From 9a42686dc7f9181246fdddf87e35a6a669726cea Mon Sep 17 00:00:00 2001 From: Tom Barron Date: Wed, 3 Feb 2021 15:32:17 -0500 Subject: [PATCH] set ganesha idmap.conf file path and overrides Traditionally, Ganesha consumes /etc/idmapd.conf, which controls mapping of user/owner identities under NFSv4+. With containerized service deployment, this file has beenan immutable part of the container image and could not be modified. Recently ceph-ansible was modified to allow the user to set the path for idmapd.conf and to override ini settings in this file by supplying json configuration for the overrides in the same way that it can be supplied for ceph.conf overrides [1]. Also, the default path setting for the idmapd.conf file is /etc/ganesha/idmap.conf, which already is reflected into containerized ganesha under /etc/ganesha, solving the immutability issue. If no overrides are supplied, the file put in this location will match that originally frozen into the container, so there is no issue here with backwards compatibility. This change exposes parameters for idmap.conf file path and override contents in TripleO and passes them into ceph-ansible. It also sets up these parameters for cephadm. Cephadm support for OpenStack Ganesha is WIP so there will likely need to be a followup patch to make these effective when cephadm replaces ceph ansible. [1] https://github.com/ceph/ceph-ansible/pull/6422 Change-Id: I422e49f0027efbbb25256d8b4718eb0aa78d90a4 --- deployment/ceph-ansible/ceph-nfs.yaml | 9 +++++++++ deployment/cephadm/ceph-nfs.yaml | 7 +++++++ environments/manila-cephfsganesha-config.yaml | 4 ++++ 3 files changed, 20 insertions(+) diff --git a/deployment/ceph-ansible/ceph-nfs.yaml b/deployment/ceph-ansible/ceph-nfs.yaml index ffc6f5dde2..94dcd2c02f 100644 --- a/deployment/ceph-ansible/ceph-nfs.yaml +++ b/deployment/ceph-ansible/ceph-nfs.yaml @@ -30,6 +30,13 @@ parameters: ManilaCephFSCephFSAuthId: type: string default: 'manila' + ManilaCephFSNFSIdmapConf: + type: string + default: '/etc/ganesha/idmap.conf' + ManilaCephFSNFSIdmapOverrides: + type: json + description: Extra config settings to dump into idmap.conf + default: {} resources: CephBase: @@ -123,6 +130,8 @@ outputs: ceph_nfs_rados_backend: true ceph_nfs_disable_caching: true ceph_nfs_ceph_user: {get_param: ManilaCephFSCephFSAuthId} + ceph_nfs_idmap_conf: {get_param: ManilaCephFSNFSIdmapConf} + ceph_nfs_idmap_overrides: {get_param: ManilaCephFSNFSIdmapOverrides} - name: generate ceph-ansible group vars nfss copy: dest: "{{playbook_dir}}/ceph-ansible/group_vars/nfss.yml" diff --git a/deployment/cephadm/ceph-nfs.yaml b/deployment/cephadm/ceph-nfs.yaml index 9188bb5622..3398769ed1 100644 --- a/deployment/cephadm/ceph-nfs.yaml +++ b/deployment/cephadm/ceph-nfs.yaml @@ -33,6 +33,13 @@ parameters: ManilaCephFSCephFSAuthId: type: string default: 'manila' + ManilaCephFSNFSIdmapConf: + type: string + default: '/etc/ganesha/idmap.conf' + ManilaCephFSNFSIdmapOverrides: + type: json + description: Extra config settings to dump into idmap.conf + default: {} resources: CephBase: diff --git a/environments/manila-cephfsganesha-config.yaml b/environments/manila-cephfsganesha-config.yaml index 11ffd3a7f8..89cc9b8ddc 100644 --- a/environments/manila-cephfsganesha-config.yaml +++ b/environments/manila-cephfsganesha-config.yaml @@ -20,6 +20,10 @@ parameter_defaults: # (users mount shares directly from ceph cluster), or nfs-ganesha backend - # 'NFS' (users mount shares through nfs-ganesha server) ManilaCephFSCephFSProtocolHelperType: 'NFS' + # Use ManilaCephFSNFSIdmapConf to change the path of the idmap.conf file consumed by ganesha + ManilaCephFSNFSIdmapConf: '/etc/ganesha/idmap.conf' + # Use ManilaCephFSNFSIdmapOverrides to overide ini configuration in the idmap.conf file + ManilaCephFSNFSIdmapOverrides: {} # Uncomment the following and set them appropriately if the Ceph cluster is # external and you need to use a specific keyring/key and pool to access the # CephFS share