From eb7e0f6fdac86ea9501b98e6e71554b024bffe96 Mon Sep 17 00:00:00 2001 From: Buddhika Sanjeewa Date: Fri, 14 Jan 2022 14:42:20 +0000 Subject: [PATCH] Deploy Zun with Cinder Ceph support Enables zun to access cinder volumes when cinder is configured to use external ceph. Copies ceph config file and ceph cinder keyring to /etc/ceph in zun_compute container. Closes-Bug: 1848934 Change-Id: Ie56868d5e9ed37a9274b8cbe65895f3634b895c8 --- ansible/group_vars/all.yml | 3 + ansible/roles/baremetal/defaults/main.yml | 19 +++++++ .../baremetal/tasks/bootstrap-servers.yml | 5 ++ .../tasks/configure-ceph-for-zun.yml | 55 +++++++++++++++++++ ansible/roles/zun/defaults/main.yml | 1 + ansible/roles/zun/tasks/config.yml | 5 ++ ansible/roles/zun/tasks/external_ceph.yml | 27 +++++++++ .../roles/zun/templates/zun-compute.json.j2 | 20 ++++++- .../reference/storage/external-ceph-guide.rst | 27 +++++++++ .../notes/bug-1848934-878a08b490856a53.yaml | 7 +++ 10 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml create mode 100644 ansible/roles/zun/tasks/external_ceph.yml create mode 100644 releasenotes/notes/bug-1848934-878a08b490856a53.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 200191e3ab..2bc744b2ee 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -133,6 +133,9 @@ docker_zun_config: # Extra containerd options for Zun containerd_configure_for_zun: "no" +# Enable Ceph backed Cinder Volumes for zun +zun_configure_for_cinder_ceph: "no" + # 42463 is the static group id of the zun user in the Zun image. # If users customize this value on building the Zun images, # they need to change this config accordingly. diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml index bb19f40b71..7c8300b310 100644 --- a/ansible/roles/baremetal/defaults/main.yml +++ b/ansible/roles/baremetal/defaults/main.yml @@ -16,6 +16,25 @@ docker_yum_gpgkey: "{{ docker_yum_url }}/gpg" docker_yum_gpgcheck: true docker_yum_package: "docker-ce" +ceph_version: "pacific" +epel_version: "8" +ceph_url: "https://download.ceph.com" + +# Ceph APT repository configuration. +ceph_apt_url: "{{ ceph_url }}/debian-{{ ceph_version }}/" +ceph_apt_repo: "deb {{ ceph_apt_url }} {{ ansible_facts.distribution_release }} main" +ceph_apt_key_file: "{{ ceph_url }}/keys/release.gpg" +ceph_apt_key_id: "460F3994" +ceph_apt_package: "ceph-common" + +# Ceph Yum repository configuration. +ceph_yum_url: "{{ ceph_url }}/rpm-{{ ceph_version }}/" +ceph_yum_baseurl: "{{ ceph_yum_url }}el{{ epel_version }}/$basearch/" +ceph_yum_gpgkey: "{{ ceph_url }}/keys/release.asc" +ceph_yum_gpgcheck: true +ceph_yum_package: "ceph-common" +epel_yum_package: "epel-release" + customize_etc_hosts: True create_kolla_user: True diff --git a/ansible/roles/baremetal/tasks/bootstrap-servers.yml b/ansible/roles/baremetal/tasks/bootstrap-servers.yml index 46f2ae103e..dfe37fe4dc 100644 --- a/ansible/roles/baremetal/tasks/bootstrap-servers.yml +++ b/ansible/roles/baremetal/tasks/bootstrap-servers.yml @@ -9,3 +9,8 @@ when: - containerd_configure_for_zun|bool - "'zun-cni-daemon' in group_names" + +- include_tasks: configure-ceph-for-zun.yml + when: + - zun_configure_for_cinder_ceph | bool + - "'zun-compute' in group_names" diff --git a/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml b/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml new file mode 100644 index 0000000000..606c14b554 --- /dev/null +++ b/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml @@ -0,0 +1,55 @@ +--- +- name: Install ceph-common + block: + - block: + - name: Install ceph apt gpg key + apt_key: + url: "{{ ceph_apt_key_file }}" + id: "{{ ceph_apt_key_id }}" + state: present + become: True + + - name: Enable ceph apt repository + apt_repository: + repo: "{{ ceph_apt_repo }}" + filename: ceph + become: True + + - name: Install apt packages + package: + name: "{{ ceph_apt_package }}" + state: present + become: True + when: ansible_facts.os_family == 'Debian' + + - block: + - name: Enable ceph yum repository + yum_repository: + name: ceph + description: Ceph main Repository + baseurl: "{{ ceph_yum_baseurl }}" + gpgcheck: "{{ ceph_yum_gpgcheck | bool }}" + gpgkey: "{{ ceph_yum_gpgkey }}" + become: True + + - name: Enable epel yum repository + package: + name: "{{ epel_yum_package }}" + state: present + become: True + + - name: Install ceph rpm gpg key + rpm_key: + state: present + key: "{{ ceph_yum_gpgkey }}" + become: True + when: + - ceph_yum_gpgcheck | bool + + - name: Install RPM packages + package: + name: "{{ ceph_yum_package }}" + state: present + enablerepo: epel + become: True + when: ansible_facts.os_family == 'RedHat' diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml index 63c34edc62..f6bcdd4b0b 100644 --- a/ansible/roles/zun/defaults/main.yml +++ b/ansible/roles/zun/defaults/main.yml @@ -169,6 +169,7 @@ zun_compute_default_volumes: - "/lib/modules:/lib/modules:ro" - "/dev:/dev" - "{% if enable_iscsid | bool %}iscsi_info:/etc/iscsi{% endif %}" + - "{% if zun_configure_for_cinder_ceph | bool %}/var/lib/zun:/var/lib/zun:shared{% endif %}" zun_cni_daemon_default_volumes: - "{{ node_config_directory }}/zun-cni-daemon/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml index f0c34a0074..5b10fb0677 100644 --- a/ansible/roles/zun/tasks/config.yml +++ b/ansible/roles/zun/tasks/config.yml @@ -12,6 +12,11 @@ - item.value.enabled | bool with_dict: "{{ zun_services }}" +- include_tasks: external_ceph.yml + when: + - zun_configure_for_cinder_ceph | bool + - inventory_hostname in groups['zun-compute'] + - name: Check if policies shall be overwritten stat: path: "{{ item }}" diff --git a/ansible/roles/zun/tasks/external_ceph.yml b/ansible/roles/zun/tasks/external_ceph.yml new file mode 100644 index 0000000000..325059eaa7 --- /dev/null +++ b/ansible/roles/zun/tasks/external_ceph.yml @@ -0,0 +1,27 @@ +--- +- name: Copying over ceph.conf for Zun + copy: + src: "{{ node_custom_config }}/zun/zun-compute/ceph.conf" + dest: "{{ node_config_directory }}/zun-compute/" + mode: "0660" + become: true + notify: + - Restart zun-compute container + +- name: Copy over Ceph keyring files for zun-compute + copy: + src: "{{ node_custom_config }}/zun/zun-compute/{{ ceph_cinder_keyring }}" + dest: "{{ node_config_directory }}/zun-compute/" + mode: "0660" + become: true + when: external_ceph_cephx_enabled | bool + notify: + - Restart zun-compute container + +- name: Ensuring config directory has correct owner and permission + become: true + file: + path: "{{ node_config_directory }}/zun-compute" + recurse: yes + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" diff --git a/ansible/roles/zun/templates/zun-compute.json.j2 b/ansible/roles/zun/templates/zun-compute.json.j2 index 1e4e09fc85..36d6527dce 100644 --- a/ansible/roles/zun/templates/zun-compute.json.j2 +++ b/ansible/roles/zun/templates/zun-compute.json.j2 @@ -6,6 +6,20 @@ "dest": "/etc/zun/zun.conf", "owner": "zun", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}", + "dest": "/etc/ceph/{{ ceph_cinder_keyring }}", + "owner": "zun", + "perm": "0600", + "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }} + }, + { + "source": "{{ container_config_directory }}/ceph.conf", + "dest": "/etc/ceph/ceph.conf", + "owner": "zun", + "perm": "0600", + "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }} }{% if zun_policy_file is defined %}, { "source": "{{ container_config_directory }}/{{ zun_policy_file }}", @@ -19,6 +33,10 @@ "path": "/var/log/kolla/zun", "owner": "zun:kolla", "recurse": true - } + }{% if zun_configure_for_cinder_ceph | bool %}, + { + "path": "/var/lib/zun", + "owner": "zun:kolla" + }{% endif %} ] } diff --git a/doc/source/reference/storage/external-ceph-guide.rst b/doc/source/reference/storage/external-ceph-guide.rst index ca5c877015..fe47442f4e 100644 --- a/doc/source/reference/storage/external-ceph-guide.rst +++ b/doc/source/reference/storage/external-ceph-guide.rst @@ -138,6 +138,23 @@ Nova must also be configured to allow access to Cinder volumes: * ``/etc/kolla/config/nova/`` +If ``zun`` is enabled, and you wish to use cinder volumes with zun, +it must also be configured to allow access to Cinder volumes: + +#. Enable Cinder Ceph backend for Zun in ``globals.yml``: + + .. code-block:: yaml + + zun_configure_for_cinder_ceph: "yes" + +#. Copy Ceph configuration file to: + * ``/etc/kolla/config/zun/zun-compute/ceph.conf`` + +#. Copy Ceph keyring file(s) to: + + * ``/etc/kolla/config/zun/zun-compute/`` + + Nova ---- @@ -303,3 +320,13 @@ HTTPS (443) port will be used. For example: The HAProxy frontend port is defined via ``ceph_rgw_port``, and defaults to 6780. + +Cephadm and Ceph Client Version +=============================== +When configuring Zun with Cinder volumes, kolla-ansible installs some +Ceph client packages on zun-compute hosts. You can set the version +of the Ceph packages installed by, + +#. Configuring Ceph version details in ``/etc/kolla/globals.yml``: + + * ``ceph_version`` (default: ``pacific``) diff --git a/releasenotes/notes/bug-1848934-878a08b490856a53.yaml b/releasenotes/notes/bug-1848934-878a08b490856a53.yaml new file mode 100644 index 0000000000..0b8ddcc94f --- /dev/null +++ b/releasenotes/notes/bug-1848934-878a08b490856a53.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes deploy Zun with Cinder Ceph support. + Adds support for zun to access cinder volumes + when external ceph is configured for cinder. + `LP#1848934 `__