When Ceph read/write caching uses paths which aren't already
covered by the libvirt/qemu apparmor rules then additional
configuration is required to ensure VMs don't fail to boot.
Change-Id: I2dff4bf54191b763e25625aa7a10bceaa1f6e595
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Idb2dd6cd4bbf815e4b32c9bfbe9a66f33e1c4b97
See [1] for details of this ceph component. Optionally deployed
on nova-compute nodes to accellerate access to read-only data
for volumes created from snapshots.
[1] https://docs.ceph.com/en/latest/rbd/rbd-persistent-read-only-cache/
Change-Id: I34f2f403d03cc95f593f21c717609b9858b8d989
At the moment we do install EPEL repo in multiple other roles, like
lxc_hosts or systemd_mount. We're trying to be consistent in ways
of adding them, while ceph_client was slightly different, by carrying on
GPG keys in-repo instead of fetching them from `centos_epel_key` url.
With this patch we unify approach with other roles and reducing
maintenance costs of the repo when adding new distributions
Change-Id: I407256dc6eee3365c4f8c191a1f50717f0b35fa8
Related-Bug: #2013276
In some cases, like AZ scenarios, deployments may interact with
several clusters at a time, while they will be distinguished by
the cluster_name. However, ceph_client role now assumes that
cluster name is `ceph` without any way to override such assumption.
Change-Id: I9dcad1e1c63294f4f59a1755507904808acb785e
We missed upating ceph_client_package_state to use package_state
for default value, as other roles do.
So we're fixing it not to update ceph client packages every time, which
can lead to interesting consequences depending on the destination.
Change-Id: I0d6014649307bb6556cdc189cf8d749e1ec9b20a
This change permits users to specify a directory where the keyrings are
located.
It is useful when openstack-ansible have no ssh access to the ceph
cluster.
Change-Id: I6693a7f9d0bc7fe1e20eee53a96de8df8985e148
This commit implements option to partially override ceph.conf with regular
config_template action plugin.
Change-Id: I60cc9d3a4dde0483aa92714a521675a26ad9cd78
When ceph-ansible is used, it tends to use `ceph` group for ceph.conf[1]
This make problems for libvirt and cinder/ceph
as their users are not in ceph group, so don't have access to configs.
This also updates ceph_stable_release to nautilus
[1] bc701860d5/roles/ceph-config/tasks/main.yml (L66-L94)
Change-Id: I120a6e66351db62bbd6e270495f455a5e34b4a2b
Having 'uca' as a valid value for ceph_pkg_source means that we
have to maintain the UCA parameters in another repo other than
the openstack_hosts role, and it has not been maintained well.
This is evidenced by the fact that the current value is set to
'pike', which is very old.
To reduce this maintenance burden, we simply remove this option.
Change-Id: I78bfd1585804c0261645a8e008a7acef66b5795a
Manila can be used with openstack and when deployed in a venv the ceph
client role will need to link the appropriate libs into the venv for
this to work. This change adds manila into the default component list so
that should manila be deployed it'll be automatically configured without
needing to provide an override.
Change-Id: I732066e3a3aea77c2c7e43398c833bba1664fde0
Signed-off-by: cloudnull <kevin@cloudnull.com>
These changes are causing integrated build failures due to undefined
variables. Reverting them to work out a better solution.
This reverts commit 8ec0e6c793
This reverts commit 58ac4da336.
Change-Id: I4964625b6513eb062a6ce0513bd01b17922b8188
Now SSH port relies on ansible_port variable. On case of using
non-standard SSH ports on all infrastructure, only this role fails on
connection to CEPH monitors.
Added ceph_mon_user variable to defaults. This may be usefull, as ceph
recommends to do all actions with non-root users, so ability to override
user is pretty usefull.
Change-Id: I01f42287f50dbeb2c6a7f8912e08d21aca2d24b9
Related-Bug: 1773925
This patch sets the correct release name for Ceph packages. It was
originally `Inktank` but it has now changed to `RedHat`.
The `ceph_pin_pref.j2` file was removed since it isn't used by any
of the tasks in the role.
Closes-Bug: 1646855
Change-Id: If45055cdcaebbc47e6091bac84adf8bec00f8bec
Deploy necessary configs and keyrings for multiple
ceph cluters. Specifically, the intent is to enable
multiple backends for cinder that can be accessed by
compute nodes.
This change will allow automatic retrieval of
ceph.conf and client keyrings from multiple ceph clusters.
Additionally, libvirt ceph client secrets will be created
to support attaching volumes to instances from multiple
ceph clusters.
Change-Id: Icee061b35f374955154a3dd703444b94da0117da
This commit adds support for the ceph_client role to be run on the
Gnocchi containers. The role will only setup the Ceph client in these
containers when `gnocchi_storage_driver` is set to `ceph`.
Change-Id: I7cd717c81ec4e9e0db6d74e645c83b426d3503cf
The current method of installing the distribution packages required is
set in the tasks and cannot be changed by a deployer.
Currently the apt task always installs the latest package. This results
in unexpected binary changes when a deployer may simply be trying to
execute a configuration change.
This patch adds the ability for a deployer to change the desired state
so that the results are predictable.
Change-Id: I80e58182b5c115f2128780a44d549c5b61beb1fc
In order to expose the var in role documentation and to allow the use
of dynamically set facts to override the value in CI environments the
variable is moved from the role vars to the role defaults.
The uca_openstack_release var is also changed for Ubuntu 16.04 to
'newton' in order to match the current cycle appropriately. A note is
added to the Ubuntu 14.04 vars to make it clear that there will never
be a Newton UCA release for Trusty.
A small correction to the task description which sets the URL for the
AIO build in OpenStack-CI is also made to be more accurate.
Change-Id: I35b8e99e6e3f127ca507907d6480542b91a4107d
This patch refactors the ceph_client role to add support for multiple
operating system distros and multiple sources for Ceph packages.
The support of multiple sources for the Ceph packages is important
to organizations that must get packages from Canonical for service and
support. The current Ceph repo setup goes to upstream ceph.com
repositories and does not work with the UCA.
The use of UCA is also important when running OpenStack on the ppc64le
architecture because ceph.com does not have Debian packages available
for this architecture and the default trusty and trusty-updates repos
only have Ceph Giant, whereas the user can get later releases such as
Ceph Jewel from UCA.
The multiple operating system support for Trusty and Xenial also plays
into this since Xenial has Ceph Jewel by default. For Xenial OSA
deployments users may want to use the modern ceph client already
available for the distro.
The choice of which Ceph source to use is simple for deployers. They
simply set it with the ceph_pkg_source variable but have additional
variables they can tweak to pick specific Ceph versions from the
sources:
The ceph_pkg_source variable controls the install source for the
Ceph packages.
Valid values include:
* ceph This option installs Ceph from a ceph.com repo. Additional
variables to adjust items such as Ceph release and regional
download mirror can be found in vars/*.yml
* uca This option installs Ceph from the Ubuntu Cloud Archive.
Additional variables to adjust items such as the
OpenStack/Ceph release can be found in vars/*.yml.
* distro This options installs Ceph from the operating system's
default repository and unlike the other options does not
attempt to manage package keys or add additional package
repositories.
Change-Id: Ib21b3f76ccf4556548180c8694786d43fa0a024f
Workarounding the upstream ansible apt module bug
documented here:
https://github.com/ansible/ansible-modules-core/pull/1517
For the next versions of ansible we'll be using, we should
check if the apt bug is fixed. When it's fixed, we could
abandon this change and use the standard apt module
with correct cache handling.
Change-Id: I2aaf00da175f31d0157bbc4ae30a4e176b055078
This change updates all fo the names that we were using to the post
openstack migration name for openstack-ansible.
Change-Id: I6524af53ed02e19a0f56908e42a65d2dae8b71e3
This change updates ceph_client and os_cinder roles to allow
cinder-backup to use ceph. We also create a new group called
'cinder_backup' which allows us to only retreive the cinder backup key
if cinder-backup is actually in use.
To use, you would simply need to set cinder_service_backup_driver to
cinder.backup.drivers.ceph in your user_variables.yml file.
NOTE: You will need to update your
/etc/openstack_deploy/env.d/cinder.yml in order for this change
to execute successfully.
Change-Id: Ib94effa40208bbc8de0f78c5487316be007adcf1
Closes-Bug: #1481787
Implements: blueprint ceph-block-devices
DocImpact
Currently the playbooks do not allow Ceph to be configured as a backend
for Cinder, Glance or Nova. This commit adds a new role called
ceph_client to do the required configuration of the hosts and updates
the service roles to include the required configuration file changes.
This commit requires that a Ceph cluster already exists and does not
make any changes to that cluster.
ceph_client role, run on the OpenStack service hosts
- configures the Ceph apt repo
- installs any required Ceph dependencies
- copies the ceph.conf file and appropriate keyring file to /etc/ceph
- creates the necessary libvirt secrets
os_glance role
glance-api.conf will set the following variables for Ceph:
- [DEFAULT]/show_image_direct_url
- [glance_store]/stores
- [glance_store]/rbd_store_pool
- [glance_store]/rbd_store_user
- [glance_store]/rbd_store_ceph_conf
- [glance_store]/rbd_store_chunk_size
os_nova role
nova.conf will set the following variables for Ceph:
- [libvirt]/rbd_user
- [libvirt]/rbd_secret_uuid
- [libvirt]/images_type
- [libvirt]/images_rbd_pool
- [libvirt]/images_rbd_ceph_conf
- [libvirt]/inject_password
- [libvirt]/inject_key
- [libvirt]/inject_partition
- [libvirt]/live_migration_flag
os_cinder is not updated because ceph is defined as a backend and that
is generated from a dictionary of the config, for an example backend
config, see etc/openstack_deploy/openstack_user_config.yml.example
pw-token-gen.py is updated so that variables ending in uuid are assigned
a UUID.
DocImpact
Implements: blueprint ceph-block-devices
Closes-Bug: #1455238
Change-Id: Ie484ce0bbb93adc53c30be32f291aa5058b20028