Merge "[Ceph]: Ceph-Utility implement utilscli help command"

ceph-utility/templates/bin/utility/_help.tpl

@@ -0,0 +1,51 @@
+#!/bin/bash
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+usage() {
+
+set +ex
+
+echo "General Instruction:"
+echo "===================="
+echo "Commands must be executed in same format and with same arguments as shown below"
+echo "Replace .* with value for the preceding key (i.e. rados --pool  .* ls. Here .* represent poolname)"
+echo "For more information, run help on command. (utilscli rados --help or utilscli rbd help)"
+echo $'\n'
+echo "General Usage:"
+echo "=============="
+echo "  utilscli <command with argument>"
+echo $'\n'
+
+FILTERFILE='/etc/ceph/rootwrap.d/ceph-rootwrap-filter'
+
+awk -F "CommandFilter, " 'NF>1{print $2}' ${FILTERFILE} | awk -F',' '{print $1}' | awk '$0="  utilscli "$0'
+
+COMMANDS=$(awk -F "RegExpFilter" '{print $2}' ${FILTERFILE} |  awk -F ", " '{print $2}' | sort | uniq )
+
+for j in $COMMANDS
+do
+  awk -F "RegExpFilter, $j, root, " 'NF>1{print $2}' ${FILTERFILE} | sed -e 's/,//g' | awk '$0="  utilscli "$0'
+done
+
+  exit 1
+}
+
+usage
+
+

ceph-utility/templates/bin/utility/_osd-maintenance.tpl

@@ -18,7 +18,7 @@ limitations under the License.
 set -ex
 
 function check_osd_status () {
-  OSD_ID=$(utilscli ceph osd tree -f json-pretty | jq '.nodes[]|select(.type=="osd")|select(.status == "down")|.id')
+  OSD_ID=$(ceph osd tree -f json-pretty | jq '.nodes[]|select(.type == "osd")|select(.status == "down")|.id')
   if [ "${OSD_ID}" != '' ];then
       for i in $OSD_ID; do
       echo "OSD id $i is in Down Status"
@@ -33,11 +33,11 @@ function osd_remove () {
   check_osd_status
   for id in $OSD_ID; do
    read -p "Enter 'yes' to purge OSD=$id and 'no' to skip=" YN
-   if [[ $YN == "y" || $YN == "Y" || $YN == "yes" || $YN == "YES" ]]; then
+   if [[ $YN == "y" || $YN == "yes" ]]; then
        echo "Purging OSD=$id"
-       utilscli ceph osd purge $id --yes-i-really-mean-it
+       ceph osd purge $id --yes-i-really-mean-it
        sleep 3
-   elif [[ $YN == "n" || $YN == "N" || $YN == "no" || $YN == "NO" ]]; then
+   elif [[ $YN == "n" || $YN == "no" ]]; then
        echo "Not purging OSD=$id"
    else
        echo "Invalid Option"
@@ -45,12 +45,13 @@ function osd_remove () {
   done
 }
 
-function osd_remove_by_id () {
+# Checks if the given OSD is in downstate and then removes OSD by ID
+function remove_osd_in_down_state_by_id () {
       OSDID=$1
-      OSD_STATUS=$(utilscli ceph osd tree -f json-pretty | jq '.nodes[]|select(.type=="osd")|select(.id == '$OSDID')|.status')
+      OSD_STATUS=$(ceph osd tree -f json-pretty | jq '.nodes[]|select(.type == "osd")|select(.id == '$OSDID')|.status')
       if [ "$OSD_STATUS" == '"down"' ]; then
           echo "OSD id $OSDID is in Down Status, So purging it"
-          utilscli ceph osd purge $OSDID --yes-i-really-mean-it
+          ceph osd purge $OSDID --yes-i-really-mean-it
       elif [[ -z "$OSD_STATUS" ]]; then
           echo "OSD id $OSDID is not found, Please enter correct OSD id"
           exit
@@ -60,10 +61,11 @@ function osd_remove_by_id () {
       fi
 }
 
+# Checks if any OSD has weight '0' and then assgins weight, So Ceph can write data to it
 function reweight_osds () {
-  for OSD_ID in $(utilscli ceph osd df | awk '$3 == "0" {print $1}'); do
-    OSD_WEIGHT=$(utilscli ceph osd df --format json-pretty| grep -A7 "\bosd.${OSD_ID}\b" | awk '/"kb"/{ gsub(",",""); d= $2/1073741824 ; r = sprintf("%.2f", d); print r }');
-    utilscli ceph osd crush reweight osd.${OSD_ID} ${OSD_WEIGHT};
+  for OSD_ID in $(ceph osd df | awk '$3 == "0" {print $1}'); do
+    OSD_WEIGHT=$(ceph osd df --format json-pretty| grep -A7 "\bosd.${OSD_ID}\b" | awk '/"kb"/{ gsub(",",""); d= $2/1073741824 ; r = sprintf("%.2f", d); print r }');
+    ceph osd crush reweight osd.${OSD_ID} ${OSD_WEIGHT};
   done
 }
 
@@ -90,7 +92,7 @@ else
               exit 1
            fi
            OSDID=$1
-           osd_remove_by_id $OSDID
+           remove_osd_in_down_state_by_id $OSDID
         else
            usage
            exit 1

ceph-utility/templates/bin/utility/_rbd_pv.tpl

@@ -53,11 +53,11 @@ timestamp="$(date +%F_%T)"
 if [[ ! -z "${restore_file}" ]]; then
   if [[ -e "${restore_file}" ]]; then
     rbd_image="$(echo "${restore_file}" | rev | awk -v FS='/' '{print $1}' | rev | cut -f 1 -d '.')"
-    if (utilscli rbd info "${rbd_pool}"/"${rbd_image}" | grep -q id); then
-      utilscli rbd mv ${rbd_pool}/${rbd_image} ${rbd_pool}/${rbd_image}.orig-${timestamp}
+    if (rbd info "${rbd_pool}"/"${rbd_image}" | grep -q id); then
+      rbd mv ${rbd_pool}/${rbd_image} ${rbd_pool}/${rbd_image}.orig-${timestamp}
       echo "WARNING: Existing PVC/RBD image has been moved to ${rbd_pool}/${rbd_image}.orig-${timestamp}"
     fi
-    utilscli rbd import ${restore_file} ${rbd_pool}/${rbd_image}
+    rbd import ${restore_file} ${rbd_pool}/${rbd_image}
     echo "INFO: Backup has been restored into ${rbd_pool}/${rbd_image}"
   else
     echo "ERROR: Missing restore file!"
@@ -69,26 +69,26 @@ elif [[ ! -z "${snapshot}" ]]; then
 
   if [[ "x${snapshot}x" == "xcreatex" ]]; then
     snap_name="${pvc_name}-${timestamp}"
-    utilscli rbd snap create ${rbd_pool}/${rbd_image}@${snap_name}
+    rbd snap create ${rbd_pool}/${rbd_image}@${snap_name}
     echo "INFO: Snapshot ${rbd_pool}/${rbd_image}@${snap_name} has been created for PVC ${pvc_name}"
   elif [[ "x${snapshot}x" == "xrollback" ]]; then
-    snap_name=$(utilscli rbd snap ls ${rbd_pool}/${rbd_image})
-    utilscli rbd snap rollback ${rbd_pool}/${rbd_image}@${snap_name}
+    snap_name=$(rbd snap ls ${rbd_pool}/${rbd_image})
+    rbd snap rollback ${rbd_pool}/${rbd_image}@${snap_name}
     echo "WARNING: Rolled back snapshot ${rbd_pool}/${rbd_image}@${snap_name} for ${pvc_name}"
   elif [[ "x${snapshot}x" == "xremovex" ]]; then
-    utilscli rbd snap purge ${rbd_pool}/${rbd_image}
+    rbd snap purge ${rbd_pool}/${rbd_image}
     echo "Removed snapshot(s) for ${pvc_name}"
   elif [[ "x${snapshot}x" == "xshowx" ]]; then
     echo "INFO: This PV is mapped to the following RBD Image:"
     echo "${rbd_pool}/${rbd_image}"
     echo -e "\nINFO: Current open sessions to RBD Image:"
-    utilscli rbd status ${rbd_pool}/${rbd_image}
+    rbd status ${rbd_pool}/${rbd_image}
     echo -e "\nINFO: RBD Image information:"
-    utilscli rbd info ${rbd_pool}/${rbd_image}
+    rbd info ${rbd_pool}/${rbd_image}
     echo -e "\nINFO: RBD Image snapshot details:"
     rbd snap ls ${rbd_pool}/${rbd_image}
     echo -e "\nINFO: RBD Image size details:"
-    utilscli rbd du ${rbd_pool}/${rbd_image}
+    rbd du ${rbd_pool}/${rbd_image}
   else
     echo "ERROR: Missing arguement for snapshot option!"
   fi
@@ -105,17 +105,17 @@ else
   volume="$(kubectl -n ${nspace} get pvc ${pvc_name} --no-headers | awk '{ print $3 }')"
   rbd_image="$(kubectl get pv "${volume}" -o json | jq -r '.spec.rbd.image')"
 
-  if [[ -z "${volume}" ]] || (! utilscli rbd info "${rbd_pool}"/"${rbd_image}" | grep -q id); then
+  if [[ -z "${volume}" ]] || (! rbd info "${rbd_pool}"/"${rbd_image}" | grep -q id); then
     echo "ERROR: PVC does not exist or is missing! Cannot continue with backup for ${pvc_name}"
     exit 1
   else
     # Create current snapshot and export to a file
     snap_name="${pvc_name}-${timestamp}"
     backup_name="${rbd_image}.${pvc_name}-${timestamp}"
-    utilscli rbd snap create ${rbd_pool}/${rbd_image}@${snap_name}
-    utilscli rbd export ${rbd_pool}/${rbd_image}@${snap_name} ${backup_dest}/${backup_name}
+    rbd snap create ${rbd_pool}/${rbd_image}@${snap_name}
+    rbd export ${rbd_pool}/${rbd_image}@${snap_name} ${backup_dest}/${backup_name}
     # Remove snapshot otherwise we may see an issue cleaning up the PVC from K8s, and from Ceph.
-    utilscli rbd snap rm ${rbd_pool}/${rbd_image}@${snap_name}
+    rbd snap rm ${rbd_pool}/${rbd_image}@${snap_name}
     echo "INFO: PV ${pvc_name} saved to:"
     echo "${backup_dest}/${backup_name}"
   fi

ceph-utility/templates/configmap-bin.yaml

@@ -41,6 +41,9 @@ data:
   utilscli: |
 {{ tuple "bin/utility/_utilscli.tpl" . | include  "helm-toolkit.utils.template" | indent 4 }}
 
+  help: |
+{{ tuple "bin/utility/_help.tpl" . | include  "helm-toolkit.utils.template" | indent 4 }}
+
   osd-maintenance: |
 {{ tuple "bin/utility/_osd-maintenance.tpl" . | include  "helm-toolkit.utils.template" | indent 4 }}
 

ceph-utility/templates/deployment-utility.yaml

@@ -102,6 +102,10 @@ spec:
               mountPath: /tmp/osd-maintenance
               subPath: osd-maintenance
               readOnly: true
+            - name: ceph-utility-bin
+              mountPath: /tmp/help
+              subPath: help
+              readOnly: true
             - name: ceph-utility-bin
               mountPath: /tmp/rbd_pv
               subPath: rbd_pv

ceph-utility/values.yaml

@@ -91,24 +91,20 @@ conf:
       # ceph-rootwrap command filters for ceph utility container
       # This file should be owned by (and only-writeable by) the root user
       # Below are example command filters. access to ceph cluster can be restricted by creating a user with less privilages
-      ceph: CommandFilter, ceph, root
-      rados: CommandFilter, rados, root
-      radosgw-admin: CommandFilter, radosgw-admin, root
-      rbd: CommandFilter, rbd, root
+      ceph00: CommandFilter, ceph, root
+      rados00: CommandFilter, rados, root
+      rgwadm00: CommandFilter, radosgw-admin, root
+      rbd00: CommandFilter, rbd, root
       osd-maintenance: CommandFilter, osd-maintenance, root
       rbd_pv: CommandFilter, rbd_pv, root
-      kubectl: CommandFilter, kubectl, root
-      # Below are examples of RegExpFilter. This will restict access to ceph cluster even with admin user
-      #rbd00: RegExpFilter, rbd, root, rbd, (^((?!clone|copy|cp|create|export|export-diff|flatten|import|import-diff|map|merge-diff|pool|remove|rm|rename|mv|resize|unmap).)*$)
-      #rbd01: RegExpFilter, rbd, root, rbd, image-meta, (^((?!get|remove|set).)*$)
-      #rbd02: RegExpFilter, rbd, root, rbd, journal, (^((?!client|export|import|reset).)*$)
-      #rbd03: RegExpFilter, rbd, root, rbd, lock, (^((?!add|remove).)*$)
-      #rbd04: RegExpFilter, rbd, root, rbd, mirror, image, (^((?!demote|disable|enable|promote).)*$)
-      #rbd05: RegExpFilter, rbd, root, rbd, mirror, pool, (^((?!demote|disable|enable|peer|promote).)*$)
-      #rbd06: RegExpFilter, rbd, root, rbd, nbd, (^((?!map|unmap).)*$)
-      #rbd07: RegExpFilter, rbd, root, rbd, object-map, (^((?!rm|del).)*$)
-      #rbd08: RegExpFilter, rbd, root, rbd, snap, (^((?!create|limit|protect|purge|remove|rm|rename|mv|rollback|revert|unprotect).)*$)
-      #rbd09: RegExpFilter, rbd, root, rbd, trash, (^((?!move|mv|remove|rm|restore).)*$)
+      help: CommandFilter, help, root
+      #Below are examples of RegExpFilter. This will restict access to ceph cluster even with admin user
+      #rados00: RegExpFilter, rados, root, rados, --help
+      #rados01: RegExpFilter, rados, root, rados, df
+      #rbd02: RegExpFilter, rbd, root, rbd, --image, .*, info
+      #rbd03: RegExpFilter, rbd, root, rbd, snap, ls, .*
+      #ceph07: RegExpFilter, ceph, root, ceph, fsid
+      #ceph08: RegExpFilter, ceph, root, ceph, --watch
   cephrootwrap:
     DEFAULT:
       # Configuration for ceph-rootwrap