conf_overrides:
# global:
# foo: 1234
# bar: 5678
2021-03-03 22:43:50 +08:00
# "client.rgw.{{ hostvars[groups.get(rgw_group_name)[0]]['ansible_facts']['hostname'] }}":
2018-02-26 16:49:57 +08:00
# rgw_zone: zone1
2017-07-29 04:35:23 +08:00
#
ceph_conf_overrides : {}
#############
# OS TUNING #
#############
2023-01-21 02:14:35 +08:00
disable_transparent_hugepage : "{{ false if osd_objectstore == 'bluestore' }}"
2017-07-29 04:35:23 +08:00
os_tuning_params :
- { name: fs.file-max, value : 26234859 }
- { name: vm.zone_reclaim_mode, value : 0 }
- { name: vm.swappiness, value : 10 }
- { name: vm.min_free_kbytes, value : "{{ vm_min_free_kbytes }}" }
2017-10-23 21:57:24 +08:00
# For Debian & Red Hat/CentOS installs set TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES
# Set this to a byte value (e.g. 134217728)
# A value of 0 will leave the package default.
2021-06-30 01:24:29 +08:00
ceph_tcmalloc_max_total_thread_cache : 134217728
2017-10-23 21:57:24 +08:00
2017-07-29 04:35:23 +08:00
##########
# DOCKER #
##########
2023-06-02 16:09:30 +08:00
ceph_docker_image : "ceph/daemon-base"
2022-05-25 02:40:00 +08:00
ceph_docker_image_tag : latest-main
2021-08-28 00:01:27 +08:00
ceph_docker_registry : quay.io
2019-09-11 03:33:44 +08:00
ceph_docker_registry_auth : false
2019-10-24 23:07:20 +08:00
#ceph_docker_registry_username:
#ceph_docker_registry_password:
2020-09-15 08:13:13 +08:00
#ceph_docker_http_proxy:
#ceph_docker_https_proxy:
ceph_docker_no_proxy : "localhost,127.0.0.1"
2018-10-05 21:36:36 +08:00
## Client only docker image - defaults to {{ ceph_docker_image }}
ceph_client_docker_image : "{{ ceph_docker_image }}"
ceph_client_docker_image_tag : "{{ ceph_docker_image_tag }}"
ceph_client_docker_registry : "{{ ceph_docker_registry }}"
2018-05-08 22:26:07 +08:00
containerized_deployment : False
2018-11-21 05:29:53 +08:00
container_binary :
2019-02-01 22:08:53 +08:00
timeout_command : "{{ 'timeout --foreground -s KILL ' ~ docker_pull_timeout if (docker_pull_timeout != '0') and (ceph_docker_dev_image is undefined or not ceph_docker_dev_image) else '' }}"
2017-07-29 04:35:23 +08:00
# this is only here for usage with the rolling_update.yml playbook
# do not ever change this here
rolling_update : false
2017-10-19 00:03:30 +08:00
2017-10-18 03:09:03 +08:00
#####################
# Docker pull retry #
#####################
docker_pull_retry : 3
docker_pull_timeout : "300s"
2018-05-22 22:41:40 +08:00
#############
# OPENSTACK #
#############
openstack_config : false
2020-02-28 23:03:15 +08:00
# When pg_autoscale_mode is set to True, you must add the target_size_ratio key with a correct value
# `pg_num` and `pgp_num` keys will be ignored, even if specified.
# eg:
# openstack_glance_pool:
# name: "images"
2020-09-30 22:32:56 +08:00
# rule_name: "my_replicated_rule"
2020-02-28 23:03:15 +08:00
# application: "rbd"
# pg_autoscale_mode: False
2020-09-30 22:32:56 +08:00
# pg_num: 16
# pgp_num: 16
2020-02-28 23:03:15 +08:00
# target_size_ratio: 0.2
2018-05-22 22:41:40 +08:00
openstack_glance_pool :
name : "images"
2018-06-29 17:46:56 +08:00
application : "rbd"
2018-05-22 22:41:40 +08:00
openstack_cinder_pool :
name : "volumes"
2018-06-29 17:46:56 +08:00
application : "rbd"
2018-05-22 22:41:40 +08:00
openstack_nova_pool :
name : "vms"
2018-06-29 17:46:56 +08:00
application : "rbd"
2018-05-22 22:41:40 +08:00
openstack_cinder_backup_pool :
name : "backups"
2018-06-29 17:46:56 +08:00
application : "rbd"
2018-05-22 22:41:40 +08:00
openstack_gnocchi_pool :
name : "metrics"
2018-06-29 17:46:56 +08:00
application : "rbd"
2018-10-01 23:11:13 +08:00
openstack_cephfs_data_pool :
name : "manila_data"
2020-01-17 01:41:06 +08:00
application : "cephfs"
2018-10-01 23:11:13 +08:00
openstack_cephfs_metadata_pool :
name : "manila_metadata"
2020-01-17 01:41:06 +08:00
application : "cephfs"
2018-05-22 22:41:40 +08:00
openstack_pools :
- "{{ openstack_glance_pool }}"
- "{{ openstack_cinder_pool }}"
- "{{ openstack_nova_pool }}"
- "{{ openstack_cinder_backup_pool }}"
- "{{ openstack_gnocchi_pool }}"
2018-10-01 23:11:13 +08:00
- "{{ openstack_cephfs_data_pool }}"
- "{{ openstack_cephfs_metadata_pool }}"
2018-05-22 22:41:40 +08:00
# The value for 'key' can be a pre-generated key,
# e.g key: "AQDC2UxZH4yeLhAAgTaZb+4wDUlYOsr1OfZSpQ=="
# By default, keys will be auto-generated.
#
openstack_keys :
2020-03-08 07:11:45 +08:00
- { name: client.glance, caps : { mon : "profile rbd" , osd : "profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_glance_pool.name }}" }, mode : "0600" }
2019-08-27 03:04:41 +08:00
- { name: client.cinder, caps : { mon : "profile rbd" , osd : "profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_glance_pool.name }}" }, mode : "0600" }
- { name: client.cinder-backup, caps : { mon : "profile rbd" , osd : "profile rbd pool={{ openstack_cinder_backup_pool.name }}" }, mode : "0600" }
- { name: client.gnocchi, caps : { mon : "profile rbd" , osd : "profile rbd pool={{ openstack_gnocchi_pool.name }}" }, mode : "0600" , }
- { name: client.openstack, caps : { mon : "profile rbd" , osd : "profile rbd pool={{ openstack_glance_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_cinder_backup_pool.name }}" }, mode : "0600" }
2018-08-09 17:23:07 +08:00
2018-12-06 02:59:47 +08:00
#############
# DASHBOARD #
#############
2019-07-25 20:29:11 +08:00
dashboard_enabled : True
2018-12-06 02:59:47 +08:00
# Choose http or https
# For https, you should set dashboard.crt/key and grafana.crt/key
2019-12-10 02:20:16 +08:00
# If you define the dashboard_crt and dashboard_key variables, but leave them as '',
# then we will autogenerate a cert and keyfile
2020-11-03 20:49:59 +08:00
dashboard_protocol : https
2019-07-10 04:32:38 +08:00
dashboard_port : 8443
2021-07-05 23:49:26 +08:00
# set this variable to the network you want the dashboard to listen on. (Default to public_network)
dashboard_network : "{{ public_network }}"
2019-05-16 21:58:20 +08:00
dashboard_admin_user : admin
2020-03-18 22:53:40 +08:00
dashboard_admin_user_ro : false
2020-01-28 20:55:54 +08:00
# This variable must be set with a strong custom password when dashboard_enabled is True
#dashboard_admin_password: p@ssw0rd
2019-05-16 21:58:20 +08:00
# We only need this for SSL (https) connections
dashboard_crt : ''
dashboard_key : ''
2021-07-06 20:18:51 +08:00
dashboard_certificate_cn : ceph-dashboard
2020-07-31 00:04:18 +08:00
dashboard_tls_external : false
2020-11-03 23:32:17 +08:00
dashboard_grafana_api_no_ssl_verify : "{{ true if dashboard_protocol == 'https' and not grafana_crt and not grafana_key else false }}"
2019-05-16 21:58:20 +08:00
dashboard_rgw_api_user_id : ceph-dashboard
dashboard_rgw_api_admin_resource : ''
dashboard_rgw_api_no_ssl_verify : False
2020-02-12 20:58:59 +08:00
dashboard_frontend_vip : ''
2021-09-21 17:14:43 +08:00
dashboard_disabled_features : [ ]
2021-04-09 23:16:03 +08:00
prometheus_frontend_vip : ''
alertmanager_frontend_vip : ''
2020-03-17 08:45:03 +08:00
node_exporter_container_image : "docker.io/prom/node-exporter:v0.17.0"
2019-07-11 05:15:45 +08:00
node_exporter_port : 9100
2019-05-16 21:58:20 +08:00
grafana_admin_user : admin
2020-01-28 20:55:54 +08:00
# This variable must be set with a strong custom password when dashboard_enabled is True
#grafana_admin_password: admin
2019-05-16 21:58:20 +08:00
# We only need this for SSL (https) connections
grafana_crt : ''
grafana_key : ''
2020-03-17 10:40:20 +08:00
# When using https, please fill with a hostname for which grafana_crt is valid.
grafana_server_fqdn : ''
2021-01-20 03:24:22 +08:00
grafana_container_image : "docker.io/grafana/grafana:6.7.4"
2019-05-16 21:58:20 +08:00
grafana_container_cpu_period : 100000
grafana_container_cpu_cores : 2
# container_memory is in GB
grafana_container_memory : 4
grafana_uid : 472
grafana_datasource : Dashboard
grafana_dashboards_path : "/etc/grafana/dashboards/ceph-dashboard"
2022-05-25 02:40:00 +08:00
grafana_dashboard_version : main
2019-09-26 20:47:01 +08:00
grafana_dashboard_files :
- ceph-cluster.json
- cephfs-overview.json
- host-details.json
- hosts-overview.json
- osd-device-details.json
- osds-overview.json
- pool-detail.json
- pool-overview.json
- radosgw-detail.json
- radosgw-overview.json
2021-07-27 22:30:30 +08:00
- radosgw-sync-overview.json
- rbd-details.json
2019-09-26 20:47:01 +08:00
- rbd-overview.json
2019-05-16 21:58:20 +08:00
grafana_plugins :
- vonage-status-panel
- grafana-piechart-panel
2019-06-12 14:01:06 +08:00
grafana_allow_embedding : True
2019-07-11 05:15:45 +08:00
grafana_port : 3000
2021-11-24 00:28:02 +08:00
grafana_network : "{{ public_network }}"
2020-12-12 02:07:04 +08:00
grafana_conf_overrides : {}
2020-03-17 08:45:03 +08:00
prometheus_container_image : "docker.io/prom/prometheus:v2.7.2"
2019-05-16 21:58:20 +08:00
prometheus_container_cpu_period : 100000
prometheus_container_cpu_cores : 2
# container_memory is in GB
prometheus_container_memory : 4
prometheus_data_dir : /var/lib/prometheus
prometheus_conf_dir : /etc/prometheus
prometheus_user_id : '65534' # This is the UID used by the prom/prometheus container image
2019-09-27 21:45:58 +08:00
prometheus_port : 9092
2020-12-12 02:07:04 +08:00
prometheus_conf_overrides : {}
2021-03-30 15:49:10 +08:00
# Uncomment out this variable if you need to customize the retention period for prometheus storage.
# set it to '30d' if you want to retain 30 days of data.
#prometheus_storage_tsdb_retention_time: 15d
2020-03-17 08:45:03 +08:00
alertmanager_container_image : "docker.io/prom/alertmanager:v0.16.2"
2019-05-16 21:58:20 +08:00
alertmanager_container_cpu_period : 100000
alertmanager_container_cpu_cores : 2
# container_memory is in GB
alertmanager_container_memory : 4
alertmanager_data_dir : /var/lib/alertmanager
alertmanager_conf_dir : /etc/alertmanager
2019-07-11 05:15:45 +08:00
alertmanager_port : 9093
2020-02-14 04:56:23 +08:00
alertmanager_cluster_port : 9094
2020-12-12 02:07:04 +08:00
alertmanager_conf_overrides : {}
2021-07-23 22:27:55 +08:00
alertmanager_dashboard_api_no_ssl_verify : "{{ true if dashboard_protocol == 'https' and not dashboard_crt and not dashboard_key else false }}"
2021-03-02 16:51:26 +08:00
# igw
2021-03-27 01:05:48 +08:00
#
# `igw_network` variable is intended for allowing dashboard deployment with iSCSI node not residing in the same subnet than what is defined in `public_network`.
# For example:
# If the ceph public network is 2a00:8a60:1:c301::/64 and the iSCSI Gateway resides
# at a dedicated gateway network (2a00:8a60:1:c300::/64) (With routing between those networks).
2022-05-13 02:49:04 +08:00
# It means "{{ hostvars[item]['ansible_facts']['all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | last | ansible.utils.ipwrap }}" will be empty.
2021-03-27 01:05:48 +08:00
# As a consequence, this prevent from deploying dashboard with iSCSI node when it reside in a subnet different than `public_network`.
# Using `igw_network` make it possible, set it with the subnet used by your iSCSI node.
2021-03-02 16:51:26 +08:00
igw_network : "{{ public_network }}"
2018-12-06 02:59:47 +08:00
2019-07-02 21:30:12 +08:00
##################################
# DEPRECIATED iSCSI TARGET SETUP #
##################################
# WARNING #
# The following values are depreciated. To setup targets, gateways, LUNs, and
# clients you should use gwcli or dashboard. If the following values are set,
# the old ceph-iscsi-config/ceph-iscsi-cli packages will be used.
# Specify the iqn for ALL gateways. This iqn is shared across the gateways, so an iscsi
# client sees the gateway group as a single storage subsystem.
gateway_iqn : ""
# gateway_ip_list provides a list of the IP Addrresses - one per gateway - that will be used
# as an iscsi target portal ip. The list must be comma separated - and the order determines
# the sequence of TPG's within the iscsi target across each gateway. Once set, additional
# gateways can be added, but the order must *not* be changed.
gateway_ip_list : 0.0 .0 .0
# rbd_devices defines the images that should be created and exported from the iscsi gateways.
# If the rbd does not exist, it will be created for you. In addition you may increase the
# size of rbd's by changing the size parameter and rerunning the playbook. A size value lower
# than the current size of the rbd is ignored.
#
# the 'host' parameter defines which of the gateway nodes should handle the physical
# allocation/expansion or removal of the rbd
# to remove an image, simply use a state of 'absent'. This will first check the rbd is not allocated
# to any client, and the remove it from LIO and then delete the rbd image
#
# NB. this variable definition can be commented out to bypass LUN management
#
# Example:
#
#rbd_devices:
# - { pool: 'rbd', image: 'ansible1', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible2', size: '15G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible3', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible4', size: '50G', host: 'ceph-1', state: 'present' }
rbd_devices : {}
# client_connections defines the client ACL's to restrict client access to specific LUNs
# The settings are as follows;
# - image_list is a comma separated list of rbd images of the form <pool name>.<rbd_image_name>
# - chap supplies the user and password the client will use for authentication of the
# form <user>/<password>
# - status shows the intended state of this client definition - 'present' or 'absent'
#
# NB. this definition can be commented out to skip client (nodeACL) management
#
# Example:
#
#client_connections:
# - { client: 'iqn.1994-05.com.redhat:rh7-iscsi-client', image_list: 'rbd.ansible1,rbd.ansible2', chap: 'rh7-iscsi-client/redhat', status: 'present' }
# - { client: 'iqn.1991-05.com.microsoft:w2k12r2', image_list: 'rbd.ansible4', chap: 'w2k12r2/microsoft_w2k12', status: 'absent' }
client_connections : {}
2021-08-09 20:57:33 +08:00
no_log_on_ceph_key_tasks : True
2019-07-02 21:30:12 +08:00
2018-08-09 17:23:07 +08:00
###############
# DEPRECATION #
###############
2019-12-10 01:31:52 +08:00
######################################################
2019-12-10 22:24:39 +08:00
# VARIABLES BELOW SHOULD NOT BE MODIFIED BY THE USER #
2019-12-10 01:31:52 +08:00
# *DO NOT* MODIFY THEM #
######################################################
container_exec_cmd :
2019-10-05 03:31:25 +08:00
docker : false
2021-03-03 22:43:50 +08:00
ceph_volume_debug : "{{ enable_ceph_volume_debug | ternary(1, 0) }}"