Merge lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption into lp:~openstack-charmers-archive/charms/trusty/ceph-osd/next

Proposed by Chris MacNaughton on 2016-02-29
Status: Needs review
Proposed branch: lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption
Merge into: lp:~openstack-charmers-archive/charms/trusty/ceph-osd/next
Diff against target: 155 lines (+65/-5)
4 files modified
config.yaml (+8/-1)
hooks/ceph.py (+10/-3)
hooks/ceph_hooks.py (+2/-1)
tests/basic_deployment.py (+45/-0)
To merge this branch: bzr merge lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption
Reviewer Review Type Date Requested Status
OpenStack Charmers 2016-02-29 Pending
Review via email: mp+287483@code.launchpad.net

Description of the change

Add support for Ceph's dmcrypt options on ceph-disk prepare

To post a comment you must log in.

charm_unit_test #1474 ceph-osd-next for chris.macnaughton mp287483
    UNIT OK: passed

Build: http://10.245.162.36:8080/job/charm_unit_test/1474/

charm_lint_check #1736 ceph-osd-next for chris.macnaughton mp287483
    LINT OK: passed

Build: http://10.245.162.36:8080/job/charm_lint_check/1736/

charm_amulet_test #620 ceph-osd-next for chris.macnaughton mp287483
    AMULET OK: passed

Build: http://10.245.162.36:8080/job/charm_amulet_test/620/

69. By Chris MacNaughton on 2016-02-29

first pass at a test

charm_lint_check #1737 ceph-osd-next for chris.macnaughton mp287483
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
make: *** [lint] Error 1
ERROR:root:Make target returned non-zero.

Full lint test output: http://paste.ubuntu.com/15246378/
Build: http://10.245.162.36:8080/job/charm_lint_check/1737/

charm_unit_test #1475 ceph-osd-next for chris.macnaughton mp287483
    UNIT OK: passed

Build: http://10.245.162.36:8080/job/charm_unit_test/1475/

charm_amulet_test #621 ceph-osd-next for chris.macnaughton mp287483
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/15246515/
Build: http://10.245.162.36:8080/job/charm_amulet_test/621/

charm_lint_check #1738 ceph-osd-next for chris.macnaughton mp287483
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
make: *** [lint] Error 1
ERROR:root:Make target returned non-zero.

Full lint test output: http://paste.ubuntu.com/15246521/
Build: http://10.245.162.36:8080/job/charm_lint_check/1738/

charm_amulet_test #622 ceph-osd-next for chris.macnaughton mp287483
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/15247101/
Build: http://10.245.162.36:8080/job/charm_amulet_test/622/

Unmerged revisions

69. By Chris MacNaughton on 2016-02-29

first pass at a test

68. By Chris MacNaughton on 2016-02-29

add encrypt option for OSDs

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2016-02-25 15:48:22 +0000
3+++ config.yaml 2016-02-29 19:29:45 +0000
4@@ -54,6 +54,13 @@
5
6 Specifying this option (any value) forces a reformat of any OSD devices
7 found which are not already mounted.
8+ osd-encrypt:
9+ type: boolean
10+ default: False
11+ description: |
12+ By default, the charm will NOT encrypt Ceph OSD devices; however, by
13+ setting osd-encrypt to True, Ceph's dmcrypt support will be used to
14+ encrypt OSD devices.
15 ignore-device-errors:
16 type: boolean
17 default: False
18@@ -137,7 +144,7 @@
19 kernel.threads-max: 2097152 }'
20 description: |
21 YAML-formatted associative array of sysctl key/value pairs to be set
22- persistently. By default we set pid_max, max_map_count and
23+ persistently. By default we set pid_max, max_map_count and
24 threads-max to a high value to avoid problems with large numbers (>20)
25 of OSDs recovering. very large clusters should set those values even
26 higher (e.g. max for kernel.pid_max is 4194303).
27
28=== modified file 'hooks/ceph.py'
29--- hooks/ceph.py 2016-01-29 07:31:13 +0000
30+++ hooks/ceph.py 2016-02-29 19:29:45 +0000
31@@ -172,6 +172,7 @@
32 ]
33
34 CEPH_PARTITIONS = [
35+ '4FBD7E29-9D25-41B8-AFD0-5EC00CEFF05D', # ceph encrypted osd data
36 '4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D', # ceph osd data
37 '45B0969E-9B03-4F30-B4C6-B4B80CEFF106', # ceph osd journal
38 ]
39@@ -428,7 +429,7 @@
40
41
42 def osdize(dev, osd_format, osd_journal, reformat_osd=False,
43- ignore_errors=False):
44+ ignore_errors=False, encrypt=False):
45 if dev.startswith('/dev'):
46 osdize_dev(dev, osd_format, osd_journal, reformat_osd, ignore_errors)
47 else:
48@@ -436,7 +437,7 @@
49
50
51 def osdize_dev(dev, osd_format, osd_journal, reformat_osd=False,
52- ignore_errors=False):
53+ ignore_errors=False, encrypt=False):
54 if not os.path.exists(dev):
55 log('Path {} does not exist - bailing'.format(dev))
56 return
57@@ -457,6 +458,9 @@
58 status_set('maintenance', 'Initializing device {}'.format(dev))
59 cmd = ['ceph-disk', 'prepare']
60 # Later versions of ceph support more options
61+ if cmp_pkgrevno('ceph', '0.60') >= 0:
62+ if encrypt:
63+ cmd.append('--dmcrypt')
64 if cmp_pkgrevno('ceph', '0.48.3') >= 0:
65 if osd_format:
66 cmd.append('--fs-type')
67@@ -485,7 +489,7 @@
68 raise e
69
70
71-def osdize_dir(path):
72+def osdize_dir(path, encrypt=False):
73 if os.path.exists(os.path.join(path, 'upstart')):
74 log('Path {} is already configured as an OSD - bailing'.format(path))
75 return
76@@ -504,6 +508,9 @@
77 '--data-dir',
78 path
79 ]
80+ if cmp_pkgrevno('ceph', '0.60') >= 0:
81+ if encrypt:
82+ cmd.append('--dmcrypt')
83 subprocess.check_call(cmd)
84
85
86
87=== modified file 'hooks/ceph_hooks.py'
88--- hooks/ceph_hooks.py 2016-02-25 15:48:22 +0000
89+++ hooks/ceph_hooks.py 2016-02-29 19:29:45 +0000
90@@ -181,7 +181,8 @@
91 for dev in get_devices():
92 ceph.osdize(dev, config('osd-format'),
93 osd_journal, config('osd-reformat'),
94- config('ignore-device-errors'))
95+ config('ignore-device-errors'),
96+ config('osd-encrypt'))
97 ceph.start_osds(get_devices())
98
99
100
101=== modified file 'tests/basic_deployment.py'
102--- tests/basic_deployment.py 2016-02-22 20:21:12 +0000
103+++ tests/basic_deployment.py 2016-02-29 19:29:45 +0000
104@@ -394,6 +394,51 @@
105 message = "nova (rbd) config error: {}".format(ret)
106 amulet.raise_status(amulet.FAIL, msg=message)
107
108+ def test_307_ceph_encryption(ceph):
109+ sentry = self.ceph_osd_sentry
110+ set_alternate = {'osd-encrypt': 'True', 'osd-devices': '/dev/vdb /srv/ceph /srv/ceph_encrypted'}
111+ u.log.debug('Making config change on {}...'.format(juju_service))
112+ mtime = u.get_sentry_time(sentry)
113+ self.d.configure(juju_service, set_alternate)
114+ unit_name = sentry.info['unit_name']
115+
116+ sleep_time = 30
117+ retry_count = 30
118+ file_mtime = None
119+ time.sleep(sleep_time)
120+
121+ filename = '/etc/ceph/dmcrypt-keys'
122+ while tries <= retry_count and not file_mtime:
123+ try:
124+ file_mtime = sentry.file_stat()['mtime']
125+ self.log.debug('Attempt {} to get {} mtime on {} '
126+ 'OK'.format(tries, filename, unit_name))
127+ except IOError as e:
128+ # NOTE(beisner) - race avoidance, file may not exist yet.
129+ # https://bugs.launchpad.net/charm-helpers/+bug/1474030
130+ self.log.debug('Attempt {} to get {} file mtime on {} '
131+ 'failed\n{}'.format(tries, filename,
132+ unit_name, e))
133+ time.sleep(retry_sleep_time)
134+ tries += 1
135+
136+ if not file_mtime:
137+ self.log.warn('Could not determine file mtime, assuming '
138+ 'file does not exist')
139+ return False
140+
141+ if file_mtime >= mtime:
142+ self.log.debug('Folder mtime is newer than provided mtime '
143+ '(%s >= %s) on %s (OK)' % (file_mtime,
144+ mtime, unit_name))
145+ return True
146+ else:
147+ self.log.warn('Folder mtime is older than provided mtime'
148+ '(%s < on %s) on %s' % (file_mtime,
149+ mtime, unit_name))
150+ return False
151+
152+
153 def test_400_ceph_check_osd_pools(self):
154 """Check osd pools on all ceph units, expect them to be
155 identical, and expect specific pools to be present."""

Subscribers

People subscribed via source and target branches