diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 0562ad3678..52b1cc527f 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -432,6 +432,8 @@ enable_magnum: "no" enable_manila: "no" enable_manila_backend_generic: "no" enable_manila_backend_hnas: "no" +enable_manila_backend_cephfs_native: "no" +enable_manila_backend_cephfs_nfs: "no" enable_mistral: "no" enable_mongodb: "no" enable_multipathd: "no" diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml index 5d6a851590..c2d6eabe43 100644 --- a/ansible/roles/manila/defaults/main.yml +++ b/ansible/roles/manila/defaults/main.yml @@ -101,8 +101,25 @@ manila_backends: - name: "generic" driver: "generic" enabled: "{{ enable_manila_backend_generic | bool }}" + protocols: + - "NFS" + - "CIFS" - name: "hnas1" driver: "hnas" enabled: "{{ enable_manila_backend_hnas | bool }}" + protocols: + - "NFS" + - "CIFS" + - name: "cephfsnative1" + driver: "cephfsnative" + enabled: "{{ enable_manila_backend_cephfs_native | bool }}" + protocols: + - "CEPHFS" + - name: "cephfsnfs1" + driver: "cephfsnfs" + enabled: "{{ enable_manila_backend_cephfs_nfs | bool }}" + protocols: + - "NFS" + - "CIFS" manila_enabled_backends: "{{ manila_backends|selectattr('enabled', 'equalto', true)|list }}" diff --git a/ansible/roles/manila/tasks/ceph.yml b/ansible/roles/manila/tasks/ceph.yml new file mode 100644 index 0000000000..994b723b13 --- /dev/null +++ b/ansible/roles/manila/tasks/ceph.yml @@ -0,0 +1,26 @@ +--- +- name: Ensuring config directory exists + file: + path: "{{ node_config_directory }}/manila-share" + state: "directory" + +- name: Copying over ceph.conf for manila + merge_configs: + sources: + - "{{ role_path }}/../ceph/templates/ceph.conf.j2" + - "{{ node_custom_config }}/ceph.conf" + - "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf" + dest: "{{ node_config_directory }}/manila-share/ceph.conf" + +- name: Pulling cephx keyring for manila + command: docker exec ceph_mon ceph auth get-or-create client.manila mon 'allow r, allow command "auth del", allow command "auth caps", allow command "auth get", allow command "auth get-or-create"' osd 'allow rw' mds 'allow *' + register: cephx_key_manila + delegate_to: "{{ groups['ceph-mon'][0] }}" + changed_when: False + run_once: True + +- name: Pushing cephx keyring + copy: + content: "{{ cephx_key_manila.stdout }}\n\r" + dest: "{{ node_config_directory }}/manila-share/ceph.client.manila.keyring" + mode: "0600" diff --git a/ansible/roles/manila/tasks/deploy.yml b/ansible/roles/manila/tasks/deploy.yml index 4c28754051..cb21c0812a 100644 --- a/ansible/roles/manila/tasks/deploy.yml +++ b/ansible/roles/manila/tasks/deploy.yml @@ -1,4 +1,19 @@ --- +- include: ceph.yml + when: + - enable_ceph | bool + - enable_ceph_mds | bool + - (enable_manila_backend_cephfs_native | bool) or (enable_manila_backend_cephfs_nfs | bool) + - inventory_hostname in groups['manila-share'] + +- include: external_ceph.yml + when: + - enable_ceph| bool == False + - enable_ceph_mds| bool == False + - (enable_manila_backend_cephfs_native | bool) or (enable_manila_backend_cephfs_nfs | bool) + - inventory_hostname in groups['manila-share'] + + - include: register.yml when: inventory_hostname in groups['manila-api'] diff --git a/ansible/roles/manila/tasks/external_ceph.yml b/ansible/roles/manila/tasks/external_ceph.yml new file mode 100644 index 0000000000..fbfe4ae589 --- /dev/null +++ b/ansible/roles/manila/tasks/external_ceph.yml @@ -0,0 +1,20 @@ +--- +- name: Ensuring config directory exists + file: + path: "{{ node_config_directory }}/manila-share" + state: "directory" + +- name: Copying over ceph.conf for manila + merge_configs: + sources: + - "{{ node_custom_config }}/manila/ceph.conf" + - "{{ node_custom_config }}/manila/manila-share/ceph.conf" + dest: "{{ node_config_directory }}/manila-share/ceph.conf" + +- name: Copy over Ceph keyring files for manila + copy: + src: "{{ item }}" + dest: "{{ node_config_directory }}/manila-share/" + with_fileglob: + - "{{ node_custom_config }}/manila/ceph.client.manila.keyring" + - "{{ node_custom_config }}/manila/manila/ceph.client.manila.keyring" diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2 index 332143069f..9bb751d2da 100644 --- a/ansible/roles/manila/templates/manila-share.conf.j2 +++ b/ansible/roles/manila/templates/manila-share.conf.j2 @@ -84,3 +84,28 @@ hitachi_hnas_evs_id = {{ hnas_evs_id }} hitachi_hnas_evs_ip = {{ hnas_evs_ip }} hitachi_hnas_file_system_name = {{ hnas_file_system_name }} {% endif %} + +{% if enable_manila_backend_cephfs_native | bool %} +[cephfsnative1] +driver_handles_share_servers = False +share_backend_name = CEPHFS1 +share_driver = manila.share.drivers.cephfs.cephfs_native.CephFSNativeDriver +cephfs_conf_path = /etc/ceph/ceph.conf +cephfs_auth_id = manila +cephfs_cluster_name = ceph +cephfs_enable_snapshots = False +{% endif %} + +{% if enable_manila_backend_cephfs_nfs | bool %} +[cephfsnfs1] +driver_handles_share_servers = False +share_backend_name = CEPHFSNFS1 +share_driver = manila.share.drivers.cephfs.driver.CephFSDriver +cephfs_protocol_helper_type = NFS +cephfs_conf_path = /etc/ceph/ceph.conf +cephfs_auth_id = manila +cephfs_cluster_name = ceph +cephfs_enable_snapshots = False +cephfs_ganesha_server_is_remote= False +cephfs_ganesha_server_ip = {{ api_interface_address }} +{% endif %} diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2 index 974169063d..3484b6f16a 100644 --- a/ansible/roles/manila/templates/manila-share.json.j2 +++ b/ansible/roles/manila/templates/manila-share.json.j2 @@ -6,7 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" - }, + }{% if enable_manila_backend_cephfs_native | bool or enable_manila_backend_cephfs_nfs | bool %}, + { + "source": "{{ container_config_directory }}/ceph.*", + "dest": "/etc/ceph/", + "owner": "manila", + "perm": "0600" + }{% endif %}, { "source": "{{ container_config_directory }}/policy.json", "dest": "/etc/manila/policy.json", diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index 7bab7bfc37..0bc17ee5ac 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -13,6 +13,8 @@ osapi_share_workers = {{ openstack_service_workers }} rootwrap_config = /etc/manila/rootwrap.conf api_paste_config = /etc/manila/api-paste.ini +enabled_share_protocols = "{{ manila_backends|selectattr('enabled', 'equalto', true)|sum(attribute='protocols', start=[]) | unique | join(',') }}" + auth_strategy = keystone os_region_name = {{ openstack_region_name }} diff --git a/doc/source/reference/external-ceph-guide.rst b/doc/source/reference/external-ceph-guide.rst index 7a8e2f6032..8ec0a0b777 100644 --- a/doc/source/reference/external-ceph-guide.rst +++ b/doc/source/reference/external-ceph-guide.rst @@ -37,6 +37,7 @@ service in ``/etc/kolla/globals.yml``: cinder_backend_ceph: "yes" nova_backend_ceph: "yes" gnocchi_backend_storage: "ceph" + enable_manila_backend_ceph_native: "yes" The combination of ``enable_ceph: "no"`` and ``_backend_ceph: "yes"`` triggers the activation of external ceph mechanism in Kolla. @@ -226,3 +227,43 @@ Put ceph.conf and gnocchi client keyring file in $ ls /etc/kolla/config/gnocchi ceph.client.gnocchi.keyring ceph.conf gnocchi.conf + +Manila +------ + +Configuring Manila for Ceph includes four steps: + +1) Configure CephFS backend, setting enable_manila_backend_ceph_native +2) Create Ceph configuration file in /etc/ceph/ceph.conf +3) Create Ceph keyring file in /etc/ceph/ceph.client..keyring +4) Setup Manila in the usual way + +Step 1 is done by using setting enable_manila_backend_ceph_native=true + +Now put ceph.conf and the keyring file (name depends on the username created +in Ceph) into the same directory, for example: + +/etc/kolla/config/manila/ceph.conf + +:: + + [global] + fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3 + mon_host = 192.168.0.56 + auth_cluster_required = cephx + auth_service_required = cephx + auth_client_required = cephx + +/etc/kolla/config/manila/ceph.client.manila.keyring + +:: + + [client.manila] + key = AQAg5YRXS0qxLRAAXe6a4R1a15AoRx7ft80DhA== + +For more details on the rest of the Manila setup, such as creating the share +type ``default_share_type``, please see: +https://docs.openstack.org/kolla-ansible/latest/reference/manila-guide.html + +For more details on the CephFS Native driver, please see: +https://docs.openstack.org/manila/latest/admin/cephfs_driver.html diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 88ba199690..3135b838a8 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -192,6 +192,8 @@ kolla_internal_vip_address: "10.10.10.254" #enable_manila: "no" #enable_manila_backend_generic: "no" #enable_manila_backend_hnas: "no" +#enable_manila_backend_cephfs_native: "no" +#enable_manila_backend_cephfs_nfs: "no" #enable_mistral: "no" #enable_mongodb: "no" #enable_murano: "no" diff --git a/releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml b/releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml new file mode 100644 index 0000000000..4d1b3e73bf --- /dev/null +++ b/releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add CephFS driver support to manila