Add ceph-mgr support

The latest release of Ceph requires the setup of ceph-mgr, so this
patch allows users to install it if necessary.

Depends-On: Ib979a44e9fb20469332ed16cb284383198a086d6
Change-Id: Iebc37202a467c28c731045054dd68a80c6c602ee

manifests/mgr.pp

@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2017 VEXXHOST, Inc.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# Author: Mohammed Naser <mnaser@vexxhost.com>
+#
+# == Define: ceph::mgr
+#
+# Installs and configures MGRs (ceph manager)
+#
+# === Parameters:
+#
+# [*title*] The manager ID.
+#   Mandatory. An alphanumeric string uniquely identifying the manager.
+#
+# [*enable*] Whether to enable ceph-mgr instance on boot.
+#   Optional. Default is true.
+#
+# [*ensure*] Configure the state of the service (running/stopped)
+#   Optional. Defaults to running.
+#
+# [*cluster*] The ceph cluster
+#   Optional. Same default as ceph.
+#
+# [*authentication_type*] Activate or deactivate authentication
+#   Optional. Default to cephx.
+#   Authentication is activated if the value is 'cephx' and deactivated
+#   if the value is 'none'. If the value is 'cephx', then key must be provided.
+#
+# [*key*] Authentication key for ceph-mgr
+#   Required if authentication_type is set to cephx
+#
+# [*inject_key*] Inject the key to the Ceph cluster
+#   Optional. Defaults to false
+#
+define ceph::mgr (
+  $enable              = true,
+  $ensure              = running,
+  $cluster             = 'ceph',
+  $authentication_type = 'cephx',
+  $key                 = undef,
+  $inject_key          = false,
+) {
+  file { '/var/lib/ceph/mgr':
+    ensure => directory,
+    owner  => 'ceph',
+    group  => 'ceph',
+  } -> file { "/var/lib/ceph/mgr/${cluster}-${name}":
+    ensure => directory,
+    owner  => 'ceph',
+    group  => 'ceph',
+  }
+
+  if $authentication_type == 'cephx' {
+    if ! $key {
+      fail('cephx requires a specified key for the manager daemon')
+    }
+
+    ceph::key { "mgr.${name}":
+      secret       => $key,
+      cluster      => $cluster,
+      keyring_path => "/var/lib/ceph/mgr/${cluster}-${name}/keyring",
+      cap_mon      => 'allow profile mgr',
+      cap_osd      => 'allow *',
+      cap_mds      => 'allow *',
+      user         => 'ceph',
+      group        => 'ceph',
+      inject       => $inject_key,
+      before       => Service["ceph-mgr@${name}"],
+      require      => File["/var/lib/ceph/mgr/${cluster}-${name}"],
+    }
+  }
+
+  # NOTE(mnaser): The ceph-mgr service was introduced in Jewel which ships with
+  #               Xenial and newer, so we don't need an upstart compatibility
+  #               layer in this case.
+  service { "ceph-mgr@${name}":
+    ensure => $ensure,
+    enable => $enable,
+  }
+}

manifests/profile/mgr.pp

@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2017, VEXXHOST, Inc.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# Author: Mohammed Naser <mnaser@vexxhost.com>
+#
+# == Class: ceph::profile::mgr
+#
+# Profile for a Ceph mgr
+#
+class ceph::profile::mgr {
+  require ::ceph::profile::base
+
+  ceph::mgr { $::hostname:
+    authentication_type => $ceph::profile::params::authentication_type,
+    key                 => $ceph::profile::params::mgr_key,
+    inject_key          => true,
+  }
+}

manifests/profile/params.pp

@@ -97,6 +97,9 @@
 # [*mon_key*] The mon secret key.
 #   Optional. Either mon_key or mon_keyring need to be set when using cephx.
 #
+# [*mgr_key*] The mgr secret key.
+#   Optional. Either mgr_key or mgr_keyring need to be set when using cephx.
+#
 # [*mon_keyring*] The location of the keyring retrieved by default
 #   Optional. Either mon_key or mon_keyring need to be set when using cephx
 #
@@ -209,6 +212,7 @@ class ceph::profile::params (
   $public_addr = undef,
   $mds_key = undef,
   $mon_key = undef,
+  $mgr_key = undef,
   $mon_keyring = undef,
   $client_keys = {},
   $osds = undef,

releasenotes/notes/add-ceph-mgr-support-d2a5e9104021f81a.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Introduced the ability to setup ceph-mgr instances which are requried in
+    the latest stable release of Ceph.  This can be done using the ceph::mgr
+    define or the ceph::profile::mgr profile.

spec/acceptance/ceph_mon_osd_spec.rb

@@ -42,6 +42,16 @@ describe 'ceph mon osd' do
           ceph_config {
            'global/osd_journal_size':             value => '100';
           }
+
+          # NOTE(mnaser): At the moment, the storage SIG packages do not ship 12.X
+          #               however UCA is shipping it at the moment.  This conditional
+          #               should be dropped once we switch CentOS to 12.X
+          if $::osfamily != 'RedHat' {
+            ceph::mgr { 'a':
+              authentication_type => 'none',
+            }
+          }
+
           ceph::mon { 'a':
             public_addr         => $::ipaddress,
             authentication_type => 'none',

spec/classes/ceph_profile_mgr_spec.rb

@@ -0,0 +1,39 @@
+#
+# Copyright (C) 2017 VEXXHOST, Inc.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#  Author: Mohammed Naser <mnaser@vexxhost.com>
+#
+require 'spec_helper'
+
+describe 'ceph::profile::mgr' do
+
+  shared_examples_for 'ceph profile mgr' do
+    it { is_expected.to contain_ceph__mgr('first').with(
+      :authentication_type => 'cephx',
+      :key                 => 'AQASGFDFUHBHDG9SDdsyffV1xgsn1pgr3GcKPg==',
+      :inject_key          => true)
+    }
+  end
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({:hostname => 'first'})
+      end
+
+      it_behaves_like 'ceph profile mgr'
+    end
+  end
+end

spec/defines/ceph_mgr_spec.rb

@@ -0,0 +1,79 @@
+# Copyright (C) 2017 VEXXHOST, Inc.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# Author: Mohammed Naser <mnaser@vexxhost.com>
+#
+require 'spec_helper'
+
+describe 'ceph::mgr' do
+  let (:title) { 'foo' }
+
+  describe 'with cephx configured but no key specified' do
+    let :params do
+      {
+        :authentication_type => 'cephx'
+      }
+    end
+
+    it {
+      is_expected.to raise_error(Puppet::Error, /cephx requires a specified key for the manager daemon/)
+    }
+  end
+
+  describe 'cephx authentication_type' do
+    let :params do
+      {
+        :authentication_type => 'cephx',
+        :key                 => 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg==',
+      }
+    end
+
+    it {
+      is_expected.to contain_file('/var/lib/ceph/mgr').with(
+        :ensure => 'directory',
+        :owner  => 'ceph',
+        :group  => 'ceph'
+      )
+    }
+
+    it {
+      is_expected.to contain_file('/var/lib/ceph/mgr/ceph-foo').with(
+        :ensure => 'directory',
+        :owner  => 'ceph',
+        :group  => 'ceph'
+      )
+    }
+
+    it {
+      is_expected.to contain_ceph__key('mgr.foo').with(
+        :secret       => 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg==',
+        :cluster      => 'ceph',
+        :keyring_path => "/var/lib/ceph/mgr/ceph-foo/keyring",
+        :cap_mon      => 'allow profile mgr',
+        :cap_osd      => 'allow *',
+        :cap_mds      => 'allow *',
+        :user         => 'ceph',
+        :group        => 'ceph',
+        :inject       => false,
+      )
+    }
+
+    it {
+      is_expected.to contain_service('ceph-mgr@foo').with(
+        :ensure => 'running',
+        :enable => true,
+      )
+    }
+  end
+end

spec/fixtures/hieradata/common.yaml

@@ -30,6 +30,7 @@ ceph::profile::params::fs_data_pool: 'data_pool'
 ######## Keys
 ceph::profile::params::mds_key: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
 ceph::profile::params::mon_key: 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg=='
+ceph::profile::params::mgr_key: 'AQASGFDFUHBHDG9SDdsyffV1xgsn1pgr3GcKPg=='
 ceph::profile::params::client_keys:
   'client.admin':
     secret: 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA=='