airship
/
treasuremap
Code Issues Proposed changes
treasuremap/global/software/charts/osh/openstack-cinder/cinder.yaml

591 lines
25 KiB
YAML
Raw Blame History

---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: cinder
labels:
name: cinder-global
component: cinder
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Chart source
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.cinder
dest:
path: .source
# Images
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.osh.cinder
dest:
path: .values.images.tags
# Endpoints
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.identity
dest:
path: .values.endpoints.identity
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image
dest:
path: .values.endpoints.image
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.image_registry
dest:
path: .values.endpoints.image_registry
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volume
dest:
path: .values.endpoints.volume
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volumev2
dest:
path: .values.endpoints.volumev2
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volumev3
dest:
path: .values.endpoints.volumev3
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_db
dest:
path: .values.endpoints.oslo_db
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_messaging
dest:
path: .values.endpoints.oslo_messaging
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.oslo_cache
dest:
path: .values.endpoints.oslo_cache
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.keystone.admin
dest:
path: .values.endpoints.identity.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.cinder
dest:
path: .values.endpoints.identity.auth.cinder
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.test
dest:
path: .values.endpoints.identity.auth.test
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.oslo_messaging.admin
dest:
path: .values.endpoints.oslo_messaging.auth.admin
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_messaging.cinder
dest:
path: .values.endpoints.oslo_messaging.auth.cinder
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_db
dest:
path: .values.endpoints.oslo_db.auth.cinder
- src:
schema: pegleg/AccountCatalogue/v1
name: osh_service_accounts
path: .osh.cinder.oslo_db.database
dest:
path: .values.endpoints.oslo_db.path
pattern: DB_NAME
- src:
schema: pegleg/EndpointCatalogue/v1
name: osh_endpoints
path: .osh.volume.name
dest:
path: .values.endpoints.oslo_messaging.path
pattern: VHOST_NAME
# Secrets
- dest:
path: .values.endpoints.identity.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_keystone_admin_password
path: .
- dest:
path: .values.endpoints.identity.auth.cinder.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_password
path: .
- dest:
path: .values.endpoints.identity.auth.test.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_test_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_messaging_admin_password
path: .
- dest:
path: .values.endpoints.oslo_messaging.auth.cinder.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_oslo_messaging_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.cinder.password
src:
schema: deckhand/Passphrase/v1
name: osh_cinder_oslo_db_password
path: .
- dest:
path: .values.endpoints.oslo_db.auth.admin.password
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_db_admin_password
path: .
- dest:
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
src:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
data:
chart_name: cinder
release: cinder
namespace: openstack
wait:
timeout: 900
labels:
release_group: clcp-cinder
resources:
- type: job
- type: deployment
min_ready: 100%
native:
enabled: false
test:
timeout: 600
install:
no_hooks: false
upgrade:
no_hooks: false
pre:
delete:
- type: job
labels:
release_group: clcp-cinder
post:
create: []
values:
dependencies:
static:
bootstrap:
pod:
- requireSameNode: false
labels:
application: cinder
component: volume
rabbit_init:
services:
- endpoint: internal
service: oslo_messaging
jobs:
- clcp-openstack-rabbitmq-cluster-wait
pod:
mandatory_access_control:
type: apparmor
cinder-api:
cinder-api: runtime/default
ceph-coordination-volume-perms: runtime/default
init: runtime/default
cinder-backup:
cinder-backup: runtime/default
ceph-coordination-volume-perms: runtime/default
init: runtime/default
cinder-scheduler:
cinder-scheduler: runtime/default
ceph-coordination-volume-perms: runtime/default
init: runtime/default
cinder-volume:
cinder-volume: runtime/default
ceph-coordination-volume-perms: runtime/default
init-cinder-conf: runtime/default
init: runtime/default
cinder-backup-storage-init:
cinder-backup-storage-init: runtime/default
init: runtime/default
cinder-test:
init: runtime/default
cinder-test: runtime/default
cinder-test-ks-user: runtime/default
cinder-create-internal-tenant:
init: runtime/default
create-internal-tenant: runtime/default
cinder-volume-usage-audit:
cinder-volume-usage-audit: runtime/default
init: runtime/default
replicas:
api: 3
volume: 3
scheduler: 3
backup: 3
affinity:
anti:
type:
api: requiredDuringSchedulingIgnoredDuringExecution
backup: requiredDuringSchedulingIgnoredDuringExecution
scheduler: requiredDuringSchedulingIgnoredDuringExecution
volume: requiredDuringSchedulingIgnoredDuringExecution
lifecycle:
upgrades:
deployments:
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 50%
security_context:
cinder_volume:
container:
cinder_volume:
allowPrivilegeEscalation: true
privileged: true
readOnlyRootFilesystem: false
cinder_backup:
container:
cinder_backup:
privileged: true
cinder_api:
container:
cinder_api:
runAsUser: 0
readOnlyRootFilesystem: false
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
backup:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
volume:
node_selector_key: openstack-control-plane
node_selector_value: enabled
ceph_client:
configmap: tenant-ceph-etc
user_secret_name: pvc-tceph-client-key
conf:
ceph:
pools:
backup:
crush_rule: rack_replicated_rule
cinder.volumes:
crush_rule: rack_replicated_rule
rabbitmq:
policies:
- vhost: "cinder"
name: "ha_ttl_cinder"
definition:
ha-mode: "all"
ha-sync-mode: "automatic"
message-ttl: 70000
priority: 0
apply-to: all
pattern: '^(?!(amq\.|reply_)).*'
cinder:
DEFAULT:
backup_driver: "cinder.backup.drivers.swift.SwiftBackupDriver"
oslo_middleware:
enable_proxy_headers_parsing: true
max_request_body_size: 114688
audit_middleware_notifications:
driver: log
logging:
loggers:
keys:
- root
- cinder
- oslo.messaging
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: "null"
logger_cinder:
level: INFO
handlers:
- stdout
qualname: cinder
logger_oslo.messaging:
level: INFO
handlers:
- stdout
qualname: oslo.messaging
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
policy:
context_is_admin: role:admin or role:admin_support or role:admin_viewer
admin_create: role:admin or role:admin_support
admin_read: role:admin or role:admin_support or role:admin_viewer
admin_update: role:admin
admin_delete: role:admin
tenant_create: role:snapshot_member or role:_member_ or role:sriov_member or role:support_member or rule:admin_create
tenant_snapshot_create: role:snapshot_member or rule:admin_update
tenant_read: role:snapshot_member or role:_member_ or role:sriov_member or role:support_member or role:viewer or rule:admin_read
tenant_update: role:snapshot_member or role:_member_ or role:sriov_member or rule:admin_update
tenant_delete: role:snapshot_member or role:_member_ or role:sriov_member or rule:admin_delete
default: role:admin
not_supported_in_nc: "!"
volume:attachment_delete: rule:tenant_update or role:tenant_cinder_update
volume:attachment_create: rule:tenant_create or role:tenant_cinder_create
volume:attachment_complete: rule:tenant_create or role:tenant_cinder_create
volume:attachment_update: rule:tenant_update or role:tenant_cinder_update
volume:multiattach: rule:tenant_create or role:tenant_cinder_create
volume:multiattach_bootable_volume: rule:tenant_create or role:tenant_cinder_create
volume:create: rule:tenant_create or role:tenant_cinder_create
volume:create_from_image: rule:tenant_create or role:tenant_cinder_create
volume:delete: rule:tenant_delete or role:tenant_cinder_delete
volume:force_delete: rule:admin_delete or role:admin_cinder_delete
volume:update: rule:tenant_update or role:tenant_cinder_update
volume:get: rule:tenant_read or role:tenant_cinder_read
volume:get_all: rule:tenant_read or role:tenant_cinder_read
volume:get_volume_metadata: rule:tenant_read or role:tenant_cinder_read
volume:create_volume_metadata: rule:tenant_create or role:tenant_cinder_create
volume:delete_volume_metadata: rule:tenant_delete or role:tenant_cinder_delete
volume:update_volume_metadata: rule:tenant_update or role:tenant_cinder_update
volume:update_volume_admin_metadata: rule:admin_update or role:admin_cinder_update
volume:get_snapshot: rule:tenant_read or role:tenant_cinder_read
volume:get_all_snapshots: rule:tenant_read or role:tenant_cinder_read
volume:create_snapshot: rule:tenant_create or role:tenant_cinder_create
volume:delete_snapshot: rule:tenant_delete or role:tenant_cinder_delete
volume:update_snapshot: rule:tenant_update or role:tenant_cinder_update
volume:get_snapshot_metadata: rule:tenant_read or role:tenant_cinder_read
volume:delete_snapshot_metadata: rule:tenant_delete or role:tenant_cinder_delete
volume:update_snapshot_metadata: rule:tenant_update or role:tenant_cinder_update
volume:extend: rule:tenant_update or role:tenant_cinder_update
volume:extend_attached_volume: rule:tenant_update or role:tenant_cinder_update
volume:revert_to_snapshot: rule:tenant_update or role:tenant_cinder_update
volume:update_readonly_flag: rule:tenant_update or role:tenant_cinder_update
volume:retype: rule:tenant_update or role:tenant_cinder_update
volume_extension:types_manage: rule:admin_update or role:admin_cinder_update
volume_extension:type_get: rule:tenant_read or role:tenant_cinder_read
volume_extension:type_get_all: rule:tenant_read or role:tenant_cinder_read
volume_extension:types_extra_specs:create: rule:admin_create or role:admin_cinder_create
volume_extension:types_extra_specs:delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:types_extra_specs:index: rule:admin_read or role:admin_cinder_read
volume_extension:types_extra_specs:show: rule:admin_read or role:admin_cinder_read
volume_extension:types_extra_specs:update: rule:admin_update or role:admin_cinder_update
volume_extension:access_types_qos_specs_id: rule:admin_update or role:admin_cinder_update
volume_extension:access_types_extra_specs: rule:admin_update or role:admin_cinder_update
volume_extension:volume_type_access: rule:admin_update or role:admin_cinder_update
volume_extension:volume_type_access:addProjectAccess: rule:admin_create or role:admin_cinder_create
volume_extension:volume_type_access:removeProjectAccess: rule:admin_delete or role:admin_cinder_delete
volume_extension:volume_type_encryption:create: rule:admin_create or role:admin_cinder_create
volume_extension:volume_type_encryption:update: rule:admin_update or role:admin_cinder_update
volume_extension:volume_type_encryption:delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:volume_type_encryption:get: rule:admin_read or role:admin_cinder_read
volume_extension:volume_encryption_metadata: rule:tenant_update or role:tenant_cinder_update
volume_extension:extended_snapshot_attributes: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_image_metadata: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_actions:upload_image: rule:tenant_snapshot_create or role:admin_cinder_update
volume_extension:volume_actions:attach: rule:tenant_create or role:tenant_cinder_create
volume_extension:volume_actions:detach: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_actions:reserve: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_actions:unreserve: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_actions:begin_detaching: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_actions:initialize_connection: rule:tenant_create or role:tenant_cinder_create
volume_extension:volume_actions:terminate_connection: rule:tenant_update or role:tenant_cinder_update
volume_extension:volume_actions:roll_detaching: rule:tenant_update or role:tenant_cinder_update
volume_extension:qos_specs_manage:create: rule:admin_create or role:admin_cinder_create
volume_extension:qos_specs_manage:get: rule:admin_read or role:admin_cinder_read
volume_extension:qos_specs_manage:get_all: rule:admin_read or role:admin_cinder_read
volume_extension:qos_specs_manage:update: rule:admin_update or role:admin_cinder_update
volume_extension:qos_specs_manage:delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:quotas:show: rule:tenant_read or role:tenant_cinder_read
volume_extension:quotas:update: rule:admin_update or role:admin_cinder_update
volume_extension:quotas:delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:quota_classes: rule:admin_read or role:admin_cinder_read
volume_extension:quota_classes:validate_setup_for_nested_quota_use: rule:admin_read or role:admin_cinder_read
volume_extension:volume_admin_actions:reset_status: rule:admin_update or role:admin_cinder_update
volume_extension:snapshot_admin_actions:reset_status: rule:admin_update or role:admin_cinder_update
volume_extension:backup_admin_actions:reset_status: rule:admin_update or role:admin_cinder_update
volume_extension:volume_admin_actions:force_delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:volume_admin_actions:force_detach: rule:admin_update or role:admin_cinder_update
volume_extension:snapshot_admin_actions:force_delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:backup_admin_actions:force_delete: rule:admin_delete or role:admin_cinder_delete
volume_extension:volume_admin_actions:migrate_volume: rule:admin_update or role:admin_cinder_update
volume_extension:volume_admin_actions:migrate_volume_completion: rule:admin_update or role:admin_cinder_update
volume_extension:volume_actions:upload_public: rule:admin_update or role:admin_cinder_update
volume_extension:volume_host_attribute: rule:context_is_admin or role:admin_cinder_create or role:admin_cinder_update or role:admin_cinder_read or role:admin_cinder_delete
volume_extension:volume_tenant_attribute: rule:tenant_update or role:tenant_cinder_update or rule:context_is_admin or role:admin_cinder_create or role:admin_cinder_update or role:admin_cinder_read or role:admin_cinder_delete
volume_extension:volume_mig_status_attribute: rule:admin_update or role:admin_cinder_update
volume_extension:hosts: rule:context_is_admin or role:admin_cinder_create or role:admin_cinder_update or role:admin_cinder_read or role:admin_cinder_delete
volume_extension:services:index: rule:admin_read or role:admin_cinder_read
volume_extension:services:update: rule:admin_update or role:admin_cinder_update
volume_extension:volume_manage: rule:not_supported_in_nc
volume_extension:volume_unmanage: rule:not_supported_in_nc
volume_extension:list_manageable: rule:not_supported_in_nc
volume_extension:capabilities: rule:admin_read or role:admin_cinder_read
volume:create_transfer: rule:tenant_create or role:tenant_cinder_create
volume:accept_transfer: rule:tenant_update or role:tenant_cinder_update
volume:delete_transfer: rule:tenant_delete or role:tenant_cinder_delete
volume:get_transfer: rule:tenant_read or role:tenant_cinder_read
volume:get_all_transfers: rule:tenant_read or role:tenant_cinder_read
group:enable_replication: rule:admin_update or role:admin_cinder_update
group:disable_replication: rule:admin_update or role:admin_cinder_update
group:failover_replication: rule:admin_update or role:admin_cinder_update
group:list_replication_targets: rule:admin_update or role:admin_cinder_update
volume:failover_host: rule:admin_update or role:admin_cinder_update
volume:freeze_host: rule:admin_update or role:admin_cinder_update
volume:thaw_host: rule:admin_update or role:admin_cinder_update
backup:create: rule:tenant_create or role:tenant_cinder_create
backup:delete: rule:tenant_delete or role:tenant_cinder_delete
backup:get: rule:tenant_read or role:tenant_cinder_read
backup:get_all: rule:tenant_read or role:tenant_cinder_read
backup:restore: rule:tenant_update or role:tenant_cinder_update
backup:backup-import: rule:admin_update or role:admin_cinder_update
backup:export-import: rule:admin_create or role:admin_cinder_create or role:tenant_cinder_create
backup:update: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
backup:backup_project_attribute: rule:admin_update or role:admin_cinder_update
snapshot_extension:snapshot_actions:update_snapshot_status: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
snapshot_extension:snapshot_manage: rule:not_supported_in_nc
snapshot_extension:snapshot_unmanage: rule:not_supported_in_nc
snapshot_extension:list_manageable: rule:not_supported_in_nc
limits_extension:used_limits: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:group_types_manage: rule:admin_read or role:admin_cinder_read or role:admin_cinder_update
group:group_types_specs: rule:admin_create or role:admin_cinder_create
group:access_group_types_specs: rule:admin_read or role:admin_cinder_read
group:create: rule:tenant_create or role:tenant_cinder_create or role:admin_cinder_create
group:delete: rule:tenant_delete or role:tenant_cinder_delete or role:admin_cinder_delete
group:update: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
group:group_project_attribute: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:group_snapshot_project_attribute: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:get: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:get_all: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:create_group_snapshot: rule:tenant_create or role:tenant_cinder_create or role:admin_cinder_create
group:delete_group_snapshot: rule:tenant_delete or role:tenant_cinder_delete or role:admin_cinder_delete
group:update_group_snapshot: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
group:get_group_snapshot: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:get_all_group_snapshots: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
group:reset_group_snapshot_status: rule:admin_update or role:admin_cinder_update
group:reset_status: rule:admin_update or role:admin_cinder_update
scheduler_extension:scheduler_stats:get_pools: rule:admin_read or role:admin_cinder_read
message:delete: rule:tenant_delete or role:tenant_cinder_delete or role:admin_cinder_delete
message:get: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
message:get_all: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
clusters:get: rule:admin_read or role:admin_cinder_read
clusters:get_all: rule:admin_read or role:admin_cinder_read
clusters:update: rule:admin_update or role:admin_cinder_update
workers:cleanup: rule:admin_update or role:admin_cinder_update
dependencies:
- os-cinder-htk
...
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: os-cinder-htk
layeringDefinition:
abstract: false
layer: global
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .charts.osh.cinder-htk
dest:
path: .source
storagePolicy: cleartext
data:
chart_name: os-cinder-htk
release: os-cinder-htk
namespace: os-cinder-htk
timeout: 600
wait:
timeout: 600
upgrade:
no_hooks: true
values: {}
dependencies: []
...
View Git Blame Copy Permalink