openstack/devstack-plugin-ceph
Code Issues Proposed changes
c96d07cada
devstack-plugin-ceph/devstack/lib/cephadm

801 lines
26 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# lib/cephadm
# Functions to control the configuration
# and operation of the **Ceph** storage service
# when deployed using the cephadm tool
# ``stack.sh`` calls the entry points in this order:
#
# - pre_install_ceph
# - install_ceph
# - configure_ceph
# - init_ceph
# - cleanup_ceph # unstack || clean
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# GENERIC CEPHADM INTERNAL OPTIONS, DO NOT EDIT
CEPH_RELEASE=${CEPH_RELEASE:-reef}
CEPH_PUB_KEY="/etc/ceph/ceph.pub"
CEPH_CONFIG="/etc/ceph/ceph.conf"
BOOTSTRAP_CONFIG="$HOME/bootstrap_ceph.conf"
CEPH_KEYRING="/etc/ceph/ceph.client.admin.keyring"
TARGET_BIN=/usr/bin
# TOGGLED IN THE CI TO SAVE RESOURCES
DISABLE_CEPHADM_POST_DEPLOY=${DISABLE_CEPHADM_POST_DEPLOY:-False}
# DEFAULT OPTIONS
ATTEMPTS=30
CONTAINER_IMAGE=${CONTAINER_IMAGE:-'quay.io/ceph/ceph:v18.2'}
DEVICES=()
if [[ "$REMOTE_CEPH" = "False" ]]; then
FSID=$(uuidgen)
else
FSID=$(cat $CEPH_CONFIG | grep fsid | awk 'BEGIN { RS = "fsid = "} ; { print $0 }' - )
fi
KEY_EXPORT_DIR="/etc/ceph"
KEYS=("client.openstack") # at least the client.openstack default key should be created
MIN_OSDS=1
SERVICES=()
SLEEP=5
CEPHADM_DEV_OSD=${CEPHADM_DEV_OSD:-"True"}
CEPH_LOOPBACK_DISK_SIZE=${CEPH_LOOPBACK_DISK_SIZE:-30G}
TARGET_DEV_OSD_DIR=${TARGET_DEV_OSD_DIR:-"/opt/stack"}
# POOLS
DEFAULT_PG_NUM=${DEFAULT_PG_NUM:-8}
DEFAULT_PGP_NUM=${DEFAULT_PGP_NUM:-8}
# RGW OPTIONS
RGW_PORT=8080
# CLIENT CONFIG
CEPH_CLIENT_CONFIG=$HOME/ceph_client.conf
CEPH_CONF_DIR=${CEPH_CONF_DIR:-/etc/ceph}
# The resulting client config pointed by the other clients
CEPH_CONF_FILE=${CEPH_CONF_FILE:-$CEPH_CONF_DIR/ceph.conf}
# LOG(s) and EXPORTED CONFIG FILES
EXPORT=$HOME/ceph_export.yml
RBD_CLIENT_LOG=/var/log/ceph/qemu-guest-\$pid.log
MDS_LOG_FILE="$HOME/mds_log.conf"
MDS_LOGS=${MDS_LOGS:-"False"}
# MANILA DEFAULTS
MANILA_CEPH_USER=${MANILA_CEPH_USER:-manila}
# NFS OPTIONS: Only apply when ENABLE_CEPH_MANILA=True
# Whether or not cephadm should deploy/manage NFS-Ganesha? If set to False,
# we'll deploy a "standalone" NFS Ganesha instead, not managed by cephadm.
CEPHADM_DEPLOY_NFS=${CEPHADM_DEPLOY_NFS:-True}
# Clustered NFS Options
FSNAME=${FSNAME:-'cephfs'}
NFS_PORT=2049
CEPHFS_CLIENT=0
CEPHFS_CLIENT_NAME="client.$MANILA_CEPH_USER"
CEPHFS_CLIENT_LOG="/var/log/ceph-$CEPHFS_CLIENT_NAME.log"
CEPHFS_MULTIPLE_FILESYSTEMS=${CEPHFS_MULTIPLE_FILESYSTEMS:-False}
VIP=$CEPH_INGRESS_IP
# GLANCE DEFAULTS
GLANCE_CEPH_USER=${GLANCE_CEPH_USER:-glance}
GLANCE_CEPH_POOL=${GLANCE_CEPH_POOL:-images}
GLANCE_RGW_BACKEND=${GLANCE_RGW_BACKEND:-False}
# Cinder DEFAULTS
CINDER_CEPH_POOL=${CINDER_CEPH_POOL:-volumes}
CINDER_CEPH_USER=${CINDER_CEPH_USER:-cinder}
CINDER_CEPH_UUID=${CINDER_CEPH_UUID:-$(uuidgen)}
# Enables new features such as Clone v2 API, which allows proper handling of
# deleting snapshots with child clone images.
CEPH_MIN_CLIENT_VERSION=${CEPH_MIN_CLIENT_VERSION:-mimic}
# Cinder Backup DEFAULTS
CINDER_BAK_CEPH_POOL=${CINDER_BAK_CEPH_POOL:-backups}
CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
# Nova DEFAUTLS
NOVA_CEPH_POOL=${NOVA_CEPH_POOL:-vms}
[ -z "$SUDO" ] && SUDO=sudo
## Admin
# Admin: enable debug mode
function set_debug {
if [ "$DEBUG" -eq 1 ]; then
echo "[CEPHADM] Enabling Debug mode"
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set mgr mgr/cephadm/log_to_cluster_level debug
echo "[CEPHADM] See debug logs running: ceph -W cephadm --watch-debug"
fi
}
function enable_verbose_mds_logging {
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set mds debug_mds 20
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set mds debug_ms 20
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set mds debug_client 20
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set mds log_to_file true
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set global mon_cluster_log_to_file true
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph config set global log_to_file true
touch "$MDS_LOG_FILE"
cat <<EOF > "$MDS_LOG_FILE"
LOG {
COMPONENTS {
ALL = FULL_DEBUG;
}
}
EOF
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -m $MDS_LOG_FILE -- ceph nfs cluster config set "$FSNAME" \
-i /mnt/mds_log.conf
}
# Admin: check ceph cluster status
function check_cluster_status {
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph -s -f json-pretty
}
# Admin: export ceph cluster config spec
function export_spec {
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph orch ls --export > "$EXPORT"
echo "Ceph cluster config exported: $EXPORT"
}
# Pre-install ceph: install required dependencies
function install_deps {
if [[ "$REMOTE_CEPH" = "False" ]]; then
install_package python3-cephfs python3-prettytable python3-rados python3-rbd python3-requests
fi
}
# Pre-install ceph: get cephadm binary
function get_cephadm {
# NOTE(gouthamr): cephadm binary here is a python executable, and the
# $os_PACKAGE ("rpm") doesn't really matter. There is no ubuntu/debian
# equivalent being published by the ceph community.
os_release="el9"
ceph_version=$(_get_ceph_version)
case $CEPH_RELEASE in
pacific|octopus)
os_release="el8";;
esac
curl -f -O https://download.ceph.com/rpm-${ceph_version}/${os_release}/noarch/cephadm
$SUDO mv cephadm $TARGET_BIN
$SUDO chmod +x $TARGET_BIN/cephadm
echo "[GET CEPHADM] cephadm is now available"
if [ -z "$CEPHADM" ]; then
CEPHADM=${TARGET_BIN}/cephadm
fi
}
# Pre-install ceph: bootstrap config
function bootstrap_config {
cat <<EOF > "$BOOTSTRAP_CONFIG"
[global]
log to file = true
osd crush chooseleaf type = 0
osd_pool_default_size = 1
[mon]
mon_warn_on_pool_no_redundancy = False
[osd]
osd_memory_target_autotune = true
osd_numa_auto_affinity = true
[mgr]
mgr/cephadm/autotune_memory_target_ratio = 0.2
EOF
}
## Install
# Install ceph: run cephadm bootstrap
function start_ceph {
cluster=$(sudo cephadm ls | jq '.[]' | jq 'select(.name | test("^mon*")).fsid')
if [ -z "$cluster" ]; then
$SUDO "$CEPHADM" --image "$CONTAINER_IMAGE" \
bootstrap \
--fsid $FSID \
--config "$BOOTSTRAP_CONFIG" \
--output-config $CEPH_CONFIG \
--output-keyring $CEPH_KEYRING \
--output-pub-ssh-key $CEPH_PUB_KEY \
--allow-overwrite \
--allow-fqdn-hostname \
--skip-monitoring-stack \
--skip-dashboard \
--single-host-defaults \
--skip-firewalld \
--skip-mon-network \
--mon-ip "$HOST_IP"
test -e $CEPH_CONFIG
test -e $CEPH_KEYRING
if [ "$CEPHADM_DEV_OSD" == 'True' ]; then
create_osd_dev
fi
# Wait cephadm backend to be operational
# and add osds via drivegroups
sleep "$SLEEP"
add_osds
fi
}
# Install ceph: create a loopback device to be used as osd
function create_osd_dev {
sudo dd if=/dev/zero of=$TARGET_DEV_OSD_DIR/ceph-osd.img bs=1 count=0 seek="$CEPH_LOOPBACK_DISK_SIZE"
osd_dev=$(sudo losetup -f --show $TARGET_DEV_OSD_DIR/ceph-osd.img)
sudo pvcreate $osd_dev
sudo vgcreate ceph_vg $osd_dev
sudo lvcreate -n ceph_lv_data -l +100%FREE ceph_vg
DEVICES+=("/dev/ceph_vg/ceph_lv_data")
}
# cleanup ceph: delete the osd file and release the loopback device
function delete_osd_dev {
if [ $(sudo lvs --noheadings -o lv_path -S lv_name=ceph_lv_data) ]; then
sudo lvremove --force /dev/ceph_vg/ceph_lv_data
sudo vgremove --force ceph_vg
osd_dev=$(sudo losetup -j $TARGET_DEV_OSD_DIR/ceph-osd.img -l -n -O NAME)
sudo pvremove --force $osd_dev
sudo losetup -d $osd_dev
sudo rm -f $TARGET_DEV_OSD_DIR/ceph-osd.img
sudo partprobe
DEVICES=()
fi
}
# Install ceph: add osds
function add_osds {
# let's add some osds
if [ -z "$DEVICES" ]; then
echo "Using ALL available devices"
$SUDO "$CEPHADM" shell ceph orch apply osd --all-available-devices
else
for item in "${DEVICES[@]}"; do
echo "Creating osd $item on node $HOSTNAME"
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph orch daemon add osd "$HOSTNAME:$item"
done
fi
while [ "$ATTEMPTS" -ne 0 ]; do
num_osds=$($SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph -s -f json | jq '.osdmap | .num_up_osds')
if [ "$num_osds" -ge "$MIN_OSDS" ]; then
break;
fi
ATTEMPTS=$(("$ATTEMPTS" - 1))
sleep 1
done
echo "[CEPHADM] OSD(s) deployed: $num_osds"
# [ "$num_osds" -lt "$MIN_OSDS" ] && exit 255
}
# Install ceph: create and enable pools
function add_pools {
[ "${#POOLS[@]}" -eq 0 ] && return;
for pool in "${POOLS[@]}"; do
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph osd pool create "$pool" "$DEFAULT_PG_NUM" \
"$DEFAULT_PGP_NUM" replicated --autoscale-mode on
# set the application to the pool (which also means rbd init the pool)
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph osd pool application enable "$pool" rbd
done
}
# Utility: build caps according to the generated pools
function build_caps {
local CAPS=""
for pool in "${POOLS[@]}"; do
caps="allow rwx pool="$pool
CAPS+=$caps,
done
echo "${CAPS::-1}"
}
# Install ceph: create a keyring
function _create_key {
local name=$1
local caps
local osd_caps
if [ "${#POOLS[@]}" -eq 0 ]; then
osd_caps="allow *"
else
caps=$(build_caps)
osd_caps="allow class-read object_prefix rbd_children, $caps"
fi
$SUDO "$CEPHADM" shell -v "$KEY_EXPORT_DIR:$KEY_EXPORT_DIR" --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph auth get-or-create "$name" mgr "allow rw" mon "allow r" osd "$osd_caps" \
-o "$KEY_EXPORT_DIR/ceph.$name.keyring"
$SUDO chown ${STACK_USER}:$(id -g -n $whoami) \
${CEPH_CONF_DIR}/ceph.$name.keyring
}
# Install ceph: create one or more keyrings
function create_keys {
for key_name in "${KEYS[@]}"; do
echo "Creating key $key_name"
_create_key "$key_name"
done
}
# Install ceph: add MDS
function cephfs_config {
# Two pools are generated by this action
# - cephfs.$FSNAME.data
# - cephfs.$FSNAME.meta
# and the mds daemon is deployed
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph fs volume create "$FSNAME"
}
# Get Ceph version
function _get_ceph_version {
local ceph_version_str
ceph_version_str=$(sudo podman run --rm --entrypoint ceph $CONTAINER_IMAGE \
--version | awk '{ print $3 }')
echo $ceph_version_str
}
function _install_and_configure_clustered_nfs {
local ceph_version
ceph_version=$(_get_ceph_version)
echo "[CEPHADM] Deploy nfs.$FSNAME backend"
if [ "${ceph_version%%\.*}" -ge 18 ]; then
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph nfs cluster create \
"$FSNAME" "$HOSTNAME" --port $NFS_PORT --ingress \
--ingress-mode haproxy-protocol --virtual_ip $VIP
else
echo "[CEPHADM] Ingress service is not deployed \
to preserve the ability to apply client restrictions."
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph nfs cluster create \
"$FSNAME" "$HOSTNAME" --port $NFS_PORT
fi
}
function _install_and_configure_standalone_nfs {
source $CEPH_PLUGIN_DIR/lib/common
install_nfs_ganesha
configure_nfs_ganesha
start_nfs_ganesha
}
# Install ceph: add NFS
function ceph_nfs_config {
if [[ "$CEPHADM_DEPLOY_NFS" == "True" ]]; then
_install_and_configure_clustered_nfs
else
_install_and_configure_standalone_nfs
fi
}
function _create_swift_endpoint {
local swift_service
swift_service=$(get_or_create_service "swift" "object-store" "Swift Service")
local swift_endpoint
swift_endpoint="$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:${CEPH_RGW_PORT}/swift/v1"
get_or_create_endpoint $swift_service \
"$REGION_NAME" $swift_endpoint $swift_endpoint $swift_endpoint
}
# RGW pre config
function configure_ceph_embedded_rgw {
# keystone endpoint for radosgw
_create_swift_endpoint
# Create radosgw service user with admin privileges
create_service_user "radosgw" "admin"
if [ "$CEPH_RGW_KEYSTONE_SSL" = "True" ]; then
# radosgw needs to access keystone's revocation list
sudo mkdir -p ${dest}/nss
sudo openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | \
sudo certutil -d ${dest}/nss -A -n ca -t "TCu,Cu,Tuw"
sudo openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | \
sudo certutil -A -d ${dest}/nss -n signing_cert -t "P,P,P"
fi
}
# General Ceph utility to set config options within the monitor's config database
function set_config_key {
local section=$1
local key=$2
local value=$3
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
ceph config set ${section} ${key} ${value}
}
# RGW config keys: no iniset anymore, everything is pushed as mgr key/value
function configure_rgw_ceph_section {
# RGW KEYSTONE KEYS
declare -A RGW_CONFIG_KEYS
RGW_CONFIG_KEYS=(['rgw_keystone_api_version']=3
['rgw_keystone_url']="$KEYSTONE_SERVICE_URI"
['rgw_keystone_accepted_roles']="member, _member_, Member, admin"
['rgw_keystone_accepted_admin_roles']="ResellerAdmin"
['rgw_keystone_admin_domain']="$SERVICE_DOMAIN_NAME"
['rgw_keystone_admin_project']="$SERVICE_PROJECT_NAME"
['rgw_keystone_admin_user']="radosgw"
['rgw_s3_auth_use_keystone']="true"
['rgw_keystone_admin_password']="$SERVICE_PASSWORD"
['rgw_keystone_verify_ssl']="false"
['rgw_keystone_implicit_tenants']="true"
['rgw_swift_versioning_enabled']="true"
['rgw_swift_enforce_content_length']="true"
['rgw_swift_account_in_url']="true"
['rgw_trust_forwarded_https']="true"
['rgw_max_attr_name_len']=128
['rgw_max_attrs_num_in_req']=90
['rgw_max_attr_size']=256
)
for k in ${!RGW_CONFIG_KEYS[@]}; do
set_config_key "global" ${k} ${RGW_CONFIG_KEYS[$k]}
done
}
# Install ceph: add RGW
function rgw {
configure_ceph_embedded_rgw
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph orch apply rgw default default default default \
"--placement=$HOSTNAME count:1" --port "$RGW_PORT"
configure_rgw_ceph_section
}
# TODO: (fpantano) Remove this hack
function start_ceph_embedded_rgw {
# noop
:
}
# Configure cephfs and ceph_nfs
function configure_ceph_manila {
# Deploy mds and configure cephfs
cephfs_config
# Deploy and configure ganesha
[ $MANILA_CEPH_DRIVER == 'cephfsnfs' ] && ceph_nfs_config
# Add manila keys to the list
KEYS+=("client.$MANILA_CEPH_USER")
}
# Install ceph: services deployment
function enable_services {
for item in "${SERVICES[@]}"; do
case "$item" in
cephfs|CEPHFS)
echo "[CEPHADM] Config cephfs volume on node $HOSTNAME"
cephfs_config
CEPHFS_CLIENT=1
;;
nfs|NFS)
echo "[CEPHADM] Deploying NFS on node $HOSTNAME"
ceph_nfs_config
CEPHFS_CLIENT=1
;;
rgw|RGW)
echo "[CEPHADM] Deploying RGW on node $HOSTNAME"
rgw
;;
esac
done
}
# Install ceph: client config
function client_config {
echo "Dump the minimal ceph.conf"
cp $CEPH_CONFIG "$CEPH_CLIENT_CONFIG"
cat >> "$CEPH_CLIENT_CONFIG" <<-EOF
[client.libvirt]
admin socket = /var/run/ceph/\$cluster-\$type.\$id.\$pid.\$cctid.asok
log file = $RBD_CLIENT_LOG
EOF
if [ "$CEPHFS_CLIENT" -eq 1 ]; then
cat >> "$CEPH_CLIENT_CONFIG" <<-EOF
[$CEPHFS_CLIENT_NAME]
client mount uid = 0
client mount gid = 0
log file = $CEPHFS_CLIENT_LOG
admin socket = /var/run/ceph/\$cluster-\$type.\$id.\$pid.\$cctid.asok
keyring = $KEY_EXPORT_DIR/ceph.$CEPHFS_CLIENT_NAME.keyring
EOF
echo "Client config exported: $CEPH_CLIENT_CONFIG"
fi
# Nova resolves the keyring using the pattern $cluster.conf
# For this reason we need to override the content of the
# generated (minimal) ceph.conf with the client part.
$SUDO cp $CEPH_CLIENT_CONFIG $CEPH_CONF_FILE
}
## Remove ceph
# Remove ceph: remove cluster and zap osds
function stop_ceph {
local cluster_deleted
local timeout
if ! [ -x "$CEPHADM" ]; then
get_cephadm
CEPHADM=${TARGET_BIN}/cephadm
fi
cluster_deleted=0
timeout=3
while : ; do
CLUSTER_FSID=$(sudo cephadm ls | jq '.[]' | jq 'select(.name | test("^mon*")).fsid' | tr -d \")
if [[ -n "$CLUSTER_FSID" ]]; then
sudo cephadm rm-cluster --zap-osds --fsid $CLUSTER_FSID --force
else
cluster_deleted=1
echo "[CEPHADM] Cluster deleted"
fi
$(( timeout-- ))
[[ "$cluster_deleted" -eq 0 && "$timeout" -eq 0 ]] && \
echo "[CEPHADM] Error deleting the cluster" && exit 255
[[ "$cluster_deleted" -eq 1 || "$timeout" -eq 0 ]] && break
done
}
## devstack-plugin-ceph functions
function pre_install_ceph {
# Check dependencies for the service.
install_deps
}
function install_ceph {
# Install the service.
bootstrap_config
get_cephadm
start_ceph
}
function config_glance {
if [[ "$GLANCE_RGW_BACKEND" = "True" && "$ENABLE_CEPH_RGW" = "True" ]]; then
# common glance accounts for swift
create_service_user "glance-swift" "ResellerAdmin"
iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
AUTH_URL=$KEYSTONE_SERVICE_URI/v$CEPH_RGW_IDENTITY_API_VERSION
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $AUTH_URL
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_name $SERVICE_DOMAIN_NAME
iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_name $SERVICE_DOMAIN_NAME
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version $CEPH_RGW_IDENTITY_API_VERSION
if [[ "$GLANCE_ENABLE_MULTIPLE_STORES" == "True" ]]; then
# NOTE(abhishekk): As this is all in one setup there will be only
# one swift instance available even if glance multiple store is enabled.
# We are assuming the store name as `swift_store`.
iniset $GLANCE_API_CONF glance_store default_backend "swift_store"
iniset $GLANCE_API_CONF "swift_store" swift_store_create_container_on_put True
iniset $GLANCE_API_CONF "swift_store" swift_store_config_file $GLANCE_SWIFT_STORE_CONF
iniset $GLANCE_API_CONF "swift_store" default_swift_reference ref1
else
iniset $GLANCE_API_CONF glance_store default_store swift
iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True
iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
fi
else
iniset $GLANCE_API_CONF DEFAULT show_multiple_locations True
if [[ "$GLANCE_ENABLE_MULTIPLE_STORES" == "True" ]]; then
# NOTE(abhishekk): As this is all in one setup there will be only
# one rbd instance available even if glance multiple store is enabled.
# We are assuming the store name as `robust_rbd`. Also we will set another
# file store 'fast' along with it as old setup also used to configure file
# store when rbd is enabled.
iniset $GLANCE_API_CONF DEFAULT enabled_backends "robust_rbd:rbd,fast:file"
iniset $GLANCE_API_CONF glance_store default_backend robust_rbd
iniset $GLANCE_API_CONF "robust_rbd" rbd_store_ceph_conf $CEPH_CONF_FILE
iniset $GLANCE_API_CONF "robust_rbd" rbd_store_user $GLANCE_CEPH_USER
iniset $GLANCE_API_CONF "robust_rbd" rbd_store_pool $GLANCE_CEPH_POOL
else
iniset $GLANCE_API_CONF glance_store default_store rbd
iniset $GLANCE_API_CONF glance_store stores "file, http, rbd"
iniset $GLANCE_API_CONF glance_store rbd_store_ceph_conf $CEPH_CONF_FILE
iniset $GLANCE_API_CONF glance_store rbd_store_user $GLANCE_CEPH_USER
iniset $GLANCE_API_CONF glance_store rbd_store_pool $GLANCE_CEPH_POOL
fi
fi
}
function config_nova {
iniset $NOVA_CONF libvirt rbd_user ${CINDER_CEPH_USER}
iniset $NOVA_CONF libvirt rbd_secret_uuid ${CINDER_CEPH_UUID}
iniset $NOVA_CONF libvirt inject_key false
iniset $NOVA_CONF libvirt inject_partition -2
iniset $NOVA_CONF libvirt disk_cachemodes "network=writeback"
iniset $NOVA_CONF libvirt images_type rbd
iniset $NOVA_CONF libvirt images_rbd_pool ${NOVA_CEPH_POOL}
iniset $NOVA_CONF libvirt images_rbd_ceph_conf ${CEPH_CONF_FILE}
}
function set_min_client_version {
if [ ! -z "$CEPH_MIN_CLIENT_VERSION" ]; then
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph osd set-require-min-compat-client ${CEPH_MIN_CLIENT_VERSION}
fi
}
# import_libvirt_secret_ceph() - Imports Cinder user key into libvirt
# so it can connect to the Ceph cluster while attaching a Cinder block device
function import_libvirt_secret_ceph {
[ "$ENABLE_CEPH_NOVA" == "False" ] && return;
NOVA_VIRSH_SECRET=$($SUDO cat ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring | awk '/key/ {print $3}')
cat <<EOF | sudo tee secret.xml>/dev/null
<secret ephemeral='no' private='no'>
<uuid>${CINDER_CEPH_UUID}</uuid>
<usage type='ceph'>
<name>client.${CINDER_CEPH_USER} secret</name>
</usage>
</secret>
EOF
$SUDO virsh secret-define --file secret.xml # 2>/dev/null
$SUDO virsh secret-set-value --secret ${CINDER_CEPH_UUID} \
--base64 ${NOVA_VIRSH_SECRET} # 2>/dev/null
$SUDO rm -f secret.xml
}
# _undefine_virsh_secret() - Undefine Cinder key secret from libvirt
function _undefine_virsh_secret {
local virsh_uuid
virsh_uuid=$($SUDO virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
echo $virsh_uuid
$SUDO virsh secret-undefine ${virsh_uuid} &>/dev/null
}
function configure_ceph {
if is_ceph_enabled_for_service manila; then
SERVICES+=('cephfs')
KEYS+=("client.$MANILA_CEPH_USER")
fi
[ "$MANILA_CEPH_DRIVER" == "cephfsnfs" ] && SERVICES+=('nfs')
if is_ceph_enabled_for_service glance; then
POOLS+=($GLANCE_CEPH_POOL)
KEYS+=("client.$GLANCE_CEPH_USER")
config_glance
fi
if is_ceph_enabled_for_service cinder; then
POOLS+=($CINDER_CEPH_POOL)
KEYS+=("client.$CINDER_CEPH_USER")
fi
if is_ceph_enabled_for_service c-bak; then
POOLS+=($CINDER_BAK_CEPH_POOL)
KEYS+=("client.$CINDER_BAK_CEPH_USER")
fi
if is_ceph_enabled_for_service nova; then
POOLS+=($NOVA_CEPH_POOL)
KEYS+=("client.$CINDER_CEPH_USER")
config_nova
fi
[ "$ENABLE_CEPH_RGW" == "True" ] && SERVICES+=('rgw')
enable_services
if [[ "$REMOTE_CEPH" = "False" ]]; then
add_pools
create_keys
fi
client_config
import_libvirt_secret_ceph
if [[ "$DISABLE_CEPHADM_POST_DEPLOY" == "True" ]]; then
disable_cephadm
fi
}
# Hack: remove this function at some point
function configure_ceph_manila {
# noop
:
}
function cleanup_ceph {
# Cleanup the service.
if [[ "$REMOTE_CEPH" == "True" ]]; then
echo "Remote Ceph cluster, skipping stop_ceph and delete_osd_dev"
else
stop_ceph
delete_osd_dev
fi
# purge ceph config file and keys
$SUDO rm -f ${CEPH_CONF_DIR}/*
if is_ceph_enabled_for_service nova; then
_undefine_virsh_secret
fi
if [[ "$CEPHADM_DEPLOY_NFS" != "True" ]]; then
stop_nfs_ganesha
cleanup_nfs_ganesha
cleanup_repo_nfs_ganesha
fi
}
function disable_cephadm {
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph orch set backend
$SUDO "$CEPHADM" shell --fsid $FSID --config $CEPH_CONFIG \
--keyring $CEPH_KEYRING -- ceph mgr module disable cephadm
}
# is_ceph_enabled_for_service() - checks whether the OpenStack service
# specified as an argument is enabled with Ceph as its storage backend.
function is_ceph_enabled_for_service {
local config config_name enabled service
enabled=1
service=$1
# Construct the global variable ENABLE_CEPH_.* corresponding to a
# $service.
config_name=ENABLE_CEPH_$(echo $service | \
tr '[:lower:]' '[:upper:]' | tr '-' '_')
config=$(eval echo "\$$config_name")
if (is_service_enabled $service) && [[ $config == 'True' ]]; then
enabled=0
fi
return $enabled
}
# Restore xtrace
$XTRACE
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End:
View Git Blame Copy Permalink