-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathceph_mon.yaml
201 lines (177 loc) · 5.76 KB
/
ceph_mon.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
heat_template_version: 2014-10-16
description: Deploy a ceph node instance
parameters:
key_name:
type: string
description: Name of key-pair to be used for the default user
flavor:
type: string
description: Choose an instance flavor
image_id:
type: string
label: Server image
private_network:
type: string
label: Network ID
description: name of the private network to use
name:
type: string
description: Name of each ceph machine booted
public_network:
type: string
description: name of the public network to use
public_key:
type: string
description: Name of plublic key to be used for the local ceph user
private_key:
type: string
description: Name of private key to be used for the local ceph user
resources:
wait_condition:
type: OS::Heat::WaitCondition
properties:
handle: { get_resource: wait_handle }
count: 1
timeout: 600
wait_handle:
type: OS::Heat::WaitConditionHandle
mon_server:
type: OS::Nova::Server
properties:
key_name: { get_param: key_name }
name: { get_param: name }
image: { get_param: image_id }
networks:
- port: { get_resource: mon_port }
flavor: { get_param: flavor }
user_data_format: RAW
user_data:
get_resource: server_init
server_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: shell_script_init}
- config: {get_resource: cloud_init}
cloud_init:
type: OS::Heat::CloudConfig
properties:
cloud_config:
timezone: Europe/Paris
ssh_pwauth: True
power_state:
mode: reboot
message: Rebooting... Please wait...
timeout: 5
shell_script_init:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
params:
__private_key__: { get_param: private_key }
__public_key__: { get_param: public_key }
wc_notify: { get_attr: ['wait_handle', 'curl_cli'] }
template: |
#!/bin/bash
USERNAME=cephuser
# Create local cephuser user
useradd -m $USERNAME
mkdir -p /home/$USERNAME/.ssh
echo "__public_key__" > /home/$USERNAME/.ssh/authorized_keys
echo "__private_key__" > /home/$USERNAME/.ssh/id_rsa
# Put ssh config
cat > /home/$USERNAME/.ssh/config <<EOF
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOF
# Fix perms
chmod 600 /home/$USERNAME/.ssh/id_rsa
chown -R $USERNAME. /home/$USERNAME/.ssh
chown -R $USERNAME. /home/$USERNAME
cat > /etc/sudoers.d/$USERNAME.conf << EOF
Defaults:$USERNAME !requiretty
$USERNAME ALL = (root) NOPASSWD:ALL
EOF
chmod 0440 /etc/sudoers.d/$USERNAME.conf
cat > /etc/yum.repos.d/ceph.repo << EOF
[Ceph]
name=Ceph packages for \$basearch
baseurl=http://download.ceph.com/rpm-jewel/el7/\$basearch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
[Ceph-noarch]
name=Ceph noarch packages
baseurl=http://download.ceph.com/rpm-jewel/el7/noarch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
[ceph-source]
name=Ceph source packages
baseurl=http://download.ceph.com/rpm-jewel/el7/SRPMS
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
EOF
cat > /etc/sudoers.d/$USERNAME << EOF
$USERNAME ALL=(ALL) NOPASSWD: ALL
EOF
chmod 440 /etc/sudoers.d/$USERNAME
firewall-cmd --zone=public --add-port=6800-7300/tcp --permanent
firewall-cmd --reload
cat /etc/sysctl.d/10-ceph.conf << EOF
kernel.pid_max = 4194303
vm.zone_reclaim_mode = 0
vm.swappiness = 10
# vm.min_free_kbytes = 513690 # assuming 64GB of RAM total
vm.min_free_kbytes = 1024
vm.dirty_ratio = 40
vm.vfs_cache_pressure = 100
net.netfilter.nf_conntrack_max = 10000000
net.nf_conntrack_max = 10000000
EOF
sysctl -p
# Notify Heat we're done
wc_notify --data-binary '{"status": "SUCCESS"}'
ceph_security_group:
type: OS::Neutron::SecurityGroup
properties:
name: ceph_mon_security_group
rules:
- protocol: icmp
- protocol: tcp
port_range_min: 22
port_range_max: 22
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
port_range_min: 1024
port_range_max: 64511
mon_port:
type: OS::Neutron::Port
properties:
network: { get_param: private_network }
security_groups:
- default
- { get_resource: ceph_security_group }
floating_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network: { get_param: public_network }
floating_ip_assoc:
type: OS::Neutron::FloatingIPAssociation
properties:
floatingip_id: { get_resource: floating_ip }
port_id: { get_resource: mon_port }
outputs:
node_param:
description: The IP address of this ceph instance.
value: { list_join: ['@', [ get_attr: [mon_server, first_address], get_attr: [mon_server, name] ] ] }