Add dependency on upstream ceph cookbook for better key management
The upstream ceph cookbook already hooks into chef for environment information. This patch utilizes the client LWRP to create or add ceph keys for RBD support. This patch also changes some default attribute names for more sane organization Partial-Bug: #1409943 Change-Id: Ibba6c568d4e4d00153061458b71593cd28714e60
This commit is contained in:
Elliott Davis
parent
dad180e458
commit
f75d819c2f
|
|
@ -8,3 +8,5 @@ cookbook "openstack-identity",
|
|||
github: "stackforge/cookbook-openstack-identity"
|
||||
cookbook "openstack-common",
|
||||
github: "stackforge/cookbook-openstack-common"
|
||||
cookbook "ceph",
|
||||
github: "ceph/ceph-cookbook", branch: "master"
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ This file is used to list changes made in each version of the openstack-block-st
|
|||
* Add support for san_password with ibm.storwize_svc.StorwizeSVCDriver
|
||||
* Add glance_api_version config option
|
||||
* Allow san_private_key to be used instead of san_login for Storwize
|
||||
* Add dependency on upstream ceph cookbook for better key management
|
||||
|
||||
## 10.0.0
|
||||
* Upgrading to Juno
|
||||
|
|
|
|||
|
|
@ -265,12 +265,16 @@ default['openstack']['block-storage']['volume']['iscsi_ip_address'] = node['ipad
|
|||
default['openstack']['block-storage']['volume']['iscsi_port'] = '3260'
|
||||
|
||||
# Ceph/RADOS options
|
||||
default['openstack']['block-storage']['rbd_pool'] = 'rbd'
|
||||
default['openstack']['block-storage']['rbd_user'] = 'cinder'
|
||||
default['openstack']['block-storage']['rbd_secret_uuid'] = nil
|
||||
# make this a valid uuid for when node['openstack']['developer_mode'] = true
|
||||
default['openstack']['block-storage']['rbd_secret_name'] = '00000000-0000-0000-0000-000000000000'
|
||||
default['openstack']['block-storage']['rbd_key_name'] = 'openstack_image_cephx_key'
|
||||
default['openstack']['block-storage']['rbd']['cinder']['pool'] = 'volumes'
|
||||
default['openstack']['block-storage']['rbd']['glance']['pool'] = 'images'
|
||||
default['openstack']['block-storage']['rbd']['nova']['pool'] = 'instances'
|
||||
default['openstack']['block-storage']['rbd']['user'] = 'cinder'
|
||||
default['openstack']['block-storage']['rbd']['secret_uuid'] = '00000000-0000-0000-0000-000000000000'
|
||||
default['openstack']['block-storage']['rbd']['flatten_volume'] = false
|
||||
default['openstack']['block-storage']['rbd']['max_clone_depth'] = 5
|
||||
default['openstack']['block-storage']['rbd']['chunk_size'] = 4
|
||||
default['openstack']['block-storage']['rbd']['rados_timeout'] = '-1'
|
||||
default['openstack']['block-storage']['rbd']['conf_dir'] = '/etc/ceph/ceph.conf'
|
||||
|
||||
# Multiple backend support
|
||||
# Allow multiple backends configured in cinder.conf
|
||||
|
|
|
|||
|
|
@ -24,3 +24,5 @@ depends 'openstack-identity', '~> 10.0'
|
|||
depends 'openstack-image', '~> 10.0'
|
||||
depends 'selinux', '>= 0.7.2'
|
||||
depends 'python', '>= 1.4.6'
|
||||
depends 'ceph', '>= 0.2.1'
|
||||
depends 'ceph', '< 3.0.0'
|
||||
|
|
|
|||
|
|
@ -56,31 +56,25 @@ when 'cinder.volume.drivers.netapp.iscsi.NetAppISCSIDriver'
|
|||
node.override['openstack']['block-storage']['netapp']['dfm_password'] = get_password 'service', 'netapp'
|
||||
|
||||
when 'cinder.volume.drivers.rbd.RBDDriver'
|
||||
# this is used in the cinder.conf template
|
||||
node.override['openstack']['block-storage']['rbd_secret_uuid'] = get_secret node['openstack']['block-storage']['rbd_secret_name']
|
||||
include_recipe 'ceph'
|
||||
|
||||
rbd_user = node['openstack']['block-storage']['rbd_user']
|
||||
rbd_key = get_password 'service', node['openstack']['block-storage']['rbd_key_name']
|
||||
cinder_pool = node['openstack']['block-storage']['rbd']['cinder']['pool']
|
||||
nova_pool = node['openstack']['block-storage']['rbd']['nova']['pool']
|
||||
glance_pool = node['openstack']['block-storage']['rbd']['glance']['pool']
|
||||
|
||||
include_recipe 'openstack-common::ceph_client'
|
||||
caps = { 'mon' => 'allow r',
|
||||
'osd' => "allow class-read object_prefix rbd_children, allow rwx pool=#{cinder_pool}, allow rwx pool=#{nova_pool}, allow rx pool=#{glance_pool}" }
|
||||
|
||||
platform_options['cinder_ceph_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
template "/etc/ceph/ceph.client.#{rbd_user}.keyring" do
|
||||
source 'ceph.client.keyring.erb'
|
||||
cookbook 'openstack-common'
|
||||
ceph_client node['openstack']['block-storage']['rbd']['user'] do
|
||||
name node['openstack']['block-storage']['rbd']['user']
|
||||
caps caps
|
||||
keyname "client.#{node['openstack']['block-storage']['rbd']['user']}"
|
||||
filename "/etc/ceph/ceph.client.#{node['openstack']['block-storage']['rbd']['user']}.keyring"
|
||||
owner node['openstack']['block-storage']['user']
|
||||
group node['openstack']['block-storage']['group']
|
||||
mode '0600'
|
||||
variables(
|
||||
name: rbd_user,
|
||||
key: rbd_key
|
||||
)
|
||||
|
||||
action :add
|
||||
notifies :restart, 'service[cinder-volume]'
|
||||
end
|
||||
|
||||
when 'cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver'
|
||||
|
|
|
|||
|
|
@ -444,11 +444,17 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.rbd.RBDDriver'
|
||||
end
|
||||
|
||||
%w(rbd_pool rbd_user rbd_secret_uuid).each do |attr|
|
||||
it "has a #{attr} attribute" do
|
||||
node.set['openstack']['block-storage'][attr] = "#{attr}_value"
|
||||
expect(chef_run).to render_file(file.name).with_content(/^#{attr}=#{attr}_value$/)
|
||||
end
|
||||
it 'has a rbd_pool attribute' do
|
||||
node.set['openstack']['block-storage']['rbd']['cinder']['pool'] = 'cinder_value'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^rbd_pool=cinder_value$/)
|
||||
end
|
||||
it 'has a rbd_user attribute' do
|
||||
node.set['openstack']['block-storage']['rbd']['user'] = 'rbd_user_value'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^rbd_user=rbd_user_value$/)
|
||||
end
|
||||
it 'has a rbd_secret_uuid attribute' do
|
||||
node.set['openstack']['block-storage']['rbd']['secret_uuid'] = 'rbd_secret_uuid_value'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^rbd_secret_uuid=rbd_secret_uuid_value$/)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -802,7 +808,7 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
}
|
||||
node.set['openstack']['block-storage']['volume']['volume_group'] = 'multi-lvm-group'
|
||||
node.set['openstack']['block-storage']['volume']['default_volume_type'] = 'some-type-name'
|
||||
node.set['openstack']['block-storage']['rbd_pool'] = 'multi-rbd-pool'
|
||||
node.set['openstack']['block-storage']['rbd']['cinder']['pool'] = 'multi-rbd-pool'
|
||||
node.set['openstack']['block-storage']['netapp']['dfm_login'] = 'multi-netapp-login'
|
||||
node.set['openstack']['block-storage']['netapp']['netapp_server_hostname'] = ['netapp-host-1', 'netapp-host-2']
|
||||
node.set['openstack']['block-storage']['netapp']['netapp_server_port'] = 'multi-netapp-port'
|
||||
|
|
|
|||
|
|
@ -148,54 +148,13 @@ describe 'openstack-block-storage::volume' do
|
|||
let(:file) { chef_run.template('/etc/ceph/ceph.client.cinder.keyring') }
|
||||
before do
|
||||
node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.rbd.RBDDriver'
|
||||
node.set['openstack']['block-storage']['rbd_secret_name'] = 'rbd_secret_uuid'
|
||||
node.set['ceph']['config']['fsid'] = '00000000-0000-0000-0000-000000000000'
|
||||
end
|
||||
|
||||
it 'fetches the rbd_uuid_secret' do
|
||||
n = chef_run.node['openstack']['block-storage']['rbd_secret_uuid']
|
||||
expect(n).to eq 'b0ff3bba-e07b-49b1-beed-09a45552b1ad'
|
||||
end
|
||||
|
||||
it 'includes the ceph_client recipe' do
|
||||
expect(chef_run).to include_recipe('openstack-common::ceph_client')
|
||||
end
|
||||
|
||||
it 'upgrades the needed ceph packages by default' do
|
||||
%w{ python-ceph ceph-common }.each do |pkg|
|
||||
expect(chef_run).to upgrade_package(pkg)
|
||||
end
|
||||
end
|
||||
|
||||
it 'honors package option platform overrides for python-ceph' do
|
||||
node.set['openstack']['block-storage']['rbd_secret_name'] = 'rbd_secret_uuid'
|
||||
node.set['openstack']['block-storage']['platform']['package_overrides'] = '--override1 --override2'
|
||||
|
||||
%w{ python-ceph ceph-common }.each do |pkg|
|
||||
expect(chef_run).to upgrade_package(pkg).with(options: '--override1 --override2')
|
||||
end
|
||||
end
|
||||
|
||||
it 'honors package name platform overrides for python-ceph' do
|
||||
node.set['openstack']['block-storage']['rbd_secret_name'] = 'rbd_secret_uuid'
|
||||
node.set['openstack']['block-storage']['platform']['cinder_ceph_packages'] = ['my-ceph', 'my-other-ceph']
|
||||
|
||||
%w{my-ceph my-other-ceph}.each do |pkg|
|
||||
expect(chef_run).to upgrade_package(pkg)
|
||||
end
|
||||
end
|
||||
|
||||
it 'creates a cephx client keyring correctly' do
|
||||
[/^\[client\.cinder\]$/,
|
||||
/^ key = cephx-key$/].each do |content|
|
||||
expect(chef_run).to render_file(file.name).with_content(content)
|
||||
end
|
||||
expect(chef_run).to create_template(file.name).with(cookbook: 'openstack-common')
|
||||
expect(file.owner).to eq('cinder')
|
||||
expect(file.group).to eq('cinder')
|
||||
expect(sprintf('%o', file.mode)).to eq '600'
|
||||
it 'includes the ceph recipe' do
|
||||
expect(chef_run).to include_recipe('ceph')
|
||||
end
|
||||
end
|
||||
|
||||
context 'Storewize Driver' do
|
||||
let(:file) { chef_run.template('/etc/cinder/cinder.conf') }
|
||||
before do
|
||||
|
|
|
|||
|
|
@ -583,14 +583,43 @@ iscsi_port=<%= node["openstack"]["block-storage"]["volume"]["iscsi_port"] %>
|
|||
#### (IntOpt) The port that the iSCSI daemon is listening on
|
||||
|
||||
<% if @enabled_drivers.include?("cinder.volume.drivers.rbd.RBDDriver") %>
|
||||
rbd_pool=<%= node["openstack"]["block-storage"]["rbd_pool"] %>
|
||||
#### (StrOpt) the RADOS pool in which rbd volumes are stored
|
||||
|
||||
rbd_user=<%= node["openstack"]["block-storage"]["rbd_user"] %>
|
||||
#### (StrOpt) the RADOS client name for accessing rbd volumes
|
||||
#
|
||||
# Options defined in cinder.volume.drivers.rbd
|
||||
#
|
||||
|
||||
# The RADOS pool where rbd volumes are stored (string value)
|
||||
rbd_pool=<%= node["openstack"]["block-storage"]["rbd"]["cinder"]["pool"] %>
|
||||
|
||||
# The RADOS client name for accessing rbd volumes - only set
|
||||
# when using cephx authentication (string value)
|
||||
rbd_user=<%= node["openstack"]["block-storage"]["rbd"]["user"] %>
|
||||
|
||||
# Path to the ceph configuration file (string value)
|
||||
rbd_ceph_conf=<%= node["openstack"]["block-storage"]["rbd"]["conf_dir"] %>
|
||||
|
||||
# Flatten volumes created from snapshots to remove dependency
|
||||
# from volume to snapshot (boolean value)
|
||||
rbd_flatten_volume_from_snapshot=<%= node["openstack"]["block-storage"]["rbd"]["flatten_volume"] %>
|
||||
|
||||
# The libvirt uuid of the secret for the rbd_user volumes
|
||||
# (string value)
|
||||
rbd_secret_uuid=<%= node["openstack"]["block-storage"]["rbd"]["secret_uuid"] %>
|
||||
|
||||
# Maximum number of nested volume clones that are taken before
|
||||
# a flatten occurs. Set to 0 to disable cloning. (integer
|
||||
# value)
|
||||
rbd_max_clone_depth=<%= node["openstack"]["block-storage"]["rbd"]["max_clone_depth"] %>
|
||||
|
||||
# Volumes will be chunked into objects of this size (in
|
||||
# megabytes). (integer value)
|
||||
rbd_store_chunk_size=<%= node["openstack"]["block-storage"]["rbd"]["chunk_size"] %>
|
||||
|
||||
# Timeout value (in seconds) used when connecting to ceph
|
||||
# cluster. If value < 0, no timeout is set and default
|
||||
# librados value is used. (integer value)
|
||||
rados_connect_timeout=<%= node["openstack"]["block-storage"]["rbd"]["rados_timeout"] %>
|
||||
|
||||
rbd_secret_uuid=<%= node["openstack"]["block-storage"]["rbd_secret_uuid"] %>
|
||||
#### (StrOpt) the libvirt uuid of the secret for the rbd_uservolumes
|
||||
<% end %>
|
||||
# volume_tmp_dir=<None>
|
||||
#### (StrOpt) where to store temporary image files if the volume driver
|
||||
|
|
|
|||
Loading…
Reference in New Issue