Merge "Deploy Zun with Cinder Ceph support"

ansible/group_vars/all.yml

@@ -133,6 +133,9 @@ docker_zun_config:
 # Extra containerd options for Zun
 containerd_configure_for_zun: "no"
 
+# Enable Ceph backed Cinder Volumes for zun
+zun_configure_for_cinder_ceph: "no"
+
 # 42463 is the static group id of the zun user in the Zun image.
 # If users customize this value on building the Zun images,
 # they need to change this config accordingly.

ansible/roles/baremetal/defaults/main.yml

@@ -16,6 +16,25 @@ docker_yum_gpgkey: "{{ docker_yum_url }}/gpg"
 docker_yum_gpgcheck: true
 docker_yum_package: "docker-ce"
 
+ceph_version: "pacific"
+epel_version: "8"
+ceph_url: "https://download.ceph.com"
+
+# Ceph APT repository configuration.
+ceph_apt_url: "{{ ceph_url }}/debian-{{ ceph_version }}/"
+ceph_apt_repo: "deb {{ ceph_apt_url }} {{ ansible_facts.distribution_release }} main"
+ceph_apt_key_file: "{{ ceph_url }}/keys/release.gpg"
+ceph_apt_key_id: "460F3994"
+ceph_apt_package: "ceph-common"
+
+# Ceph Yum repository configuration.
+ceph_yum_url: "{{ ceph_url }}/rpm-{{ ceph_version }}/"
+ceph_yum_baseurl: "{{ ceph_yum_url }}el{{ epel_version }}/$basearch/"
+ceph_yum_gpgkey: "{{ ceph_url }}/keys/release.asc"
+ceph_yum_gpgcheck: true
+ceph_yum_package: "ceph-common"
+epel_yum_package: "epel-release"
+
 customize_etc_hosts: True
 
 create_kolla_user: True

ansible/roles/baremetal/tasks/bootstrap-servers.yml

@@ -9,3 +9,8 @@
   when:
     - containerd_configure_for_zun|bool
     - "'zun-cni-daemon' in group_names"
+
+- include_tasks: configure-ceph-for-zun.yml
+  when:
+    - zun_configure_for_cinder_ceph | bool
+    - "'zun-compute' in group_names"

ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml

@@ -0,0 +1,55 @@
+---
+- name: Install ceph-common
+  block:
+    - block:
+        - name: Install ceph apt gpg key
+          apt_key:
+            url: "{{ ceph_apt_key_file }}"
+            id: "{{ ceph_apt_key_id }}"
+            state: present
+          become: True
+
+        - name: Enable ceph apt repository
+          apt_repository:
+            repo: "{{ ceph_apt_repo }}"
+            filename: ceph
+          become: True
+
+        - name: Install apt packages
+          package:
+            name: "{{ ceph_apt_package }}"
+            state: present
+          become: True
+      when: ansible_facts.os_family == 'Debian'
+
+    - block:
+        - name: Enable ceph yum repository
+          yum_repository:
+            name: ceph
+            description: Ceph main Repository
+            baseurl: "{{ ceph_yum_baseurl }}"
+            gpgcheck: "{{ ceph_yum_gpgcheck | bool }}"
+            gpgkey: "{{ ceph_yum_gpgkey }}"
+          become: True
+
+        - name: Enable epel yum repository
+          package:
+            name: "{{ epel_yum_package }}"
+            state: present
+          become: True
+
+        - name: Install ceph rpm gpg key
+          rpm_key:
+            state: present
+            key: "{{ ceph_yum_gpgkey }}"
+          become: True
+          when:
+            - ceph_yum_gpgcheck | bool
+
+        - name: Install RPM packages
+          package:
+            name: "{{ ceph_yum_package }}"
+            state: present
+            enablerepo: epel
+          become: True
+      when: ansible_facts.os_family == 'RedHat'

ansible/roles/zun/defaults/main.yml

@@ -169,6 +169,7 @@ zun_compute_default_volumes:
   - "/lib/modules:/lib/modules:ro"
   - "/dev:/dev"
   - "{% if enable_iscsid | bool %}iscsi_info:/etc/iscsi{% endif %}"
+  - "{% if zun_configure_for_cinder_ceph | bool %}/var/lib/zun:/var/lib/zun:shared{% endif %}"
 zun_cni_daemon_default_volumes:
   - "{{ node_config_directory }}/zun-cni-daemon/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"

ansible/roles/zun/tasks/config.yml

@@ -12,6 +12,11 @@
     - item.value.enabled | bool
   with_dict: "{{ zun_services }}"
 
+- include_tasks: external_ceph.yml
+  when:
+    - zun_configure_for_cinder_ceph | bool
+    - inventory_hostname in groups['zun-compute']
+
 - name: Check if policies shall be overwritten
   stat:
     path: "{{ item }}"

ansible/roles/zun/tasks/external_ceph.yml

@@ -0,0 +1,27 @@
+---
+- name: Copying over ceph.conf for Zun
+  copy:
+    src: "{{ node_custom_config }}/zun/zun-compute/ceph.conf"
+    dest: "{{ node_config_directory }}/zun-compute/"
+    mode: "0660"
+  become: true
+  notify:
+    - Restart zun-compute container
+
+- name: Copy over Ceph keyring files for zun-compute
+  copy:
+    src: "{{ node_custom_config }}/zun/zun-compute/{{ ceph_cinder_keyring }}"
+    dest: "{{ node_config_directory }}/zun-compute/"
+    mode: "0660"
+  become: true
+  when: external_ceph_cephx_enabled | bool
+  notify:
+    - Restart zun-compute container
+
+- name: Ensuring config directory has correct owner and permission
+  become: true
+  file:
+    path: "{{ node_config_directory }}/zun-compute"
+    recurse: yes
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"

ansible/roles/zun/templates/zun-compute.json.j2

@@ -6,6 +6,20 @@
             "dest": "/etc/zun/zun.conf",
             "owner": "zun",
             "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}",
+            "dest": "/etc/ceph/{{ ceph_cinder_keyring }}",
+            "owner": "zun",
+            "perm": "0600",
+            "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }}
+        },
+        {
+            "source": "{{ container_config_directory }}/ceph.conf",
+            "dest": "/etc/ceph/ceph.conf",
+            "owner": "zun",
+            "perm": "0600",
+            "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }}
         }{% if zun_policy_file is defined %},
         {
             "source": "{{ container_config_directory }}/{{ zun_policy_file }}",
@@ -19,6 +33,10 @@
             "path": "/var/log/kolla/zun",
             "owner": "zun:kolla",
             "recurse": true
-        }
+        }{% if zun_configure_for_cinder_ceph | bool %},
+        {
+            "path": "/var/lib/zun",
+            "owner": "zun:kolla"
+        }{% endif %}
     ]
 }

doc/source/reference/storage/external-ceph-guide.rst

@@ -138,6 +138,23 @@ Nova must also be configured to allow access to Cinder volumes:
 
    * ``/etc/kolla/config/nova/<ceph_cinder_keyring>``
 
+If ``zun`` is enabled, and you wish to use cinder volumes with zun,
+it must also be configured to allow access to Cinder volumes:
+
+#. Enable Cinder Ceph backend for Zun in ``globals.yml``:
+
+   .. code-block:: yaml
+
+      zun_configure_for_cinder_ceph: "yes"
+
+#. Copy Ceph configuration file to:
+   * ``/etc/kolla/config/zun/zun-compute/ceph.conf``
+
+#. Copy Ceph keyring file(s) to:
+
+   * ``/etc/kolla/config/zun/zun-compute/<ceph_cinder_keyring>``
+
+
 Nova
 ----
 
@@ -303,3 +320,13 @@ HTTPS (443) port will be used. For example:
 
 The HAProxy frontend port is defined via ``ceph_rgw_port``, and defaults to
 6780.
+
+Cephadm and Ceph Client Version
+===============================
+When configuring Zun with Cinder volumes, kolla-ansible installs some
+Ceph client packages on zun-compute hosts. You can set the version
+of the Ceph packages installed by,
+
+#. Configuring Ceph version details in ``/etc/kolla/globals.yml``:
+
+   * ``ceph_version`` (default: ``pacific``)

releasenotes/notes/bug-1848934-878a08b490856a53.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes deploy Zun with Cinder Ceph support.
+    Adds support for zun to access cinder volumes
+    when external ceph is configured for cinder.
+    `LP#1848934 <https://launchpad.net/bugs/1848934>`__