Merge pull request #314 from enovance/enhancement/309/emilien

ceph: configure nova pool and keyring

manifests/compute/hypervisor.pp

@@ -34,9 +34,9 @@ class cloud::compute::hypervisor(
   $nova_ssh_private_key       = $os_params::nova_ssh_private_key,
   $nova_ssh_public_key        = $os_params::nova_ssh_public_key,
   $spice_port                 = $os_params::spice_port,
-  $rbd_user                   = $os_params::cinder_rbd_user,
+  $cinder_rbd_user            = $os_params::cinder_rbd_user,
-  $rbd_pool                   = $os_params::cinder_rbd_pool,
+  $nova_rbd_pool              = $os_params::nova_rbd_pool,
-  $rbd_secret_uuid            = $os_params::ceph_fsid,
+  $nova_rbd_secret_uuid       = $os_params::ceph_fsid,
   $has_ceph                   = false
 ) {
 
@@ -118,10 +118,10 @@ Host *
     # TODO(EmilienM) Temporary, while https://review.openstack.org/#/c/72440 got merged
     nova_config {
       'DEFAULT/libvirt_images_type':          value => 'rbd';
-      'DEFAULT/libvirt_images_rbd_pool':      value => $rbd_pool;
+      'DEFAULT/libvirt_images_rbd_pool':      value => $nova_rbd_pool;
       'DEFAULT/libvirt_images_rbd_ceph_conf': value => '/etc/ceph/ceph.conf';
-      'DEFAULT/rbd_user':                     value => $rbd_user;
+      'DEFAULT/rbd_user':                     value => $cinder_rbd_user;
-      'DEFAULT/rbd_secret_uuid':              value => $rbd_secret_uuid;
+      'DEFAULT/rbd_secret_uuid':              value => $nova_rbd_secret_uuid;
     }
 
     # Extra config for nova-compute
@@ -135,6 +135,17 @@ Host *
     File <<| tag == 'ceph_compute_secret_file' |>>
     Exec <<| tag == 'get_or_set_virsh_secret' |>>
     Exec <<| tag == 'set_secret_value_virsh' |>>
+
+    Ceph::Key <<| title == $cinder_rbd_user |>>
+    if defined(Ceph::Key[$cinder_rbd_user]) {
+      file { "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring":
+        owner   => 'nova',
+        group   => 'nova',
+        mode    => '0400',
+        require => Ceph::Key[$cinder_rbd_user]
+      }
+    }
+    Concat::Fragment <<| title == 'ceph-client-os' |>>
   }
 
   class { 'ceilometer::agent::compute': }

manifests/image.pp

@@ -80,8 +80,8 @@ class cloud::image(
   $rabbit_host                      = $os_params::rabbit_host,
   $api_eth                          = $os_params::api_eth,
   $openstack_vip                    = $os_params::vip_public_ip,
-  $rbd_store_pool                   = $os_params::glance_rbd_pool,
+  $glance_rbd_pool                  = $os_params::glance_rbd_pool,
-  $rbd_store_user                   = $os_params::glance_rbd_user,
+  $glance_rbd_user                  = $os_params::glance_rbd_user,
   $verbose                          = $os_params::verbose,
   $debug                            = $os_params::debug,
   $log_facility                     = $os_params::log_facility,
@@ -147,17 +147,17 @@ class cloud::image(
   # }
 
   class { 'glance::backend::rbd':
-    rbd_store_user => $rbd_store_user,
+    rbd_store_user => $glance_rbd_user,
-    rbd_store_pool => $rbd_store_pool
+    rbd_store_pool => $glance_rbd_pool
   }
 
-  Ceph::Key <<| title == $glance_user |>>
+  Ceph::Key <<| title == $glance_rbd_user |>>
-  if defined(Ceph::Key[$glance_user]) {
+  if defined(Ceph::Key[$glance_rbd_user]) {
     file { '/etc/ceph/ceph.client.glance.keyring':
       owner   => 'glance',
       group   => 'glance',
       mode    => '0400',
-      require => Ceph::Key[$glance_user]
+      require => Ceph::Key[$glance_rbd_user]
     }
   }
   Concat::Fragment <<| title == 'ceph-client-os' |>>

manifests/storage/rbd/pools.pp

@@ -15,12 +15,11 @@
 #
 class cloud::storage::rbd::pools(
   $setup_pools          = false,
-  $glance_user          = $os_params::glance_rbd_user,
+  $glance_rbd_user      = $os_params::glance_rbd_user,
-  $glance_pool          = $os_params::glance_rbd_pool,
+  $glance_rbd_pool      = $os_params::glance_rbd_pool,
-  $cinder_user          = $os_params::cinder_rbd_user,
+  $cinder_rbd_user      = $os_params::cinder_rbd_user,
-  $cinder_pool          = $os_params::cinder_rbd_pool,
+  $cinder_rbd_pool      = $os_params::cinder_rbd_pool,
-  $pool_default_pg_num  = $::ceph::conf::pool_default_pg_num,
+  $nova_rbd_pool        = $os_params::nova_rbd_pool,
-  $pool_default_pgp_num = $::ceph::conf::pool_default_pgp_num,
   $cinder_backup_user   = $os_params::cinder_rbd_backup_user,
   $cinder_backup_pool   = $os_params::cinder_rbd_backup_pool,
   $ceph_fsid            = $os_params::ceph_fsid,
@@ -29,38 +28,42 @@ class cloud::storage::rbd::pools(
   if $setup_pools {
     if !empty($::ceph_admin_key) {
 
-      # ceph osd pool create poolname 128 128
+      exec { "create_${glance_rbd_pool}_pool":
-      exec { 'create_glance_images_pool':
+        command => "rados mkpool ${glance_rbd_pool}",
-        command => "rados mkpool ${glance_pool} ${pool_default_pg_num} ${pool_default_pgp_num}",
+        unless  => "rados lspools | grep -sq ${glance_rbd_pool}",
-        unless  => "rados lspools | grep -sq ${glance_pool}",
       }
 
-      exec { 'create_glance_images_user_and_key':
+      exec { "create_${glance_rbd_pool}_user_and_key":
-        command => "ceph auth get-or-create client.${glance_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${glance_pool}'",
+        command => "ceph auth get-or-create client.${glance_rbd_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${glance_rbd_pool}'",
-        unless  => "ceph auth list 2> /dev/null | egrep -sq '^client.${glance_user}$'",
+        unless  => "ceph auth list 2> /dev/null | egrep -sq '^client.${glance_rbd_user}$'",
-        require => Exec['create_glance_images_pool'];
+        require => Exec["create_${glance_rbd_pool}_pool"];
       }
 
-      # ceph osd pool create poolname 128 128
+      exec { "create_${cinder_rbd_pool}_pool":
-      exec { 'create_cinder_volumes_pool':
+        command => "rados mkpool ${cinder_rbd_pool}",
-        command => "rados mkpool ${cinder_pool} ${pool_default_pg_num} ${pool_default_pgp_num}",
+        unless  => "/usr/bin/rados lspools | grep -sq ${cinder_rbd_pool}",
-        unless  => "/usr/bin/rados lspools | grep -sq ${cinder_pool}",
       }
 
-      exec { 'create_cinder_volumes_user_and_key':
+      exec { "create_${cinder_rbd_pool}_user_and_key":
         # TODO: point PG num with a cluster variable
-        command => "ceph auth get-or-create client.${cinder_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=${glance_pool}, allow rwx pool=${cinder_pool}'",
+        command => "ceph auth get-or-create client.${cinder_rbd_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=${glance_rbd_pool}, allow rwx pool=${cinder_rbd_pool}, allow rwx pool=${nova_rbd_pool}'",
-        unless  => "ceph auth list 2> /dev/null | egrep -sq '^client.${cinder_user}$'",
+        unless  => "ceph auth list 2> /dev/null | egrep -sq '^client.${cinder_rbd_user}$'",
-        require => Exec['create_cinder_volumes_pool'];
+        require => Exec["create_${cinder_rbd_pool}_pool"];
+      }
+
+      # Note(EmilienM): We use the same keyring for Nova and Cinder.
+      exec { "create_${nova_rbd_pool}_pool":
+        command => "rados mkpool ${nova_rbd_pool}",
+        unless  => "/usr/bin/rados lspools | grep -sq ${nova_rbd_pool}",
       }
 
       if $::ceph_keyring_glance {
         # NOTE(fc): Puppet needs to run a second time to enter this
-        ceph::key { $glance_user:
+        ceph::key { $glance_rbd_user:
           secret       => $::ceph_keyring_glance,
-          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+          keyring_path => "/etc/ceph/ceph.client.${glance_rbd_user}.keyring"
         } ->
-        file { "/etc/ceph/ceph.client.${glance_user}.keyring":
+        file { "/etc/ceph/ceph.client.${glance_rbd_user}.keyring":
           owner => 'glance',
           group => 'glance',
           mode  => '0400'
@@ -69,18 +72,18 @@ class cloud::storage::rbd::pools(
 
       if $::ceph_keyring_cinder {
         # NOTE(fc): Puppet needs to run a second time to enter this
-        ceph::key { $cinder_user:
+        ceph::key { $cinder_rbd_user:
           secret       => $::ceph_keyring_cinder,
-          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+          keyring_path => "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring"
         } ->
-        file { "/etc/ceph/ceph.client.${cinder_user}.keyring":
+        file { "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring":
           owner => 'cinder',
           group => 'cinder',
           mode  => '0400'
         }
       }
 
-      $clients = ['glance', 'cinder']
+      $clients = [$glance_rbd_user, $cinder_rbd_user]
       @@concat::fragment { 'ceph-clients-os':
         target  => '/etc/ceph/ceph.conf',
         order   => '95',

manifests/volume/storage.pp

@@ -73,13 +73,13 @@ class cloud::volume::storage(
     rbd_max_clone_depth              => $cinder_rbd_max_clone_depth,
   }
 
-  Ceph::Key <<| title == $cinder_user |>>
+  Ceph::Key <<| title == $cinder_rbd_user |>>
-  if defined(Ceph::Key[$cinder_user]) {
+  if defined(Ceph::Key[$cinder_rbd_user]) {
-    file { '/etc/ceph/ceph.client.cinder.keyring':
+    file { "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring":
       owner   => 'cinder',
       group   => 'cinder',
       mode    => '0400',
-      require => Ceph::Key[$cinder_user]
+      require => Ceph::Key[$cinder_rbd_user]
     }
   }
   Concat::Fragment <<| title == 'ceph-client-os' |>>

spec/classes/cloud_compute_hypervisor_spec.rb

@@ -71,9 +71,9 @@ describe 'cloud::compute::hypervisor' do
         :server_proxyclient_address           => '7.0.0.1',
         :spice_port                           => '6082',
         :has_ceph                             => true,
-        :rbd_user                             => 'cinder',
+        :cinder_rbd_user                      => 'cinder',
-        :rbd_pool                             => 'cinder',
+        :nova_rbd_pool                        => 'nova',
-        :rbd_secret_uuid                      => 'secrete',
+        :nova_rbd_secret_uuid                 => 'secrete',
         :nova_ssh_private_key                 => 'secrete',
         :nova_ssh_public_key                  => 'public',
         :ks_nova_public_proto                 => 'http',
@@ -234,7 +234,7 @@ describe 'cloud::compute::hypervisor' do
 
     it 'configure nova-conpute to support RBD backend' do
       should contain_nova_config('DEFAULT/libvirt_images_type').with('value' => 'rbd')
-      should contain_nova_config('DEFAULT/libvirt_images_rbd_pool').with('value' => 'cinder')
+      should contain_nova_config('DEFAULT/libvirt_images_rbd_pool').with('value' => 'nova')
       should contain_nova_config('DEFAULT/libvirt_images_rbd_ceph_conf').with('value' => '/etc/ceph/ceph.conf')
       should contain_nova_config('DEFAULT/rbd_user').with('value' => 'cinder')
       should contain_nova_config('DEFAULT/rbd_secret_uuid').with('value' => 'secrete')
@@ -254,7 +254,7 @@ describe 'cloud::compute::hypervisor' do
       end
 
       it 'should not configure nova-compute for RBD backend' do
-        should_not contain_nova_config('DEFAULT/rbd_user').with('value' => 'nova')
+        should_not contain_nova_config('DEFAULT/rbd_user').with('value' => 'cinder')
       end
     end
  end

spec/classes/cloud_image_spec.rb

@@ -31,8 +31,8 @@ describe 'cloud::image' do
       :ks_glance_password               => 'secrete',
       :rabbit_host                      => '10.0.0.1',
       :rabbit_password                  => 'secrete',
-      :rbd_store_user                   => 'glance',
+      :glance_rbd_user                  => 'glance',
-      :rbd_store_pool                   => 'images',
+      :glance_rbd_pool                  => 'images',
       :debug                            => true,
       :verbose                          => true,
       :use_syslog                       => true,

templates/storage/ceph/secret-compute.xml.erb

@@ -1,6 +1,6 @@
 <secret ephemeral='no' private='no'>
   <usage type='ceph'>
-    <name>client.<%= @cinder_user %> secret</name>
+    <name>client.<%= @cinder_rbd_user %> secret</name>
   </usage>
   <uuid><%= @ceph_fsid %></uuid>
 </secret>