diff --git a/Berksfile b/Berksfile index 357d5d4..c73d037 100644 --- a/Berksfile +++ b/Berksfile @@ -8,3 +8,5 @@ cookbook "openstack-identity", github: "stackforge/cookbook-openstack-identity" cookbook "openstack-common", github: "stackforge/cookbook-openstack-common" +cookbook "ceph", + github: "ceph/ceph-cookbook", branch: "master" diff --git a/CHANGELOG.md b/CHANGELOG.md index 193345b..8467960 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ This file is used to list changes made in each version of the openstack-block-st * Add support for san_password with ibm.storwize_svc.StorwizeSVCDriver * Add glance_api_version config option * Allow san_private_key to be used instead of san_login for Storwize +* Add dependency on upstream ceph cookbook for better key management ## 10.0.0 * Upgrading to Juno diff --git a/attributes/default.rb b/attributes/default.rb index 291586e..2e8db03 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -265,12 +265,16 @@ default['openstack']['block-storage']['volume']['iscsi_ip_address'] = node['ipad default['openstack']['block-storage']['volume']['iscsi_port'] = '3260' # Ceph/RADOS options -default['openstack']['block-storage']['rbd_pool'] = 'rbd' -default['openstack']['block-storage']['rbd_user'] = 'cinder' -default['openstack']['block-storage']['rbd_secret_uuid'] = nil -# make this a valid uuid for when node['openstack']['developer_mode'] = true -default['openstack']['block-storage']['rbd_secret_name'] = '00000000-0000-0000-0000-000000000000' -default['openstack']['block-storage']['rbd_key_name'] = 'openstack_image_cephx_key' +default['openstack']['block-storage']['rbd']['cinder']['pool'] = 'volumes' +default['openstack']['block-storage']['rbd']['glance']['pool'] = 'images' +default['openstack']['block-storage']['rbd']['nova']['pool'] = 'instances' +default['openstack']['block-storage']['rbd']['user'] = 'cinder' +default['openstack']['block-storage']['rbd']['secret_uuid'] = '00000000-0000-0000-0000-000000000000' +default['openstack']['block-storage']['rbd']['flatten_volume'] = false +default['openstack']['block-storage']['rbd']['max_clone_depth'] = 5 +default['openstack']['block-storage']['rbd']['chunk_size'] = 4 +default['openstack']['block-storage']['rbd']['rados_timeout'] = '-1' +default['openstack']['block-storage']['rbd']['conf_dir'] = '/etc/ceph/ceph.conf' # Multiple backend support # Allow multiple backends configured in cinder.conf diff --git a/metadata.rb b/metadata.rb index 1742a7e..da84959 100644 --- a/metadata.rb +++ b/metadata.rb @@ -24,3 +24,5 @@ depends 'openstack-identity', '~> 10.0' depends 'openstack-image', '~> 10.0' depends 'selinux', '>= 0.7.2' depends 'python', '>= 1.4.6' +depends 'ceph', '>= 0.2.1' +depends 'ceph', '< 3.0.0' diff --git a/recipes/volume.rb b/recipes/volume.rb index f393d64..664e0f5 100644 --- a/recipes/volume.rb +++ b/recipes/volume.rb @@ -56,31 +56,25 @@ when 'cinder.volume.drivers.netapp.iscsi.NetAppISCSIDriver' node.override['openstack']['block-storage']['netapp']['dfm_password'] = get_password 'service', 'netapp' when 'cinder.volume.drivers.rbd.RBDDriver' - # this is used in the cinder.conf template - node.override['openstack']['block-storage']['rbd_secret_uuid'] = get_secret node['openstack']['block-storage']['rbd_secret_name'] + include_recipe 'ceph' - rbd_user = node['openstack']['block-storage']['rbd_user'] - rbd_key = get_password 'service', node['openstack']['block-storage']['rbd_key_name'] + cinder_pool = node['openstack']['block-storage']['rbd']['cinder']['pool'] + nova_pool = node['openstack']['block-storage']['rbd']['nova']['pool'] + glance_pool = node['openstack']['block-storage']['rbd']['glance']['pool'] - include_recipe 'openstack-common::ceph_client' + caps = { 'mon' => 'allow r', + 'osd' => "allow class-read object_prefix rbd_children, allow rwx pool=#{cinder_pool}, allow rwx pool=#{nova_pool}, allow rx pool=#{glance_pool}" } - platform_options['cinder_ceph_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end - end - - template "/etc/ceph/ceph.client.#{rbd_user}.keyring" do - source 'ceph.client.keyring.erb' - cookbook 'openstack-common' + ceph_client node['openstack']['block-storage']['rbd']['user'] do + name node['openstack']['block-storage']['rbd']['user'] + caps caps + keyname "client.#{node['openstack']['block-storage']['rbd']['user']}" + filename "/etc/ceph/ceph.client.#{node['openstack']['block-storage']['rbd']['user']}.keyring" owner node['openstack']['block-storage']['user'] group node['openstack']['block-storage']['group'] - mode '0600' - variables( - name: rbd_user, - key: rbd_key - ) + + action :add + notifies :restart, 'service[cinder-volume]' end when 'cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver' diff --git a/spec/cinder_common_spec.rb b/spec/cinder_common_spec.rb index 3fa9def..f77efef 100644 --- a/spec/cinder_common_spec.rb +++ b/spec/cinder_common_spec.rb @@ -444,11 +444,17 @@ describe 'openstack-block-storage::cinder-common' do node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.rbd.RBDDriver' end - %w(rbd_pool rbd_user rbd_secret_uuid).each do |attr| - it "has a #{attr} attribute" do - node.set['openstack']['block-storage'][attr] = "#{attr}_value" - expect(chef_run).to render_file(file.name).with_content(/^#{attr}=#{attr}_value$/) - end + it 'has a rbd_pool attribute' do + node.set['openstack']['block-storage']['rbd']['cinder']['pool'] = 'cinder_value' + expect(chef_run).to render_file(file.name).with_content(/^rbd_pool=cinder_value$/) + end + it 'has a rbd_user attribute' do + node.set['openstack']['block-storage']['rbd']['user'] = 'rbd_user_value' + expect(chef_run).to render_file(file.name).with_content(/^rbd_user=rbd_user_value$/) + end + it 'has a rbd_secret_uuid attribute' do + node.set['openstack']['block-storage']['rbd']['secret_uuid'] = 'rbd_secret_uuid_value' + expect(chef_run).to render_file(file.name).with_content(/^rbd_secret_uuid=rbd_secret_uuid_value$/) end end @@ -802,7 +808,7 @@ describe 'openstack-block-storage::cinder-common' do } node.set['openstack']['block-storage']['volume']['volume_group'] = 'multi-lvm-group' node.set['openstack']['block-storage']['volume']['default_volume_type'] = 'some-type-name' - node.set['openstack']['block-storage']['rbd_pool'] = 'multi-rbd-pool' + node.set['openstack']['block-storage']['rbd']['cinder']['pool'] = 'multi-rbd-pool' node.set['openstack']['block-storage']['netapp']['dfm_login'] = 'multi-netapp-login' node.set['openstack']['block-storage']['netapp']['netapp_server_hostname'] = ['netapp-host-1', 'netapp-host-2'] node.set['openstack']['block-storage']['netapp']['netapp_server_port'] = 'multi-netapp-port' diff --git a/spec/volume_spec.rb b/spec/volume_spec.rb index d3ae876..51c4d98 100644 --- a/spec/volume_spec.rb +++ b/spec/volume_spec.rb @@ -148,54 +148,13 @@ describe 'openstack-block-storage::volume' do let(:file) { chef_run.template('/etc/ceph/ceph.client.cinder.keyring') } before do node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.rbd.RBDDriver' - node.set['openstack']['block-storage']['rbd_secret_name'] = 'rbd_secret_uuid' + node.set['ceph']['config']['fsid'] = '00000000-0000-0000-0000-000000000000' end - it 'fetches the rbd_uuid_secret' do - n = chef_run.node['openstack']['block-storage']['rbd_secret_uuid'] - expect(n).to eq 'b0ff3bba-e07b-49b1-beed-09a45552b1ad' - end - - it 'includes the ceph_client recipe' do - expect(chef_run).to include_recipe('openstack-common::ceph_client') - end - - it 'upgrades the needed ceph packages by default' do - %w{ python-ceph ceph-common }.each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end - end - - it 'honors package option platform overrides for python-ceph' do - node.set['openstack']['block-storage']['rbd_secret_name'] = 'rbd_secret_uuid' - node.set['openstack']['block-storage']['platform']['package_overrides'] = '--override1 --override2' - - %w{ python-ceph ceph-common }.each do |pkg| - expect(chef_run).to upgrade_package(pkg).with(options: '--override1 --override2') - end - end - - it 'honors package name platform overrides for python-ceph' do - node.set['openstack']['block-storage']['rbd_secret_name'] = 'rbd_secret_uuid' - node.set['openstack']['block-storage']['platform']['cinder_ceph_packages'] = ['my-ceph', 'my-other-ceph'] - - %w{my-ceph my-other-ceph}.each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end - end - - it 'creates a cephx client keyring correctly' do - [/^\[client\.cinder\]$/, - /^ key = cephx-key$/].each do |content| - expect(chef_run).to render_file(file.name).with_content(content) - end - expect(chef_run).to create_template(file.name).with(cookbook: 'openstack-common') - expect(file.owner).to eq('cinder') - expect(file.group).to eq('cinder') - expect(sprintf('%o', file.mode)).to eq '600' + it 'includes the ceph recipe' do + expect(chef_run).to include_recipe('ceph') end end - context 'Storewize Driver' do let(:file) { chef_run.template('/etc/cinder/cinder.conf') } before do diff --git a/templates/default/cinder.conf.erb b/templates/default/cinder.conf.erb index a6adf6d..2e59823 100644 --- a/templates/default/cinder.conf.erb +++ b/templates/default/cinder.conf.erb @@ -583,14 +583,43 @@ iscsi_port=<%= node["openstack"]["block-storage"]["volume"]["iscsi_port"] %> #### (IntOpt) The port that the iSCSI daemon is listening on <% if @enabled_drivers.include?("cinder.volume.drivers.rbd.RBDDriver") %> -rbd_pool=<%= node["openstack"]["block-storage"]["rbd_pool"] %> -#### (StrOpt) the RADOS pool in which rbd volumes are stored -rbd_user=<%= node["openstack"]["block-storage"]["rbd_user"] %> -#### (StrOpt) the RADOS client name for accessing rbd volumes +# +# Options defined in cinder.volume.drivers.rbd +# + +# The RADOS pool where rbd volumes are stored (string value) +rbd_pool=<%= node["openstack"]["block-storage"]["rbd"]["cinder"]["pool"] %> + +# The RADOS client name for accessing rbd volumes - only set +# when using cephx authentication (string value) +rbd_user=<%= node["openstack"]["block-storage"]["rbd"]["user"] %> + +# Path to the ceph configuration file (string value) +rbd_ceph_conf=<%= node["openstack"]["block-storage"]["rbd"]["conf_dir"] %> + +# Flatten volumes created from snapshots to remove dependency +# from volume to snapshot (boolean value) +rbd_flatten_volume_from_snapshot=<%= node["openstack"]["block-storage"]["rbd"]["flatten_volume"] %> + +# The libvirt uuid of the secret for the rbd_user volumes +# (string value) +rbd_secret_uuid=<%= node["openstack"]["block-storage"]["rbd"]["secret_uuid"] %> + +# Maximum number of nested volume clones that are taken before +# a flatten occurs. Set to 0 to disable cloning. (integer +# value) +rbd_max_clone_depth=<%= node["openstack"]["block-storage"]["rbd"]["max_clone_depth"] %> + +# Volumes will be chunked into objects of this size (in +# megabytes). (integer value) +rbd_store_chunk_size=<%= node["openstack"]["block-storage"]["rbd"]["chunk_size"] %> + +# Timeout value (in seconds) used when connecting to ceph +# cluster. If value < 0, no timeout is set and default +# librados value is used. (integer value) +rados_connect_timeout=<%= node["openstack"]["block-storage"]["rbd"]["rados_timeout"] %> -rbd_secret_uuid=<%= node["openstack"]["block-storage"]["rbd_secret_uuid"] %> -#### (StrOpt) the libvirt uuid of the secret for the rbd_uservolumes <% end %> # volume_tmp_dir= #### (StrOpt) where to store temporary image files if the volume driver