diff --git a/defaults/main.yml b/defaults/main.yml index 7bdcc518..1b5050ae 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -55,6 +55,18 @@ glance_system_shell: /bin/false glance_system_comment: glance system user glance_system_user_home: "/var/lib/{{ glance_system_user_name }}" +## Manually specified nova UID/GID +# Deployers can specify a UID for the glance user as well as the GID for the +# glance group if needed. This is commonly used in environments where shared +# storage is used, such as NFS or GlusterFS, and glance UID/GID values must be +# in sync between multiple servers. +# +# WARNING: Changing these values on an existing deployment can lead to +# failures, errors, and instability. +# +# glance_system_user_uid: +# glance_system_group_gid: + glance_registry_host: "{{ internal_lb_vip_address }}" glance_default_store: file glance_additional_stores: @@ -184,6 +196,7 @@ glance_nfs_client: [] # local_path: "/var/lib/glance/images" ## Local path on machine # type: "nfs" ## This can be nfs or nfs4 # options: "_netdev,auto" ## Mount options +# config_overrides: "{}" ## Override dictionary for unit file ## Policy vars # Provide a list of access controls to update the default policy.json with. These changes will be merged diff --git a/handlers/main.yml b/handlers/main.yml index 54fbdf36..ec3b3717 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,6 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Start glance mount(s) + systemd: + daemon_reload: yes + name: "{{ item.local_path.lstrip('/') | replace('/', '-') }}.mount" + enabled: "yes" + state: "restarted" + with_items: "{{ glance_nfs_client }}" + - name: Stop services service: name: "{{ item.service_name }}" diff --git a/releasenotes/notes/systemd-nfs-setup-5c35c23eda4443be.yaml b/releasenotes/notes/systemd-nfs-setup-5c35c23eda4443be.yaml new file mode 100644 index 00000000..e56a4692 --- /dev/null +++ b/releasenotes/notes/systemd-nfs-setup-5c35c23eda4443be.yaml @@ -0,0 +1,11 @@ +--- +features: + - When using Glance and NFS the NFS mount point will now be managed using a + systemd mount unit file. This change ensures the deployment of glance is not + making potentially system impacting changes to the ``/etc/fstab`` and + modernizes how we deploy glance when using shared storage. + - New variables have been added to the glance role allowing a deployer to set + the UID and GID of the glance user. The new options are, + ``glance_system_user_uid`` and ``glance_system_group_uid``. These options + are useful when deploying glance with shared storage as the back-end for + images and will only set the UID and GID of the glance user when defined. diff --git a/tasks/glance_post_install.yml b/tasks/glance_post_install.yml index 5431cf7b..4fed9176 100644 --- a/tasks/glance_post_install.yml +++ b/tasks/glance_post_install.yml @@ -84,13 +84,27 @@ state: directory with_items: "{{ glance_nfs_client }}" +- name: Glance nfs mount(s) + config_template: + src: "glance-systemd-mount.j2" + dest: "/etc/systemd/system/{{ item.local_path.lstrip('/') | replace('/', '-') }}.mount" + owner: "root" + group: "root" + mode: "0640" + config_overrides: "{{ item.config_overrides | default({}) }}" + config_type: "ini" + when: item.condition | default(True) + with_items: "{{ glance_nfs_client }}" + notify: + - Start glance mount(s) + +# NOTE(cloudnull): This remove the legacy mount in /etc/fstab. This task should +# be removed in the R release. - name: Glance mount nfs - mount: - name: "{{ item.local_path }}" - src: "{{ item.server }}:{{ item.remote_path }}" - fstype: "{{ item.type }}" - opts: "{{ item.options }}" - state: "mounted" + lineinfile: + path: /etc/fstab + state: absent + regexp: '^{{ item.server }}:{{ item.remote_path }}.*' with_items: "{{ glance_nfs_client }}" - name: Create glance cache management cron jobs diff --git a/tasks/glance_pre_install.yml b/tasks/glance_pre_install.yml index 0774ecb2..50bafeb7 100644 --- a/tasks/glance_pre_install.yml +++ b/tasks/glance_pre_install.yml @@ -16,12 +16,14 @@ - name: create the system group group: name: "{{ glance_system_group_name }}" + gid: "{{ glance_system_group_gid | default(omit) }}" state: "present" system: "yes" - name: Create the glance system user user: name: "{{ glance_system_user_name }}" + uid: "{{ glance_system_user_uid | default(omit) }}" group: "{{ glance_system_group_name }}" comment: "{{ glance_system_comment }}" shell: "{{ glance_system_shell }}" @@ -29,6 +31,13 @@ createhome: "yes" home: "{{ glance_system_user_home }}" +- name: Create glance NFS mount point(s) + file: + path: "{{ item.local_path }}" + state: directory + mode: "0755" + with_items: "{{ glance_nfs_client }}" + - name: Create glance dir file: path: "{{ item.path }}" @@ -43,9 +52,24 @@ - { path: "{{ glance_system_user_home }}" } - { path: "{{ glance_system_user_home }}/cache/api", mode: "0700" } - { path: "{{ glance_system_user_home }}/cache/registry" } - - { path: "{{ glance_system_user_home }}/images/" } - { path: "{{ glance_system_user_home }}/scrubber" } +- name: Stat the images directory + stat: + path: "{{ glance_system_user_home }}/images/" + changed_when: false + register: images_stat + +- name: Create glance images dir + file: + path: "{{ glance_system_user_home }}/images/" + state: directory + owner: "{{ glance_system_user_name }}" + group: "{{ glance_system_group_name }}" + mode: "0755" + when: + - not images_stat.stat.exists | default(false) | bool + - name: Test for log directory or link shell: | if [ -h "/var/log/glance" ]; then diff --git a/templates/glance-systemd-mount.j2 b/templates/glance-systemd-mount.j2 new file mode 100644 index 00000000..017b5bb3 --- /dev/null +++ b/templates/glance-systemd-mount.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Glance Images {{ item.local_path }} +After=network.target + +[Mount] +What={{ item.server }}:{{ item.remote_path }} +Where={{ item.local_path }} +Type={{ item.type }} +Options={{ item.options | default('_netdev,auto') }} + +[Install] +WantedBy=multi-user.target diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml index 9710edfe..6ddb0b33 100644 --- a/tests/group_vars/all_containers.yml +++ b/tests/group_vars/all_containers.yml @@ -24,3 +24,8 @@ container_networks: physical_host: localhost properties: service_name: "{{ inventory_hostname }}" + +# NOTE(cloudnull): The lxc-openstack AA profile for is used to ensure general +# container functionality typical to the integrated build. +lxc_container_config_list: + - "lxc.aa_profile=lxc-openstack" diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml index 14bf3b04..f7fc7d66 100644 --- a/tests/host_vars/localhost.yml +++ b/tests/host_vars/localhost.yml @@ -14,6 +14,7 @@ # limitations under the License. bridges: - - "br-mgmt" + - name: "br-mgmt" + ip_addr: "10.1.0.1" -ansible_python_interpreter: "/usr/bin/python2" \ No newline at end of file +ansible_python_interpreter: "/usr/bin/python2" diff --git a/tests/overrides-nfs.yml b/tests/overrides-nfs.yml new file mode 100644 index 00000000..7a56a1ac --- /dev/null +++ b/tests/overrides-nfs.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Force glance to use file by default which will be an NFS mount point. +glance_default_store: file +glance_nfs_client: + - server: "10.1.0.1" + remote_path: "/srv/nfs/glance" + local_path: "/var/lib/glance/images" + type: "nfs" + options: "_netdev,auto" diff --git a/tests/test-create-nfs-dev.yml b/tests/test-create-nfs-dev.yml new file mode 100644 index 00000000..4bba3866 --- /dev/null +++ b/tests/test-create-nfs-dev.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2017, BBC R&D +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create an NFS backing store + hosts: localhost + user: root + become: true + connection: local + tasks: + - block: + - name: Install NFS packages + package: + name: "{{ nfs_package[ansible_distribution | lower] }}" + state: present + + - name: create the system group for nfs + group: + name: "nfs-user" + gid: "10000" + state: "present" + system: "yes" + + - name: Create the system user for nfs + user: + name: "nfs-user" + uid: "10000" + group: "nfs-user" + comment: "nfs-user" + shell: "/bin/false" + system: "yes" + createhome: "yes" + home: "/srv/nfs" + + - name: Create base directories + file: + path: "{{ item }}" + state: "directory" + owner: "nfs-user" + group: "nfs-user" + with_items: + - "/srv/nfs/glance" + + - name: Create exports file + lineinfile: + path: /etc/exports + line: '{{ item }} 10.0.0.0/255.0.0.0(rw,sync,no_subtree_check,insecure,all_squash,anonuid=10000,anongid=10000)' + owner: root + group: root + mode: 0644 + create: yes + with_items: + - "/srv/nfs/glance" + register: nfs_exportfs + + - name: Restart nfs-server + systemd: + daemon_reload: yes + name: "nfs-server" + enabled: "yes" + state: "restarted" + when: + - nfs_exportfs | changed + + - name: Export NFS + command: exportfs -rav + vars: + nfs_package: + ubuntu: "nfs-kernel-server" + centos: "nfs-utils" + suse: "nfs-kernel-server" diff --git a/tests/test.yml b/tests/test.yml index a328b8e8..89905f09 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: test-create-nfs-dev.yml + when: + - test_deploy_nfs | default(false) | bool + # Setup the host - include: common/test-setup-host.yml diff --git a/tox.ini b/tox.ini index 6e4f9e62..fc17d915 100644 --- a/tox.ini +++ b/tox.ini @@ -136,6 +136,18 @@ commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" +[testenv:nfs] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv]setenv} + ANSIBLE_OVERRIDES={toxinidir}/tests/overrides-nfs.yml + ANSIBLE_PARAMETERS=-e test_deploy_nfs=yes +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + [testenv:linters] deps = {[testenv:ansible]deps} diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index e6b4d02d..f00f32e5 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -26,3 +26,10 @@ nodeset: ubuntu-xenial vars: tox_env: v2_registry_enabled + +- job: + name: openstack-ansible-nfs_glance + parent: openstack-ansible-functional + nodeset: ubuntu-xenial + vars: + tox_env: nfs diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index c0af1485..25de553e 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -21,6 +21,7 @@ - openstack-ansible-functional-centos-7 - openstack-ansible-functional-opensuse-423 - openstack-ansible-functional-ubuntu-xenial + - openstack-ansible-nfs_glance - openstack-ansible-upgrade-ubuntu-xenial - openstack-ansible-v1_api_enabled - openstack-ansible-v2_registry_enabled @@ -33,7 +34,7 @@ - openstack-ansible-functional-centos-7 - openstack-ansible-functional-opensuse-423 - openstack-ansible-functional-ubuntu-xenial + - openstack-ansible-nfs_glance - openstack-ansible-upgrade-ubuntu-xenial - openstack-ansible-v1_api_enabled - openstack-ansible-v2_registry_enabled -