From eb7e0f6fdac86ea9501b98e6e71554b024bffe96 Mon Sep 17 00:00:00 2001
From: Buddhika Sanjeewa <bsanjeewa@kln.ac.lk>
Date: Fri, 14 Jan 2022 14:42:20 +0000
Subject: [PATCH] Deploy Zun with Cinder Ceph support
Enables zun to access cinder volumes when cinder is configured to use
external ceph.
Copies ceph config file and ceph cinder keyring to /etc/ceph in
zun_compute container.
Closes-Bug: 1848934
Change-Id: Ie56868d5e9ed37a9274b8cbe65895f3634b895c8
---
ansible/group_vars/all.yml | 3 +
ansible/roles/baremetal/defaults/main.yml | 19 +++++++
.../baremetal/tasks/bootstrap-servers.yml | 5 ++
.../tasks/configure-ceph-for-zun.yml | 55 +++++++++++++++++++
ansible/roles/zun/defaults/main.yml | 1 +
ansible/roles/zun/tasks/config.yml | 5 ++
ansible/roles/zun/tasks/external_ceph.yml | 27 +++++++++
.../roles/zun/templates/zun-compute.json.j2 | 20 ++++++-
.../reference/storage/external-ceph-guide.rst | 27 +++++++++
.../notes/bug-1848934-878a08b490856a53.yaml | 7 +++
10 files changed, 168 insertions(+), 1 deletion(-)
create mode 100644 ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml
create mode 100644 ansible/roles/zun/tasks/external_ceph.yml
create mode 100644 releasenotes/notes/bug-1848934-878a08b490856a53.yaml
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 200191e3ab..2bc744b2ee 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -133,6 +133,9 @@ docker_zun_config:
# Extra containerd options for Zun
containerd_configure_for_zun: "no"
+# Enable Ceph backed Cinder Volumes for zun
+zun_configure_for_cinder_ceph: "no"
+
# 42463 is the static group id of the zun user in the Zun image.
# If users customize this value on building the Zun images,
# they need to change this config accordingly.
diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index bb19f40b71..7c8300b310 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -16,6 +16,25 @@ docker_yum_gpgkey: "{{ docker_yum_url }}/gpg"
docker_yum_gpgcheck: true
docker_yum_package: "docker-ce"
+ceph_version: "pacific"
+epel_version: "8"
+ceph_url: "https://download.ceph.com"
+
+# Ceph APT repository configuration.
+ceph_apt_url: "{{ ceph_url }}/debian-{{ ceph_version }}/"
+ceph_apt_repo: "deb {{ ceph_apt_url }} {{ ansible_facts.distribution_release }} main"
+ceph_apt_key_file: "{{ ceph_url }}/keys/release.gpg"
+ceph_apt_key_id: "460F3994"
+ceph_apt_package: "ceph-common"
+
+# Ceph Yum repository configuration.
+ceph_yum_url: "{{ ceph_url }}/rpm-{{ ceph_version }}/"
+ceph_yum_baseurl: "{{ ceph_yum_url }}el{{ epel_version }}/$basearch/"
+ceph_yum_gpgkey: "{{ ceph_url }}/keys/release.asc"
+ceph_yum_gpgcheck: true
+ceph_yum_package: "ceph-common"
+epel_yum_package: "epel-release"
+
customize_etc_hosts: True
create_kolla_user: True
diff --git a/ansible/roles/baremetal/tasks/bootstrap-servers.yml b/ansible/roles/baremetal/tasks/bootstrap-servers.yml
index 46f2ae103e..dfe37fe4dc 100644
--- a/ansible/roles/baremetal/tasks/bootstrap-servers.yml
+++ b/ansible/roles/baremetal/tasks/bootstrap-servers.yml
@@ -9,3 +9,8 @@
when:
- containerd_configure_for_zun|bool
- "'zun-cni-daemon' in group_names"
+
+- include_tasks: configure-ceph-for-zun.yml
+ when:
+ - zun_configure_for_cinder_ceph | bool
+ - "'zun-compute' in group_names"
diff --git a/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml b/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml
new file mode 100644
index 0000000000..606c14b554
--- /dev/null
+++ b/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml
@@ -0,0 +1,55 @@
+---
+- name: Install ceph-common
+ block:
+ - block:
+ - name: Install ceph apt gpg key
+ apt_key:
+ url: "{{ ceph_apt_key_file }}"
+ id: "{{ ceph_apt_key_id }}"
+ state: present
+ become: True
+
+ - name: Enable ceph apt repository
+ apt_repository:
+ repo: "{{ ceph_apt_repo }}"
+ filename: ceph
+ become: True
+
+ - name: Install apt packages
+ package:
+ name: "{{ ceph_apt_package }}"
+ state: present
+ become: True
+ when: ansible_facts.os_family == 'Debian'
+
+ - block:
+ - name: Enable ceph yum repository
+ yum_repository:
+ name: ceph
+ description: Ceph main Repository
+ baseurl: "{{ ceph_yum_baseurl }}"
+ gpgcheck: "{{ ceph_yum_gpgcheck | bool }}"
+ gpgkey: "{{ ceph_yum_gpgkey }}"
+ become: True
+
+ - name: Enable epel yum repository
+ package:
+ name: "{{ epel_yum_package }}"
+ state: present
+ become: True
+
+ - name: Install ceph rpm gpg key
+ rpm_key:
+ state: present
+ key: "{{ ceph_yum_gpgkey }}"
+ become: True
+ when:
+ - ceph_yum_gpgcheck | bool
+
+ - name: Install RPM packages
+ package:
+ name: "{{ ceph_yum_package }}"
+ state: present
+ enablerepo: epel
+ become: True
+ when: ansible_facts.os_family == 'RedHat'
diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml
index 63c34edc62..f6bcdd4b0b 100644
--- a/ansible/roles/zun/defaults/main.yml
+++ b/ansible/roles/zun/defaults/main.yml
@@ -169,6 +169,7 @@ zun_compute_default_volumes:
- "/lib/modules:/lib/modules:ro"
- "/dev:/dev"
- "{% if enable_iscsid | bool %}iscsi_info:/etc/iscsi{% endif %}"
+ - "{% if zun_configure_for_cinder_ceph | bool %}/var/lib/zun:/var/lib/zun:shared{% endif %}"
zun_cni_daemon_default_volumes:
- "{{ node_config_directory }}/zun-cni-daemon/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml
index f0c34a0074..5b10fb0677 100644
--- a/ansible/roles/zun/tasks/config.yml
+++ b/ansible/roles/zun/tasks/config.yml
@@ -12,6 +12,11 @@
- item.value.enabled | bool
with_dict: "{{ zun_services }}"
+- include_tasks: external_ceph.yml
+ when:
+ - zun_configure_for_cinder_ceph | bool
+ - inventory_hostname in groups['zun-compute']
+
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
diff --git a/ansible/roles/zun/tasks/external_ceph.yml b/ansible/roles/zun/tasks/external_ceph.yml
new file mode 100644
index 0000000000..325059eaa7
--- /dev/null
+++ b/ansible/roles/zun/tasks/external_ceph.yml
@@ -0,0 +1,27 @@
+---
+- name: Copying over ceph.conf for Zun
+ copy:
+ src: "{{ node_custom_config }}/zun/zun-compute/ceph.conf"
+ dest: "{{ node_config_directory }}/zun-compute/"
+ mode: "0660"
+ become: true
+ notify:
+ - Restart zun-compute container
+
+- name: Copy over Ceph keyring files for zun-compute
+ copy:
+ src: "{{ node_custom_config }}/zun/zun-compute/{{ ceph_cinder_keyring }}"
+ dest: "{{ node_config_directory }}/zun-compute/"
+ mode: "0660"
+ become: true
+ when: external_ceph_cephx_enabled | bool
+ notify:
+ - Restart zun-compute container
+
+- name: Ensuring config directory has correct owner and permission
+ become: true
+ file:
+ path: "{{ node_config_directory }}/zun-compute"
+ recurse: yes
+ owner: "{{ config_owner_user }}"
+ group: "{{ config_owner_group }}"
diff --git a/ansible/roles/zun/templates/zun-compute.json.j2 b/ansible/roles/zun/templates/zun-compute.json.j2
index 1e4e09fc85..36d6527dce 100644
--- a/ansible/roles/zun/templates/zun-compute.json.j2
+++ b/ansible/roles/zun/templates/zun-compute.json.j2
@@ -6,6 +6,20 @@
"dest": "/etc/zun/zun.conf",
"owner": "zun",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}",
+ "dest": "/etc/ceph/{{ ceph_cinder_keyring }}",
+ "owner": "zun",
+ "perm": "0600",
+ "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }}
+ },
+ {
+ "source": "{{ container_config_directory }}/ceph.conf",
+ "dest": "/etc/ceph/ceph.conf",
+ "owner": "zun",
+ "perm": "0600",
+ "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }}
}{% if zun_policy_file is defined %},
{
"source": "{{ container_config_directory }}/{{ zun_policy_file }}",
@@ -19,6 +33,10 @@
"path": "/var/log/kolla/zun",
"owner": "zun:kolla",
"recurse": true
- }
+ }{% if zun_configure_for_cinder_ceph | bool %},
+ {
+ "path": "/var/lib/zun",
+ "owner": "zun:kolla"
+ }{% endif %}
]
}
diff --git a/doc/source/reference/storage/external-ceph-guide.rst b/doc/source/reference/storage/external-ceph-guide.rst
index ca5c877015..fe47442f4e 100644
--- a/doc/source/reference/storage/external-ceph-guide.rst
+++ b/doc/source/reference/storage/external-ceph-guide.rst
@@ -138,6 +138,23 @@ Nova must also be configured to allow access to Cinder volumes:
* ``/etc/kolla/config/nova/<ceph_cinder_keyring>``
+If ``zun`` is enabled, and you wish to use cinder volumes with zun,
+it must also be configured to allow access to Cinder volumes:
+
+#. Enable Cinder Ceph backend for Zun in ``globals.yml``:
+
+ .. code-block:: yaml
+
+ zun_configure_for_cinder_ceph: "yes"
+
+#. Copy Ceph configuration file to:
+ * ``/etc/kolla/config/zun/zun-compute/ceph.conf``
+
+#. Copy Ceph keyring file(s) to:
+
+ * ``/etc/kolla/config/zun/zun-compute/<ceph_cinder_keyring>``
+
+
Nova
----
@@ -303,3 +320,13 @@ HTTPS (443) port will be used. For example:
The HAProxy frontend port is defined via ``ceph_rgw_port``, and defaults to
6780.
+
+Cephadm and Ceph Client Version
+===============================
+When configuring Zun with Cinder volumes, kolla-ansible installs some
+Ceph client packages on zun-compute hosts. You can set the version
+of the Ceph packages installed by,
+
+#. Configuring Ceph version details in ``/etc/kolla/globals.yml``:
+
+ * ``ceph_version`` (default: ``pacific``)
diff --git a/releasenotes/notes/bug-1848934-878a08b490856a53.yaml b/releasenotes/notes/bug-1848934-878a08b490856a53.yaml
new file mode 100644
index 0000000000..0b8ddcc94f
--- /dev/null
+++ b/releasenotes/notes/bug-1848934-878a08b490856a53.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+ - |
+ Fixes deploy Zun with Cinder Ceph support.
+ Adds support for zun to access cinder volumes
+ when external ceph is configured for cinder.
+ `LP#1848934 <https://launchpad.net/bugs/1848934>`__