Browse Source

Fix support for cinder ceph rbd in Ocata

As of Ocata, the ceph key used to access a specific Cinder
Ceph backend must match the name of the key used by cinder,
with an appropriate secret configured for libvirt use with
the cephx key used by the cinder-ceph charm.

Add support for the new ceph-access relation to allow
nova-compute units to communicate with multiple ceph
backends using different cephx keys and user names.

The side effect of this change is that nova-compute will
have a key for use with its own ephemeral backend ceph
access, and a key for each cinder ceph backend configured
in the deployment.

Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a
Closes-Bug: 1671422
changes/09/443609/1
James Page 2 years ago
parent
commit
1467cbb1b3
5 changed files with 73 additions and 0 deletions
  1. +1
    -0
      hooks/ceph-access-relation-changed
  2. +23
    -0
      hooks/nova_compute_hooks.py
  3. +1
    -0
      hooks/nova_compute_utils.py
  4. +2
    -0
      metadata.yaml
  5. +46
    -0
      unit_tests/test_nova_compute_hooks.py

+ 1
- 0
hooks/ceph-access-relation-changed View File

@@ -0,0 +1 @@
nova_compute_hooks.py

+ 23
- 0
hooks/nova_compute_hooks.py View File

@@ -18,6 +18,7 @@ import platform
import sys
import uuid
import yaml
import os


import charmhelpers.core.unitdata as unitdata
@@ -29,6 +30,7 @@ from charmhelpers.core.hookenv import (
log,
ERROR,
relation_ids,
remote_service_name,
related_units,
relation_get,
relation_set,
@@ -36,6 +38,9 @@ from charmhelpers.core.hookenv import (
UnregisteredHookError,
status_set,
)
from charmhelpers.core.templating import (
render
)
from charmhelpers.core.host import (
service_restart,
)
@@ -79,6 +84,7 @@ from nova_compute_utils import (
register_configs,
NOVA_CONF,
ceph_config_file, CEPH_SECRET,
CEPH_BACKEND_SECRET,
enable_shell, disable_shell,
configure_lxd,
fix_path_ownership,
@@ -527,6 +533,23 @@ def designate_changed():
CONFIGS.write(NOVA_CONF)


@hooks.hook('ceph-access-relation-changed')
def ceph_access(rid=None, unit=None):
'''Setup libvirt secret for specific ceph backend access'''
key = relation_get('key', unit, rid)
uuid = relation_get('secret-uuid', unit, rid)
if config('virt-type') in ['kvm', 'qemu', 'lxc'] and key and uuid:
secrets_filename = CEPH_BACKEND_SECRET.format(
remote_service_name(rid)
)
render(os.path.basename(CEPH_SECRET), secrets_filename,
context={'ceph_secret_uuid': uuid,
'service_name': remote_service_name(rid)})
create_libvirt_secret(secret_file=secrets_filename,
secret_uuid=uuid,
key=key)


@hooks.hook('update-status')
@harden()
def update_status():

+ 1
- 0
hooks/nova_compute_utils.py View File

@@ -272,6 +272,7 @@ LIBVIRT_RESOURCE_MAP = {
LIBVIRT_RESOURCE_MAP.update(BASE_RESOURCE_MAP)

CEPH_SECRET = '/etc/ceph/secret.xml'
CEPH_BACKEND_SECRET = '/etc/ceph/secret-{}.xml'

CEPH_RESOURCES = {
CEPH_SECRET: {

+ 2
- 0
metadata.yaml View File

@@ -50,6 +50,8 @@ requires:
ephemeral-backend:
interface: ephemeral-backend
scope: container
ceph-access:
interface: cinder-ceph-key
peers:
compute-peer:
interface: nova

+ 46
- 0
unit_tests/test_nova_compute_hooks.py View File

@@ -50,6 +50,7 @@ TO_PATCH = [
'relation_set',
'service_name',
'related_units',
'remote_service_name',
# charmhelpers.core.host
'apt_install',
'apt_purge',
@@ -97,6 +98,8 @@ TO_PATCH = [
'uuid',
# unitdata
'unitdata',
# templating
'render',
]


@@ -739,3 +742,46 @@ class NovaComputeRelationsTests(CharmTestCase):
mock_kv.set.assert_called_with('restart-nonce',
'nonce')
self.assertTrue(mock_kv.flush.called)

def test_ceph_access_incomplete(self):
self.relation_get.return_value = None
self.test_config.set('virt-type', 'kvm')
hooks.ceph_access()
self.relation_get.assert_has_calls([
call('key', None, None),
call('secret-uuid', None, None),
])
self.render.assert_not_called()
self.create_libvirt_secret.assert_not_called()

def test_ceph_access_lxd(self):
self.relation_get.side_effect = ['mykey', 'uuid2']
self.test_config.set('virt-type', 'lxd')
hooks.ceph_access()
self.relation_get.assert_has_calls([
call('key', None, None),
call('secret-uuid', None, None),
])
self.render.assert_not_called()
self.create_libvirt_secret.assert_not_called()

def test_ceph_access_complete(self):
self.relation_get.side_effect = ['mykey', 'uuid2']
self.remote_service_name.return_value = 'cinder-ceph'
self.test_config.set('virt-type', 'kvm')
hooks.ceph_access()
self.relation_get.assert_has_calls([
call('key', None, None),
call('secret-uuid', None, None),
])
self.render.assert_called_with(
'secret.xml',
'/etc/ceph/secret-cinder-ceph.xml',
context={'ceph_secret_uuid': 'uuid2',
'service_name': 'cinder-ceph'}
)
self.create_libvirt_secret.assert_called_with(
secret_file='/etc/ceph/secret-cinder-ceph.xml',
secret_uuid='uuid2',
key='mykey',
)

Loading…
Cancel
Save