diff --git a/manifests/mgr.pp b/manifests/mgr.pp new file mode 100644 index 00000000..33af49db --- /dev/null +++ b/manifests/mgr.pp @@ -0,0 +1,92 @@ +# +# Copyright (C) 2017 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Mohammed Naser +# +# == Define: ceph::mgr +# +# Installs and configures MGRs (ceph manager) +# +# === Parameters: +# +# [*title*] The manager ID. +# Mandatory. An alphanumeric string uniquely identifying the manager. +# +# [*enable*] Whether to enable ceph-mgr instance on boot. +# Optional. Default is true. +# +# [*ensure*] Configure the state of the service (running/stopped) +# Optional. Defaults to running. +# +# [*cluster*] The ceph cluster +# Optional. Same default as ceph. +# +# [*authentication_type*] Activate or deactivate authentication +# Optional. Default to cephx. +# Authentication is activated if the value is 'cephx' and deactivated +# if the value is 'none'. If the value is 'cephx', then key must be provided. +# +# [*key*] Authentication key for ceph-mgr +# Required if authentication_type is set to cephx +# +# [*inject_key*] Inject the key to the Ceph cluster +# Optional. Defaults to false +# +define ceph::mgr ( + $enable = true, + $ensure = running, + $cluster = 'ceph', + $authentication_type = 'cephx', + $key = undef, + $inject_key = false, +) { + file { '/var/lib/ceph/mgr': + ensure => directory, + owner => 'ceph', + group => 'ceph', + } -> file { "/var/lib/ceph/mgr/${cluster}-${name}": + ensure => directory, + owner => 'ceph', + group => 'ceph', + } + + if $authentication_type == 'cephx' { + if ! $key { + fail('cephx requires a specified key for the manager daemon') + } + + ceph::key { "mgr.${name}": + secret => $key, + cluster => $cluster, + keyring_path => "/var/lib/ceph/mgr/${cluster}-${name}/keyring", + cap_mon => 'allow profile mgr', + cap_osd => 'allow *', + cap_mds => 'allow *', + user => 'ceph', + group => 'ceph', + inject => $inject_key, + before => Service["ceph-mgr@${name}"], + require => File["/var/lib/ceph/mgr/${cluster}-${name}"], + } + } + + # NOTE(mnaser): The ceph-mgr service was introduced in Jewel which ships with + # Xenial and newer, so we don't need an upstart compatibility + # layer in this case. + service { "ceph-mgr@${name}": + ensure => $ensure, + enable => $enable, + } +} diff --git a/manifests/profile/mgr.pp b/manifests/profile/mgr.pp new file mode 100644 index 00000000..51b7ef2f --- /dev/null +++ b/manifests/profile/mgr.pp @@ -0,0 +1,30 @@ +# +# Copyright (C) 2017, VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Mohammed Naser +# +# == Class: ceph::profile::mgr +# +# Profile for a Ceph mgr +# +class ceph::profile::mgr { + require ::ceph::profile::base + + ceph::mgr { $::hostname: + authentication_type => $ceph::profile::params::authentication_type, + key => $ceph::profile::params::mgr_key, + inject_key => true, + } +} diff --git a/manifests/profile/params.pp b/manifests/profile/params.pp index 8090b608..8f6f7393 100644 --- a/manifests/profile/params.pp +++ b/manifests/profile/params.pp @@ -97,6 +97,9 @@ # [*mon_key*] The mon secret key. # Optional. Either mon_key or mon_keyring need to be set when using cephx. # +# [*mgr_key*] The mgr secret key. +# Optional. Either mgr_key or mgr_keyring need to be set when using cephx. +# # [*mon_keyring*] The location of the keyring retrieved by default # Optional. Either mon_key or mon_keyring need to be set when using cephx # @@ -209,6 +212,7 @@ class ceph::profile::params ( $public_addr = undef, $mds_key = undef, $mon_key = undef, + $mgr_key = undef, $mon_keyring = undef, $client_keys = {}, $osds = undef, diff --git a/releasenotes/notes/add-ceph-mgr-support-d2a5e9104021f81a.yaml b/releasenotes/notes/add-ceph-mgr-support-d2a5e9104021f81a.yaml new file mode 100644 index 00000000..b96ac78e --- /dev/null +++ b/releasenotes/notes/add-ceph-mgr-support-d2a5e9104021f81a.yaml @@ -0,0 +1,5 @@ +--- +features: + - Introduced the ability to setup ceph-mgr instances which are requried in + the latest stable release of Ceph. This can be done using the ceph::mgr + define or the ceph::profile::mgr profile. diff --git a/spec/acceptance/ceph_mon_osd_spec.rb b/spec/acceptance/ceph_mon_osd_spec.rb index 059ef089..9e8108c8 100644 --- a/spec/acceptance/ceph_mon_osd_spec.rb +++ b/spec/acceptance/ceph_mon_osd_spec.rb @@ -42,6 +42,16 @@ describe 'ceph mon osd' do ceph_config { 'global/osd_journal_size': value => '100'; } + + # NOTE(mnaser): At the moment, the storage SIG packages do not ship 12.X + # however UCA is shipping it at the moment. This conditional + # should be dropped once we switch CentOS to 12.X + if $::osfamily != 'RedHat' { + ceph::mgr { 'a': + authentication_type => 'none', + } + } + ceph::mon { 'a': public_addr => $::ipaddress, authentication_type => 'none', diff --git a/spec/classes/ceph_profile_mgr_spec.rb b/spec/classes/ceph_profile_mgr_spec.rb new file mode 100644 index 00000000..3926e579 --- /dev/null +++ b/spec/classes/ceph_profile_mgr_spec.rb @@ -0,0 +1,39 @@ +# +# Copyright (C) 2017 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Mohammed Naser +# +require 'spec_helper' + +describe 'ceph::profile::mgr' do + + shared_examples_for 'ceph profile mgr' do + it { is_expected.to contain_ceph__mgr('first').with( + :authentication_type => 'cephx', + :key => 'AQASGFDFUHBHDG9SDdsyffV1xgsn1pgr3GcKPg==', + :inject_key => true) + } + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({:hostname => 'first'}) + end + + it_behaves_like 'ceph profile mgr' + end + end +end diff --git a/spec/defines/ceph_mgr_spec.rb b/spec/defines/ceph_mgr_spec.rb new file mode 100644 index 00000000..ff8bb101 --- /dev/null +++ b/spec/defines/ceph_mgr_spec.rb @@ -0,0 +1,79 @@ +# Copyright (C) 2017 VEXXHOST, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Mohammed Naser +# +require 'spec_helper' + +describe 'ceph::mgr' do + let (:title) { 'foo' } + + describe 'with cephx configured but no key specified' do + let :params do + { + :authentication_type => 'cephx' + } + end + + it { + is_expected.to raise_error(Puppet::Error, /cephx requires a specified key for the manager daemon/) + } + end + + describe 'cephx authentication_type' do + let :params do + { + :authentication_type => 'cephx', + :key => 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg==', + } + end + + it { + is_expected.to contain_file('/var/lib/ceph/mgr').with( + :ensure => 'directory', + :owner => 'ceph', + :group => 'ceph' + ) + } + + it { + is_expected.to contain_file('/var/lib/ceph/mgr/ceph-foo').with( + :ensure => 'directory', + :owner => 'ceph', + :group => 'ceph' + ) + } + + it { + is_expected.to contain_ceph__key('mgr.foo').with( + :secret => 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg==', + :cluster => 'ceph', + :keyring_path => "/var/lib/ceph/mgr/ceph-foo/keyring", + :cap_mon => 'allow profile mgr', + :cap_osd => 'allow *', + :cap_mds => 'allow *', + :user => 'ceph', + :group => 'ceph', + :inject => false, + ) + } + + it { + is_expected.to contain_service('ceph-mgr@foo').with( + :ensure => 'running', + :enable => true, + ) + } + end +end diff --git a/spec/fixtures/hieradata/common.yaml b/spec/fixtures/hieradata/common.yaml index 7448923e..0e082fc6 100644 --- a/spec/fixtures/hieradata/common.yaml +++ b/spec/fixtures/hieradata/common.yaml @@ -30,6 +30,7 @@ ceph::profile::params::fs_data_pool: 'data_pool' ######## Keys ceph::profile::params::mds_key: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' ceph::profile::params::mon_key: 'AQATGHJTUCBqIBAA7M2yafV1xctn1pgr3GcKPg==' +ceph::profile::params::mgr_key: 'AQASGFDFUHBHDG9SDdsyffV1xgsn1pgr3GcKPg==' ceph::profile::params::client_keys: 'client.admin': secret: 'AQBMGHJTkC8HKhAAJ7NH255wYypgm1oVuV41MA=='