From 96b82d149ec55e873738a88328141a90c70e6100 Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Mon, 16 Oct 2017 10:10:43 +0200 Subject: [PATCH] Add support for ceph-nfs manila backend If ceph-nfs (ganesha) service is enabled, it's set up by ceph-ansible and it can be used as a manila backend. Manila can be configured to use ceph either directly (manila-cephfsnative-config-docker.yaml env file) or through ganesha (environments/manila-cephfganesha-config-docker.yaml env file). Change-Id: Ib408c7827e5fba0c1b01388db26363806fc64370 Partially-Implements: blueprint nfs-ganesha --- docker/services/ceph-ansible/ceph-nfs.yaml | 76 +++++++++ docker/services/pacemaker/manila-share.yaml | 2 +- .../manila-cephfsganesha-config-docker.yaml | 24 +++ .../manila-cephfsnative-config-docker.yaml | 16 +- overcloud-resource-registry-puppet.j2.yaml | 1 + puppet/all-nodes-config.j2.yaml | 7 +- puppet/services/manila-backend-cephfs.yaml | 38 +++-- roles/ControllerStorageNfs.yaml | 158 ++++++++++++++++++ tools/yaml-validate.py | 8 +- 9 files changed, 304 insertions(+), 26 deletions(-) create mode 100644 docker/services/ceph-ansible/ceph-nfs.yaml create mode 100644 environments/manila-cephfsganesha-config-docker.yaml create mode 100644 roles/ControllerStorageNfs.yaml diff --git a/docker/services/ceph-ansible/ceph-nfs.yaml b/docker/services/ceph-ansible/ceph-nfs.yaml new file mode 100644 index 0000000000..6049e79e66 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-nfs.yaml @@ -0,0 +1,76 @@ +heat_template_version: pike + +description: > + Ceph NFS Ganeshaservice. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph NFS Ganesha service. + value: + service_name: ceph_nfs + upgrade_tasks: [] + step_config: 'include ::tripleo::profile::pacemaker::ceph_nfs' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + # step_config seems to be ignored if docker_config is present + #docker_config: {} + config_settings: + map_merge: + - tripleo.ceph_nfs.firewall_rules: + '120 ceph_nfs': + dport: + # FIXME + - 2049 + - 20048 + - 38468 + - 4501 + - ceph_nfs_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - ceph_nfs_enable_service: false + - ceph_nfs_use_pacemaker: true + - ceph_nfs_dynamic_exports: true + - ceph_nfs_service_suffix: pacemaker + - nfs_obj_gw: false + - ceph_nfs_rados_backend: true diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml index 916a67d6f3..c8f34d1285 100644 --- a/docker/services/pacemaker/manila-share.yaml +++ b/docker/services/pacemaker/manila-share.yaml @@ -149,7 +149,7 @@ outputs: list_concat: - - '/docker_puppet_apply.sh' - '5' - - 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + - 'pacemaker_constraint,file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle' - if: - puppet_debug_enabled diff --git a/environments/manila-cephfsganesha-config-docker.yaml b/environments/manila-cephfsganesha-config-docker.yaml new file mode 100644 index 0000000000..f5cdd3cb46 --- /dev/null +++ b/environments/manila-cephfsganesha-config-docker.yaml @@ -0,0 +1,24 @@ +# A Heat environment file which can be used to enable a +# a Manila CephFS-NFS driver backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + # ceph-nfs (ganesha) service is installed and configured by ceph-ansible + # but it's still managed by pacemaker + OS::TripleO::Services::CephNfs: ../docker/services/ceph-ansible/ceph-nfs.yaml + + +parameter_defaults: + ManilaCephFSBackendName: cephfs + ManilaCephFSDriverHandlesShareServers: false + ManilaCephFSCephFSConfPath: '/etc/ceph/ceph.conf' + ManilaCephFSCephFSAuthId: 'manila' + ManilaCephFSCephFSClusterName: 'ceph' + ManilaCephFSCephFSEnableSnapshots: false + # manila cephfs driver supports either native cephfs backend - 'CEPHFS' + # (users mount shares directly from ceph cluster), or nfs-ganesha backend - + # 'NFS' (users mount shares through nfs-ganesha server) + ManilaCephFSCephFSProtocolHelperType: 'NFS' diff --git a/environments/manila-cephfsnative-config-docker.yaml b/environments/manila-cephfsnative-config-docker.yaml index 8c8229186a..c0b756a474 100644 --- a/environments/manila-cephfsnative-config-docker.yaml +++ b/environments/manila-cephfsnative-config-docker.yaml @@ -12,9 +12,13 @@ resource_registry: parameter_defaults: - ManilaCephFSNativeBackendName: cephfsnative - ManilaCephFSNativeDriverHandlesShareServers: false - ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' - ManilaCephFSNativeCephFSAuthId: 'manila' - ManilaCephFSNativeCephFSClusterName: 'ceph' - ManilaCephFSNativeCephFSEnableSnapshots: false + ManilaCephFSBackendName: cephfs + ManilaCephFSDriverHandlesShareServers: false + ManilaCephFSCephFSConfPath: '/etc/ceph/ceph.conf' + ManilaCephFSCephFSAuthId: 'manila' + ManilaCephFSCephFSClusterName: 'ceph' + ManilaCephFSCephFSEnableSnapshots: false + # manila cephfs driver supports either native cephfs backend - 'CEPHFS' + # (users mount shares directly from ceph cluster), or nfs-ganesha backend - + # 'NFS' (users mount shares through nfs-ganesha server) + ManilaCephFSCephFSProtocolHelperType: 'CEPHFS' diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 21aec42601..1f5a85a649 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -122,6 +122,7 @@ resource_registry: OS::TripleO::Services::CephRgw: OS::Heat::None OS::TripleO::Services::CephOSD: OS::Heat::None OS::TripleO::Services::CephClient: OS::Heat::None + OS::TripleO::Services::CephNfs: OS::Heat::None OS::TripleO::Services::CephExternal: OS::Heat::None OS::TripleO::Services::CinderApi: puppet/services/cinder-api.yaml OS::TripleO::Services::CinderBackup: OS::Heat::None diff --git a/puppet/all-nodes-config.j2.yaml b/puppet/all-nodes-config.j2.yaml index 9b01dc40e2..088661c0d0 100644 --- a/puppet/all-nodes-config.j2.yaml +++ b/puppet/all-nodes-config.j2.yaml @@ -188,7 +188,9 @@ resources: network_virtual_ips: {% set count = 1 %} {%- for network in networks if network.vip|default(false) %} -{%- if network.name != 'External' %} +# External virtual ip is currently being handled separately as public_virtual_ip. +# Likewise, optional StorageNFS virtual ip is handled separately as ganesha_vip. +{%- if network.name != 'External' and network.name != 'StorageNFS' %} {{network.name_lower}}: ip_address: {get_param: [NetVipMap, {get_param: {{network.name}}NetName}]} index: {{count}} @@ -196,6 +198,9 @@ resources: {%- endif %} {%- endfor %} redis_vip: {get_param: RedisVirtualIP} +{%- for network in networks if network.name == 'StorageNFS' %} + ganesha_vip: {get_param: [NetVipMap, {get_param: StorageNFSNetName}]} +{%- endfor %} # public_virtual_ip and controller_virtual_ip are needed in # both HAproxy & keepalived. tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, {get_param: ExternalNetName}]} diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9952ed4c72..d85ae7fa81 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -30,28 +30,31 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - # CephFS Native backend params: - ManilaCephFSNativeBackendName: + # CephFS backend params: + ManilaCephFSBackendName: type: string - default: cephfsnative - ManilaCephFSNativeDriverHandlesShareServers: + default: cephfs + ManilaCephFSDriverHandlesShareServers: type: boolean default: false - ManilaCephFSNativeShareBackendName: + ManilaCephFSShareBackendName: type: string default: 'cephfs' - ManilaCephFSNativeCephFSConfPath: + ManilaCephFSCephFSConfPath: type: string default: '/etc/ceph/ceph.conf' - ManilaCephFSNativeCephFSAuthId: + ManilaCephFSCephFSAuthId: type: string default: 'manila' - ManilaCephFSNativeCephFSClusterName: + ManilaCephFSCephFSClusterName: type: string default: 'ceph' - ManilaCephFSNativeCephFSEnableSnapshots: + ManilaCephFSCephFSEnableSnapshots: type: boolean default: false + ManilaCephFSCephFSProtocolHelperType: + default: CEPHFS + type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -67,12 +70,13 @@ outputs: value: service_name: manila_backend_cephfs config_settings: - manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName} - manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers} - manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName} - manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath} - manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} - manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} - manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} - manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} + manila::backend::cephfs::title: {get_param: ManilaCephFSBackendName} + manila::backend::cephfs::driver_handles_share_servers: {get_param: ManilaCephFSDriverHandlesShareServers} + manila::backend::cephfs::share_backend_name: {get_param: ManilaCephFSShareBackendName} + manila::backend::cephfs::cephfs_conf_path: {get_param: ManilaCephFSCephFSConfPath} + manila::backend::cephfs::cephfs_auth_id: {get_param: ManilaCephFSCephFSAuthId} + manila::backend::cephfs::cephfs_cluster_name: {get_param: ManilaCephFSCephFSClusterName} + manila::backend::cephfs::cephfs_enable_snapshots: {get_param: ManilaCephFSCephFSEnableSnapshots} + manila::backend::cephfs::ceph_client_key: {get_param: CephManilaClientKey} + manila::backend::cephfs::cephfs_protocol_helper_type: {get_param: ManilaCephFSCephFSProtocolHelperType} step_config: diff --git a/roles/ControllerStorageNfs.yaml b/roles/ControllerStorageNfs.yaml new file mode 100644 index 0000000000..d398c0382e --- /dev/null +++ b/roles/ControllerStorageNfs.yaml @@ -0,0 +1,158 @@ +############################################################################### +# Role: Controller # +############################################################################### +- name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + networks: + - External + - InternalApi + - Storage + - StorageMgmt + - StorageNFS + - Tenant + HostnameFormatDefault: '%stackname%-controller-%index%' + # Deprecated & backward-compatible values (FIXME: Make parameters consistent) + # Set uses_deprecated_params to True if any deprecated params are used. + uses_deprecated_params: True + deprecated_param_extraconfig: 'controllerExtraConfig' + deprecated_param_flavor: 'OvercloudControlFlavor' + deprecated_param_image: 'controllerImage' + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::BarbicanBackendSimpleCrypto + - OS::TripleO::Services::BarbicanBackendDogtag + - OS::TripleO::Services::BarbicanBackendKmip + - OS::TripleO::Services::BarbicanBackendPkcs11Crypto + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMgr + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephNfs + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::Fluentd + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendIsilon + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronSfcApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLbaasv2Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaDeploymentConfig + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::SkydiveAgent + - OS::TripleO::Services::SkydiveAnalyzer + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftDispersion + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 29a41b9ccb..51ec2693a3 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -51,7 +51,7 @@ OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks', 'global_config_settings', 'logging_source', 'logging_groups', 'external_deploy_tasks', 'external_post_deploy_tasks', - 'docker_config_scripts'] + 'docker_config_scripts', 'step_config'] REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config', 'config_image'] OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ] @@ -440,6 +440,12 @@ def validate_docker_service(filename, tpl): for section_name in REQUIRED_DOCKER_SECTIONS: if section_name not in role_data: + # add an exception if both step_config is used in docker + # service, docker/services/ceph-ansible/ceph-nfs.yaml uses + # additional step_config to add pacemaker resources + if (section_name == 'docker_config' and + role_data.get('step_config', '')): + continue print('ERROR: %s is required in role_data for %s.' % (section_name, filename)) return 1