Juju Charms Collection
ceph-osd package

Merge lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption into lp:~openstack-charmers-archive/charms/trusty/ceph-osd/next

Proposed by Chris MacNaughton on 2016-02-29

Status:	Needs review
Proposed branch:	lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption
Merge into:	lp:~openstack-charmers-archive/charms/trusty/ceph-osd/next
Diff against target:	155 lines (+65/-5) 4 files modified config.yaml (+8/-1) hooks/ceph.py (+10/-3) hooks/ceph_hooks.py (+2/-1) tests/basic_deployment.py (+45/-0)
To merge this branch:	bzr merge lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
OpenStack Charmers		2016-02-29	Pending
Review via email: mp+287483@code.launchpad.net

Description of the Change

Add support for Ceph's dmcrypt options on ceph-disk prepare

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_unit_test #1474 ceph-osd-next for chris.macnaughton mp287483
UNIT OK: passed

Build: http://10.245.162.36:8080/job/charm_unit_test/1474/

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_lint_check #1736 ceph-osd-next for chris.macnaughton mp287483
LINT OK: passed

Build: http://10.245.162.36:8080/job/charm_lint_check/1736/

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_amulet_test #620 ceph-osd-next for chris.macnaughton mp287483
AMULET OK: passed

Build: http://10.245.162.36:8080/job/charm_amulet_test/620/

lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption updated on 2016-02-29

69. By Chris MacNaughton on 2016-02-29: first pass at a test

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_lint_check #1737 ceph-osd-next for chris.macnaughton mp287483
LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
make: *** [lint] Error 1
ERROR:root:Make target returned non-zero.

Full lint test output: http://paste.ubuntu.com/15246378/
Build: http://10.245.162.36:8080/job/charm_lint_check/1737/

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_unit_test #1475 ceph-osd-next for chris.macnaughton mp287483
UNIT OK: passed

Build: http://10.245.162.36:8080/job/charm_unit_test/1475/

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_amulet_test #621 ceph-osd-next for chris.macnaughton mp287483
AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/15246515/
Build: http://10.245.162.36:8080/job/charm_amulet_test/621/

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_lint_check #1738 ceph-osd-next for chris.macnaughton mp287483
LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
make: *** [lint] Error 1
ERROR:root:Make target returned non-zero.

Full lint test output: http://paste.ubuntu.com/15246521/
Build: http://10.245.162.36:8080/job/charm_lint_check/1738/

uosci-testing-bot (uosci-testing-bot) wrote on 2016-02-29:

charm_amulet_test #622 ceph-osd-next for chris.macnaughton mp287483
AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/15247101/
Build: http://10.245.162.36:8080/job/charm_amulet_test/622/

Unmerged revisions

69. By Chris MacNaughton on 2016-02-29: first pass at a test
68. By Chris MacNaughton on 2016-02-29: add encrypt option for OSDs

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Chris MacNaughton

Eric Desrochers

Nobuto Murata

OpenStack Charmers

 === modified file 'config.yaml'
 --- config.yaml	2016-02-25 15:48:22 +0000
 +++ config.yaml	2016-02-29 19:29:45 +0000
@@ -54,6 +54,13 @@
        Specifying this option (any value) forces a reformat of any OSD devices
        found which are not already mounted.
++  osd-encrypt:
++    type: boolean
++    default: False
++    description: |
++      By default, the charm will NOT encrypt Ceph OSD devices; however, by
++      setting osd-encrypt to True, Ceph's dmcrypt support will be used to
++      encrypt OSD devices.
    ignore-device-errors:
      type: boolean
      default: False
@@ -137,7 +144,7 @@
                  kernel.threads-max: 2097152 }'
      description: |
        YAML-formatted associative array of sysctl key/value pairs to be set
--      persistently. By default we set pid_max, max_map_count and
++      persistently. By default we set pid_max, max_map_count and
        threads-max to a high value to avoid problems with large numbers (>20)
        of OSDs recovering. very large clusters should set those values even
        higher (e.g. max for kernel.pid_max is 4194303).
 === modified file 'hooks/ceph.py'
 --- hooks/ceph.py	2016-01-29 07:31:13 +0000
 +++ hooks/ceph.py	2016-02-29 19:29:45 +0000
@@ -172,6 +172,7 @@
+ ]
  CEPH_PARTITIONS = [
++    '4FBD7E29-9D25-41B8-AFD0-5EC00CEFF05D',  # ceph encrypted osd data
      '4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D',  # ceph osd data
      '45B0969E-9B03-4F30-B4C6-B4B80CEFF106',  # ceph osd journal
+ ]
@@ -428,7 +429,7 @@
  def osdize(dev, osd_format, osd_journal, reformat_osd=False,
--           ignore_errors=False):
++           ignore_errors=False, encrypt=False):
      if dev.startswith('/dev'):
          osdize_dev(dev, osd_format, osd_journal, reformat_osd, ignore_errors)
      else:
@@ -436,7 +437,7 @@
  def osdize_dev(dev, osd_format, osd_journal, reformat_osd=False,
--               ignore_errors=False):
++               ignore_errors=False, encrypt=False):
      if not os.path.exists(dev):
          log('Path {} does not exist - bailing'.format(dev))
          return
@@ -457,6 +458,9 @@
      status_set('maintenance', 'Initializing device {}'.format(dev))
      cmd = ['ceph-disk', 'prepare']
      # Later versions of ceph support more options
++    if cmp_pkgrevno('ceph', '0.60') >= 0:
++        if encrypt:
++            cmd.append('--dmcrypt')
      if cmp_pkgrevno('ceph', '0.48.3') >= 0:
          if osd_format:
              cmd.append('--fs-type')
@@ -485,7 +489,7 @@
              raise e
--def osdize_dir(path):
++def osdize_dir(path, encrypt=False):
      if os.path.exists(os.path.join(path, 'upstart')):
          log('Path {} is already configured as an OSD - bailing'.format(path))
          return
@@ -504,6 +508,9 @@
          '--data-dir',
          path
+     ]
++    if cmp_pkgrevno('ceph', '0.60') >= 0:
++        if encrypt:
++            cmd.append('--dmcrypt')
      subprocess.check_call(cmd)
 === modified file 'hooks/ceph_hooks.py'
 --- hooks/ceph_hooks.py	2016-02-25 15:48:22 +0000
 +++ hooks/ceph_hooks.py	2016-02-29 19:29:45 +0000
@@ -181,7 +181,8 @@
          for dev in get_devices():
              ceph.osdize(dev, config('osd-format'),
                          osd_journal, config('osd-reformat'),
--                        config('ignore-device-errors'))
++                        config('ignore-device-errors'),
++                        config('osd-encrypt'))
          ceph.start_osds(get_devices())
 === modified file 'tests/basic_deployment.py'
 --- tests/basic_deployment.py	2016-02-22 20:21:12 +0000
 +++ tests/basic_deployment.py	2016-02-29 19:29:45 +0000
@@ -394,6 +394,51 @@
                  message = "nova (rbd) config error: {}".format(ret)
                  amulet.raise_status(amulet.FAIL, msg=message)
++    def test_307_ceph_encryption(ceph):
++        sentry = self.ceph_osd_sentry
++        set_alternate = {'osd-encrypt': 'True', 'osd-devices': '/dev/vdb /srv/ceph /srv/ceph_encrypted'}
++        u.log.debug('Making config change on {}...'.format(juju_service))
++        mtime = u.get_sentry_time(sentry)
++        self.d.configure(juju_service, set_alternate)
++        unit_name = sentry.info['unit_name']
++
++        sleep_time = 30
++        retry_count = 30
++        file_mtime = None
++        time.sleep(sleep_time)
++
++        filename = '/etc/ceph/dmcrypt-keys'
++        while tries <= retry_count and not file_mtime:
++            try:
++                file_mtime = sentry.file_stat()['mtime']
++                self.log.debug('Attempt {} to get {} mtime on {} '
++                               'OK'.format(tries, filename, unit_name))
++            except IOError as e:
++                # NOTE(beisner) - race avoidance, file may not exist yet.
++                # https://bugs.launchpad.net/charm-helpers/+bug/1474030
++                self.log.debug('Attempt {} to get {} file mtime on {} '
++                               'failed\n{}'.format(tries, filename,
++                                                   unit_name, e))
++                time.sleep(retry_sleep_time)
++                tries += 1
++
++        if not file_mtime:
++            self.log.warn('Could not determine file mtime, assuming '
++                          'file does not exist')
++            return False
++
++        if file_mtime >= mtime:
++            self.log.debug('Folder mtime is newer than provided mtime '
++                           '(%s >= %s) on %s (OK)' % (file_mtime,
++                                                      mtime, unit_name))
++            return True
++        else:
++            self.log.warn('Folder mtime is older than provided mtime'
++                          '(%s < on %s) on %s' % (file_mtime,
++                                                  mtime, unit_name))
++            return False
++
++
      def test_400_ceph_check_osd_pools(self):
          """Check osd pools on all ceph units, expect them to be
          identical, and expect specific pools to be present."""

Juju Charms Collectionceph-osd package

Merge lp:~chris.macnaughton/charms/trusty/ceph-osd/add-encryption into lp:~openstack-charmers-archive/charms/trusty/ceph-osd/next

Commit Message

Description of the Change

Unmerged revisions

Preview Diff

Subscribers

Juju Charms Collection
ceph-osd package