Ceph has a function to collect health metrics through smartctl or nvme
command out of the box. And it relies on sudo spawned from the ceph-osd
process so it needs to be considered in the apparmor policy.
[/etc/sudoers.d/ceph-smartctl in ceph-base package]
> ## allow ceph daemons (which run as user ceph) to collect device
> ## health metrics
>
> ceph ALL=NOPASSWD: /usr/sbin/smartctl -x --json=o /dev/*
> ceph ALL=NOPASSWD: /usr/sbin/nvme * smart-log-add --json /dev/*
Also sync charmhelpers and mock platform info
Closes-Bug: #2031637
Change-Id: I981a5db0fd49eca83aa8a619f0cbd0d34a533842
This patchset modifies the add-disk action so that it now
can optionally start a Crimson OSD daemon.
Change-Id: I59bf4e41f1f56c6bda2352b5613289ff73113342
Depends-On: If58bde4d5445ed5de420abc007db6bf8b8e43269
check_ceph_ods_services.py reads /var/lib/nagios file to report ceph
status back to nagios. This service runs as nagios user and the file
is owned by root. On CIS hardened servers the default mask is set to
027 making the permissions of the file 640 instead of 644.
This results in the service not being able to read the file and the
status reported to nagios is UNKNOWN even though ceph status is OK.
Closes-Bug: #1879667
Change-Id: Ib67b9a2b86a1c22658aeaf41f8e464072ab1828f
The referenced bug (below) was caused because the nrpe check needed to
access the ceph owned directories, and as the nagios user, nrpe can't.
This change splits the check into a 'collect' phase that runs as root
via a cronjob each minute and writes a file to the tmp directory, and a
nrpe check phase that then reads that file and reports back to nagios.
The 'check' part deletes the 'collect' file, so that fresh information
is available for each nrpe check. The cron task runs every minute (as
is lightweight), so the nrpe checks should not be sheduled more
frequently than 1 minute.
Change-Id: I4f4594a479eed47cc66643d0c6acece491ae854d
Closes-Bug: #1810749
Minor refactoring and updates for DENIED messages seen during
'complain' testing with filestore and bluestore based OSD's
with journals, db and wal devices.
Tested with Ceph Luminous on 18.04 including data generation
using rados bench and pg resizing from 8 -> 256 during testing.
Change-Id: I705eacfe4d464b96dde25495eecb95db30423b66
Ensure that LV's created using the LVM layout implemented
by this charm are correctly owned by the ceph user and group,
ensuring that ceph-osd processes can start correctly at all
times.
Change-Id: I23ea51e3bffe7207f75782c5f34b796e9eed2c80
Closes-Bug: 1767087
Ensure that directory based OSD's under /srv/ceph can hard
link when apparmor is in enforce mode. If not, then links go
missing over time and the ceph-osd daemons eventually abort.
Change-Id: I7cc25f5d436204d1f47c9a3a67a15f27c16b7505
Closes-Bug: 1748426
* Synced version of charm-helpers
* Synced version of charms.ceph to bring in Py3 compatible library
methods.
Change-Id: I5ac45740f48a71d9cb0c5943472fc8590a723514
AppArmor profile prevents link operation within /var/lib/ceph/osd/*.
This leads to daemon coredump. This patch ensures ceph-osd
is able to create links.
Change-Id: Ia03baac0fec7f134f53254b18e5498a87656817f
Closes-Bug: #1677470
ceph and swift-storage apps may end up on the same unit
so a different approach is needed.
This reverts commit 7b38a56cf5.
Change-Id: Id74e014d856718fbc5e4d714578b233145c9c047
Install apparmor profile for ceph-osd processes, and provide
associated configuration option to place any ceph-osd processes
into enforce, complain, or disable apparmor profile mode.
As this is the first release of this feature, default to disabled
and allow charm users to test and provide feedback for this
release.
Change-Id: I4524c587ac70de13aa3a0cb912033e6eb44b0403
All contributions to this charm where made under Canonical
copyright; switch to Apache-2.0 license as agreed so we
can move forward with official project status.
In order to make this change, this commit also drops the
inclusion of upstart configurations for very early versions
of Ceph (argonaut), as they are no longer required.
Change-Id: I9609dd79855b545a2c5adc12b7ac573c6f246d48