From 99c7eb1997c0be788a99aae433354ebce6b438d2 Mon Sep 17 00:00:00 2001 From: Sam Yaple Date: Mon, 21 Sep 2015 16:33:46 +0000 Subject: [PATCH] Make OpenStack use Ceph This implements all the openstack pieces needed to make ceph work. DocImpact Change-Id: I1d24476a966602cf955e5ef872b0efb01319894a Partially-Implements: blueprint ceph-container Implements: blueprint kolla-live-migration --- ansible/group_vars/all.yml | 2 +- ansible/roles/cinder/meta/main.yml | 3 + ansible/roles/cinder/tasks/ceph.yml | 60 ++++++++++++++++++ ansible/roles/cinder/tasks/main.yml | 19 ++++++ .../cinder/templates/cinder-volume.json.j2 | 14 ++++- ansible/roles/cinder/templates/cinder.conf.j2 | 27 +++++++- ansible/roles/common/tasks/main.yml | 1 - ansible/roles/glance/meta/main.yml | 2 +- ansible/roles/glance/tasks/ceph.yml | 35 +++++++++++ ansible/roles/glance/tasks/main.yml | 11 ++++ .../roles/glance/templates/glance-api.conf.j2 | 12 ++++ .../roles/glance/templates/glance-api.json.j2 | 14 ++++- ansible/roles/nova/meta/main.yml | 2 +- ansible/roles/nova/tasks/ceph.yml | 63 +++++++++++++++++++ ansible/roles/nova/tasks/config.yml | 6 ++ ansible/roles/nova/tasks/main.yml | 23 +++++++ ansible/roles/nova/tasks/start.yml | 1 + ansible/roles/nova/templates/libvirtd.conf.j2 | 11 ++++ .../roles/nova/templates/nova-compute.json.j2 | 14 ++++- .../roles/nova/templates/nova-libvirt.json.j2 | 23 ++++++- ansible/roles/nova/templates/nova.conf.j2 | 12 ++++ ansible/roles/nova/templates/secret.xml.j2 | 6 ++ ansible/site.yml | 6 +- docker/cinder/cinder-base/Dockerfile.j2 | 7 ++- docker/glance/glance-base/Dockerfile.j2 | 9 +++ docker/nova/nova-compute/Dockerfile.j2 | 7 ++- docker/nova/nova-libvirt/Dockerfile.j2 | 5 +- docker/nova/nova-libvirt/start.sh | 7 --- etc/kolla/passwords.yml | 1 + 29 files changed, 378 insertions(+), 25 deletions(-) create mode 100644 ansible/roles/cinder/meta/main.yml create mode 100644 ansible/roles/cinder/tasks/ceph.yml create mode 100644 ansible/roles/glance/tasks/ceph.yml create mode 100644 ansible/roles/nova/tasks/ceph.yml create mode 100644 ansible/roles/nova/templates/libvirtd.conf.j2 create mode 100644 ansible/roles/nova/templates/secret.xml.j2 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index e4e903f9f1..a7f7c408e4 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -163,4 +163,4 @@ haproxy_user: "openstack" ################################# # Cinder - Block Storage options ################################# -cinder_volume_driver: "lvm" +cinder_volume_driver: "{{ 'ceph' if enable_ceph | bool else 'lvm' }}" diff --git a/ansible/roles/cinder/meta/main.yml b/ansible/roles/cinder/meta/main.yml new file mode 100644 index 0000000000..f428dc64ec --- /dev/null +++ b/ansible/roles/cinder/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common, project_yaml: 'cinder.yml' } diff --git a/ansible/roles/cinder/tasks/ceph.yml b/ansible/roles/cinder/tasks/ceph.yml new file mode 100644 index 0000000000..ac7fc75fb9 --- /dev/null +++ b/ansible/roles/cinder/tasks/ceph.yml @@ -0,0 +1,60 @@ +--- +- name: Ensuring config directory exists + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + with_items: + - "cinder-volume" + - "cinder-backup" + when: inventory_hostname in groups['cinder-volume'] + +- name: Copying over config(s) + template: + src: roles/ceph/templates/ceph.conf.j2 + dest: "{{ node_config_directory }}/{{ item }}/ceph.conf" + with_items: + - "cinder-volume" + - "cinder-backup" + when: inventory_hostname in groups['cinder-volume'] + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Creating ceph pool for cinder + command: docker exec -it ceph_mon ceph osd pool create volumes 128 + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + failed_when: False + run_once: True + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Creating ceph pool for cinder-backup + command: docker exec -it ceph_mon ceph osd pool create backups 128 + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + failed_when: False + run_once: True + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Pulling cephx keyring for cinder + command: docker exec -it ceph_mon ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' + register: cephx_key_cinder + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + run_once: True + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Pulling cephx keyring for cinder-backup + command: docker exec -it ceph_mon ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups' + register: cephx_key_cinder_backup + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + run_once: True + +- name: Pushing cephx keyring + copy: + content: "{{ item.content }}\n\r" + dest: "{{ node_config_directory }}/{{ item.service_name }}/ceph.client.{{ item.key_name }}.keyring" + mode: "0600" + with_items: + - { service_name: "cinder-volume", key_name: "cinder", content: "{{ cephx_key_cinder.stdout }}" } + - { service_name: "cinder-backup", key_name: "cinder-backup", content: "{{ cephx_key_cinder_backup.stdout }}" } + when: inventory_hostname in groups['cinder-volume'] diff --git a/ansible/roles/cinder/tasks/main.yml b/ansible/roles/cinder/tasks/main.yml index 5c48120b7c..4c44e7aecd 100644 --- a/ansible/roles/cinder/tasks/main.yml +++ b/ansible/roles/cinder/tasks/main.yml @@ -1,8 +1,27 @@ --- +- include: ceph.yml + when: enable_ceph | bool + - include: register.yml + when: inventory_hostname in groups['cinder-api'] or + inventory_hostname in groups['cinder-volume'] or + inventory_hostname in groups['cinder-scheduler'] or + inventory_hostname in groups['cinder-backup'] - include: config.yml + when: inventory_hostname in groups['cinder-api'] or + inventory_hostname in groups['cinder-volume'] or + inventory_hostname in groups['cinder-scheduler'] or + inventory_hostname in groups['cinder-backup'] - include: bootstrap.yml + when: inventory_hostname in groups['cinder-api'] or + inventory_hostname in groups['cinder-volume'] or + inventory_hostname in groups['cinder-scheduler'] or + inventory_hostname in groups['cinder-backup'] - include: start.yml + when: inventory_hostname in groups['cinder-api'] or + inventory_hostname in groups['cinder-volume'] or + inventory_hostname in groups['cinder-scheduler'] or + inventory_hostname in groups['cinder-backup'] diff --git a/ansible/roles/cinder/templates/cinder-volume.json.j2 b/ansible/roles/cinder/templates/cinder-volume.json.j2 index 20dc6b5383..780251728c 100644 --- a/ansible/roles/cinder/templates/cinder-volume.json.j2 +++ b/ansible/roles/cinder/templates/cinder-volume.json.j2 @@ -6,6 +6,18 @@ "dest": "/etc/cinder/cinder.conf", "owner": "cinder", "perm": "0600" - } + }{% if enable_ceph | bool %}, + { + "source": "/opt/kolla/config_files/ceph.client.cinder.keyring", + "dest": "/etc/ceph/ceph.client.cinder.keyring", + "owner": "cinder", + "perm": "0600" + }, + { + "source": "/opt/kolla/config_files/ceph.conf", + "dest": "/etc/ceph/ceph.conf", + "owner": "cinder", + "perm": "0600" + }{% endif %} ] } diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 7ad5fe76bd..9fa0d763bc 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -1,12 +1,18 @@ [DEFAULT] verbose = true debug = true + use_syslog = True syslog_log_facility = LOG_LOCAL0 + enable_v1_api=false volume_name_template = %s + glance_api_servers = http://{{ kolla_internal_address }}:{{ glance_api_port }} +glance_api_version = 2 + os_region_name = {{ openstack_region_name }} + {% if cinder_volume_driver == "lvm" %} default_volume_type = lvmdriver-1 enabled_backends = lvmdriver-1 @@ -14,10 +20,24 @@ enabled_backends = lvmdriver-1 default_volume_type = rbd-1 enabled_backends = rbd-1 {% endif %} + +{% if service_name == "cinder-backup" and cinder_volume_driver == "ceph" %} +backup_driver = cinder.backup.drivers.ceph +backup_ceph_conf = /etc/ceph/ceph.conf +backup_ceph_user = cinder-backup +backup_ceph_chunk_size = 134217728 +backup_ceph_pool = backups +backup_ceph_stripe_unit = 0 +backup_ceph_stripe_count = 0 +restore_discard_excess_bytes = true +{% endif %} + osapi_volume_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} osapi_volume_listen_port = {{ cinder_api_port }} + api_paste_config = /etc/cinder/api-paste.ini nova_catalog_info = compute:nova:internalURL + auth_strategy = keystone [database] @@ -52,7 +72,12 @@ volume_backend_name = lvmdriver-1 [rbd-1] volume_driver = cinder.volume.drivers.rbd.RBDDriver rbd_pool = volumes +rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_flatten_volume_from_snapshot = false +rbd_max_clone_depth = 5 +rbd_store_chunk_size = 4 +rados_connect_timeout = -1 rbd_user = cinder -rbd_secret_uuid = {{ metadata_secret }} +rbd_secret_uuid = {{ rbd_secret_uuid }} {% endif %} diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index 81a6a0525a..1f16915ad9 100755 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -2,4 +2,3 @@ - include: config.yml - include: start.yml - diff --git a/ansible/roles/glance/meta/main.yml b/ansible/roles/glance/meta/main.yml index 6b4fff8fef..d7f2317aa9 100644 --- a/ansible/roles/glance/meta/main.yml +++ b/ansible/roles/glance/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - { role: common } + - { role: common, project_yaml: 'glance.yml' } diff --git a/ansible/roles/glance/tasks/ceph.yml b/ansible/roles/glance/tasks/ceph.yml new file mode 100644 index 0000000000..904bd3340d --- /dev/null +++ b/ansible/roles/glance/tasks/ceph.yml @@ -0,0 +1,35 @@ +--- +- name: Ensuring config directory exists + file: + path: "{{ node_config_directory }}/glance-api" + state: "directory" + when: inventory_hostname in groups['glance-api'] + +- name: Copying over config(s) + template: + src: roles/ceph/templates/ceph.conf.j2 + dest: "{{ node_config_directory }}/glance-api/ceph.conf" + when: inventory_hostname in groups['glance-api'] + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Creating ceph pool for glance + command: docker exec -it ceph_mon ceph osd pool create images 128 + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + failed_when: False + run_once: True + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Pulling cephx keyring + command: docker exec -it ceph_mon ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images' + register: cephx_key + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + run_once: True + +- name: Pushing cephx keyring + copy: + content: "{{ cephx_key.stdout }}\n\r" + dest: "{{ node_config_directory }}/glance-api/ceph.client.glance.keyring" + mode: "0600" + when: inventory_hostname in groups['glance-api'] diff --git a/ansible/roles/glance/tasks/main.yml b/ansible/roles/glance/tasks/main.yml index 5c48120b7c..39c541d0b1 100644 --- a/ansible/roles/glance/tasks/main.yml +++ b/ansible/roles/glance/tasks/main.yml @@ -1,8 +1,19 @@ --- +- include: ceph.yml + when: enable_ceph | bool + - include: register.yml + when: inventory_hostname in groups['glance-api'] or + inventory_hostname in groups['glance-registry'] - include: config.yml + when: inventory_hostname in groups['glance-api'] or + inventory_hostname in groups['glance-registry'] - include: bootstrap.yml + when: inventory_hostname in groups['glance-api'] or + inventory_hostname in groups['glance-registry'] - include: start.yml + when: inventory_hostname in groups['glance-api'] or + inventory_hostname in groups['glance-registry'] diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index 33f60625a4..ebb0020332 100755 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -12,6 +12,10 @@ registry_host = {{ kolla_internal_address }} use_syslog = True syslog_log_facility = LOG_LOCAL0 +{% if enable_ceph | bool %} +show_image_direct_url= True +{% endif %} + [database] connection = mysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }} @@ -29,5 +33,13 @@ password = {{ glance_keystone_password }} flavor = keystone [glance_store] +{% if enable_ceph | bool %} +default_store = rbd +stores = rbd +rbd_store_user = glance +rbd_store_pool = images +rbd_store_chunk_size = 8 +{% else %} default_store = file filesystem_store_datadir = /var/lib/glance/images/ +{% endif %} diff --git a/ansible/roles/glance/templates/glance-api.json.j2 b/ansible/roles/glance/templates/glance-api.json.j2 index d4be6d6986..a2cb2756d9 100644 --- a/ansible/roles/glance/templates/glance-api.json.j2 +++ b/ansible/roles/glance/templates/glance-api.json.j2 @@ -6,6 +6,18 @@ "dest": "/etc/glance/glance-api.conf", "owner": "glance", "perm": "0600" - } + }{% if enable_ceph | bool %}, + { + "source": "/opt/kolla/config_files/ceph.client.glance.keyring", + "dest": "/etc/ceph/ceph.client.glance.keyring", + "owner": "glance", + "perm": "0600" + }, + { + "source": "/opt/kolla/config_files/ceph.conf", + "dest": "/etc/ceph/ceph.conf", + "owner": "glance", + "perm": "0600" + }{% endif %} ] } diff --git a/ansible/roles/nova/meta/main.yml b/ansible/roles/nova/meta/main.yml index 6b4fff8fef..5d4cbd37e1 100644 --- a/ansible/roles/nova/meta/main.yml +++ b/ansible/roles/nova/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - { role: common } + - { role: common, project_yaml: 'nova.yml' } diff --git a/ansible/roles/nova/tasks/ceph.yml b/ansible/roles/nova/tasks/ceph.yml new file mode 100644 index 0000000000..4ab79ae34f --- /dev/null +++ b/ansible/roles/nova/tasks/ceph.yml @@ -0,0 +1,63 @@ +--- +- name: Ensuring config directory exists + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + with_items: + - "nova-compute" + - "nova-libvirt/secrets" + when: inventory_hostname in groups['compute'] + +- name: Copying over config(s) + template: + src: roles/ceph/templates/ceph.conf.j2 + dest: "{{ node_config_directory }}/{{ item }}/ceph.conf" + with_items: + - "nova-compute" + - "nova-libvirt" + when: inventory_hostname in groups['compute'] + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Creating ceph pool for vms + command: docker exec -it ceph_mon ceph osd pool create vms 128 + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + failed_when: False + run_once: True + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Pulling cephx keyring for nova + command: docker exec -it ceph_mon ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' + register: cephx_key + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + run_once: True + +# TODO(SamYaple): Improve failed_when and changed_when tests +- name: Pulling cephx keyring for libvirt + command: docker exec -it ceph_mon ceph auth get-key client.nova + register: cephx_raw_key + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + run_once: True + +- name: Pushing cephx keyring for nova + copy: + content: "{{ cephx_key.stdout }}\n\r" + dest: "{{ node_config_directory }}/nova-compute/ceph.client.nova.keyring" + mode: "0600" + when: inventory_hostname in groups['compute'] + +- name: Pushing secrets xml for libvirt + template: + src: roles/nova/templates/secret.xml.j2 + dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.xml" + mode: "0600" + when: inventory_hostname in groups['compute'] + +- name: Pushing secrets key for libvirt + copy: + content: "{{ cephx_raw_key.stdout }}" + dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ rbd_secret_uuid }}.base64" + mode: "0600" + when: inventory_hostname in groups['compute'] diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index 9d5730402b..ff0a522fa0 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -129,6 +129,12 @@ dest: "{{ node_config_directory }}/nova-compute/config.json" when: inventory_hostname in groups['compute'] +- name: Copying over config(s) + template: + src: "libvirtd.conf.j2" + dest: "{{ node_config_directory }}/nova-libvirt/libvirtd.conf" + when: inventory_hostname in groups['compute'] + - include: ../../config.yml vars: service_name: "nova-novncproxy" diff --git a/ansible/roles/nova/tasks/main.yml b/ansible/roles/nova/tasks/main.yml index 5c48120b7c..1ca039dddc 100644 --- a/ansible/roles/nova/tasks/main.yml +++ b/ansible/roles/nova/tasks/main.yml @@ -1,8 +1,31 @@ --- +- include: ceph.yml + when: enable_ceph | bool + - include: register.yml + when: inventory_hostname in groups['nova-api'] or + inventory_hostname in groups['nova-consoleauth'] or + inventory_hostname in groups['nova-novncproxy'] or + inventory_hostname in groups['nova-scheduler'] or + inventory_hostname in groups['nova-compute'] - include: config.yml + when: inventory_hostname in groups['nova-api'] or + inventory_hostname in groups['nova-consoleauth'] or + inventory_hostname in groups['nova-novncproxy'] or + inventory_hostname in groups['nova-scheduler'] or + inventory_hostname in groups['nova-compute'] - include: bootstrap.yml + when: inventory_hostname in groups['nova-api'] or + inventory_hostname in groups['nova-consoleauth'] or + inventory_hostname in groups['nova-novncproxy'] or + inventory_hostname in groups['nova-scheduler'] or + inventory_hostname in groups['nova-compute'] - include: start.yml + when: inventory_hostname in groups['nova-api'] or + inventory_hostname in groups['nova-consoleauth'] or + inventory_hostname in groups['nova-novncproxy'] or + inventory_hostname in groups['nova-scheduler'] or + inventory_hostname in groups['nova-compute'] diff --git a/ansible/roles/nova/tasks/start.yml b/ansible/roles/nova/tasks/start.yml index ee1c032d8f..330310eb83 100644 --- a/ansible/roles/nova/tasks/start.yml +++ b/ansible/roles/nova/tasks/start.yml @@ -19,6 +19,7 @@ - "{{ node_config_directory }}/nova-libvirt/:/opt/kolla/config_files/:ro" - "/run:/run" - "/sys/fs/cgroup:/sys/fs/cgroup" + - "/lib/modules:/lib/modules:ro" volumes_from: - nova_data env: diff --git a/ansible/roles/nova/templates/libvirtd.conf.j2 b/ansible/roles/nova/templates/libvirtd.conf.j2 new file mode 100644 index 0000000000..d7a127a613 --- /dev/null +++ b/ansible/roles/nova/templates/libvirtd.conf.j2 @@ -0,0 +1,11 @@ +listen_tcp = 1 +auth_tcp = "none" +ca_file = "" +log_level = 2 +log_outputs = "2:file:/var/log/libvirt/libvirtd.log" +listen_addr = "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" +unix_sock_group = "root" +unix_sock_ro_perms = "0777" +unix_sock_rw_perms = "0770" +auth_unix_ro = "none" +auth_unix_rw = "none" diff --git a/ansible/roles/nova/templates/nova-compute.json.j2 b/ansible/roles/nova/templates/nova-compute.json.j2 index c9513d1579..0f7abe5c5b 100644 --- a/ansible/roles/nova/templates/nova-compute.json.j2 +++ b/ansible/roles/nova/templates/nova-compute.json.j2 @@ -6,6 +6,18 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" - } + }{% if enable_ceph | bool %}, + { + "source": "/opt/kolla/config_files/ceph.client.nova.keyring", + "dest": "/etc/ceph/ceph.client.nova.keyring", + "owner": "nova", + "perm": "0600" + }, + { + "source": "/opt/kolla/config_files/ceph.conf", + "dest": "/etc/ceph/ceph.conf", + "owner": "nova", + "perm": "0600" + }{% endif %} ] } diff --git a/ansible/roles/nova/templates/nova-libvirt.json.j2 b/ansible/roles/nova/templates/nova-libvirt.json.j2 index 5ec623dd96..30181c18ce 100644 --- a/ansible/roles/nova/templates/nova-libvirt.json.j2 +++ b/ansible/roles/nova/templates/nova-libvirt.json.j2 @@ -1,4 +1,23 @@ { - "command": "/usr/sbin/libvirtd", - "config_files": [] + "command": "/usr/sbin/libvirtd -l", + "config_files": [ + { + "source": "/opt/kolla/config_files/libvirt.conf", + "dest": "/etc/libvirt/libvirtd.conf", + "owner": "root", + "perm": "0600" + }{% if enable_ceph | bool %}, + { + "source": "/opt/kolla/config_files/secrets", + "dest": "/etc/libvirt/secrets", + "owner": "root", + "perm": "0600" + }, + { + "source": "/opt/kolla/config_files/ceph.conf", + "dest": "/etc/ceph/ceph.conf", + "owner": "root", + "perm": "0600" + }{% endif %} + ] } diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index d1e7be0cbf..5c8a689397 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -87,3 +87,15 @@ user_domain_id = default project_name = service username = nova password = {{ nova_keystone_password }} + +{% if enable_ceph | bool %} +[libvirt] +images_type = rbd +images_rbd_pool = vms +images_rbd_ceph_conf = /etc/ceph/ceph.conf +rbd_user = nova +rbd_secret_uuid = {{ rbd_secret_uuid }} +disk_cachemodes="network=writeback" +live_migration_flag="VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED" +hw_disk_discard = unmap +{% endif %} diff --git a/ansible/roles/nova/templates/secret.xml.j2 b/ansible/roles/nova/templates/secret.xml.j2 new file mode 100644 index 0000000000..eab903be4f --- /dev/null +++ b/ansible/roles/nova/templates/secret.xml.j2 @@ -0,0 +1,6 @@ + + {{ rbd_secret_uuid }} + + client.nova secret + + diff --git a/ansible/site.yml b/ansible/site.yml index 3ba043b8ef..6f12363607 100755 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -24,11 +24,11 @@ roles: - { role: swift, tags: swift, when: enable_swift | bool } -- hosts: [glance-api, glance-registry] +- hosts: [glance-api, glance-registry, ceph-mon] roles: - { role: glance, tags: glance, when: enable_glance | bool } -- hosts: [nova-api, nova-conductor, nova-consoleauth, nova-novncproxy, nova-scheduler, compute] +- hosts: [nova-api, nova-conductor, nova-consoleauth, nova-novncproxy, nova-scheduler, compute, ceph-mon] roles: - { role: nova, tags: nova, when: enable_nova | bool } @@ -36,7 +36,7 @@ roles: - { role: neutron, tags: neutron, when: enable_neutron | bool } -- hosts: [cinder-api, cinder-backup, cinder-scheduler, cinder-volume] +- hosts: [cinder-api, cinder-backup, cinder-scheduler, cinder-volume, ceph-mon] roles: - { role: cinder, tags: cinder, when: enable_cinder | bool } diff --git a/docker/cinder/cinder-base/Dockerfile.j2 b/docker/cinder/cinder-base/Dockerfile.j2 index 02f95704bc..d33d1c01f2 100644 --- a/docker/cinder/cinder-base/Dockerfile.j2 +++ b/docker/cinder/cinder-base/Dockerfile.j2 @@ -28,8 +28,11 @@ RUN yum -y install lvm2 \ {% elif base_distro in ['ubuntu', 'debian'] %} -RUN apt-get install -y --no-install-recommends lvm2 \ - && apt-get clean +RUN apt-get install -y --no-install-recommends \ + lvm2 \ + ceph-common \ + && apt-get clean \ + && mkdir -p /etc/ceph {% endif %} diff --git a/docker/glance/glance-base/Dockerfile.j2 b/docker/glance/glance-base/Dockerfile.j2 index bce7c17793..ef5fcfb392 100644 --- a/docker/glance/glance-base/Dockerfile.j2 +++ b/docker/glance/glance-base/Dockerfile.j2 @@ -19,6 +19,15 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \ {% endif %} {% elif install_type == 'source' %} + {% if base_distro in ['ubuntu', 'debian'] %} + +RUN apt-get install -y --no-install-recommends \ + python-rbd \ + python-rados \ + && apt-get clean \ + && mkdir -p /etc/ceph/ + + {% endif %} ADD glance-base-archive /glance-base-source RUN ln -s glance-base-source/* glance \ diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2 index f1b5b95b73..26890dd662 100644 --- a/docker/nova/nova-compute/Dockerfile.j2 +++ b/docker/nova/nova-compute/Dockerfile.j2 @@ -22,8 +22,11 @@ RUN yum -y install \ {% elif base_distro in ['ubuntu', 'debian'] %} -RUN apt-get install -y --no-install-recommends qemu-utils \ - && apt-get clean +RUN apt-get install -y --no-install-recommends \ + qemu-utils \ + ceph-common \ + && apt-get clean \ + && mkdir -p /etc/ceph {% endif %} {% endif %} diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2 index a238625c54..f296eb55c0 100644 --- a/docker/nova/nova-libvirt/Dockerfile.j2 +++ b/docker/nova/nova-libvirt/Dockerfile.j2 @@ -15,12 +15,15 @@ RUN yum -y install \ {% elif base_distro in ['ubuntu', 'debian'] %} RUN apt-get install -y --no-install-recommends \ + ceph-common \ libvirt-bin \ dmidecode \ pm-utils \ qemu \ + qemu-block-extra \ ebtables \ - && apt-get clean + && apt-get clean \ + && mkdir -p /etc/ceph {% endif %} diff --git a/docker/nova/nova-libvirt/start.sh b/docker/nova/nova-libvirt/start.sh index aa07f62dda..6191ce8512 100755 --- a/docker/nova/nova-libvirt/start.sh +++ b/docker/nova/nova-libvirt/start.sh @@ -8,12 +8,5 @@ source /opt/kolla/kolla-common.sh python /opt/kolla/set_configs.py CMD=$(cat /run_command) -# TODO(SamYaple): Tweak libvirt.conf rather than change permissions. -# Fix permissions for libvirt -if [[ -c /dev/kvm ]]; then - chmod 660 /dev/kvm - chown root:kvm /dev/kvm -fi - echo "Running command: ${CMD}" exec $CMD diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index c2c077b1c5..b50ddd3dd8 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -7,6 +7,7 @@ # Ceph options #################### ceph_cluster_fsid: "5fba2fbc-551d-11e5-a8ce-01ef4c5cf93c" +rbd_secret_uuid: "bbc5b4d5-6fca-407d-807d-06a4f4a7bccb" ###################