From 2185a2201d46a895edd0b0b9fe3daad67c97ff49 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Wed, 26 Aug 2020 18:53:04 -0400 Subject: [PATCH] library: add radosgw_zone module This adds radosgw_zone ansible module for replacing the command module usage with the radosgw-admin zone command. Signed-off-by: Dimitri Savineau (cherry picked from commit 1281e8bcc810508c259acf537feef6c6d8677a6f) --- library/radosgw_zone.py | 459 +++++++++++++++++++ roles/ceph-rgw/tasks/multisite/checks.yml | 11 - roles/ceph-rgw/tasks/multisite/main.yml | 3 - roles/ceph-rgw/tasks/multisite/master.yml | 33 +- roles/ceph-rgw/tasks/multisite/secondary.yml | 33 +- tests/library/test_radosgw_zone.py | 151 ++++++ 6 files changed, 660 insertions(+), 30 deletions(-) create mode 100644 library/radosgw_zone.py delete mode 100644 roles/ceph-rgw/tasks/multisite/checks.yml create mode 100644 tests/library/test_radosgw_zone.py diff --git a/library/radosgw_zone.py b/library/radosgw_zone.py new file mode 100644 index 000000000..92e3e1f14 --- /dev/null +++ b/library/radosgw_zone.py @@ -0,0 +1,459 @@ +# Copyright 2020, Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = { + 'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community' +} + +DOCUMENTATION = ''' +--- +module: radosgw_zone + +short_description: Manage RADOS Gateway Zone + +version_added: "2.8" + +description: + - Manage RADOS Gateway zone(s) creation, deletion and updates. +options: + cluster: + description: + - The ceph cluster name. + required: false + default: ceph + name: + description: + - name of the RADOS Gateway zone. + required: true + state: + description: + If 'present' is used, the module creates a zone if it doesn't + exist or update it if it already exists. + If 'absent' is used, the module will simply delete the zone. + If 'info' is used, the module will return all details about the + existing zone (json formatted). + required: false + choices: ['present', 'absent', 'info'] + default: present + realm: + description: + - name of the RADOS Gateway realm. + required: true + zonegroup: + description: + - name of the RADOS Gateway zonegroup. + required: true + endpoints: + description: + - endpoints of the RADOS Gateway zone. + required: false + default: [] + access_key: + description: + - set the S3 access key of the user. + required: false + default: None + secret_key: + description: + - set the S3 secret key of the user. + required: false + default: None + default: + description: + - set the default flag on the zone. + required: false + default: false + master: + description: + - set the master flag on the zone. + required: false + default: false + +author: + - Dimitri Savineau +''' + +EXAMPLES = ''' +- name: create a RADOS Gateway default zone + radosgw_zone: + name: z1 + realm: foo + zonegroup: bar + endpoints: + - http://192.168.1.10:8080 + - http://192.168.1.11:8080 + default: true + +- name: get a RADOS Gateway zone information + radosgw_zone: + name: z1 + state: info + +- name: delete a RADOS Gateway zone + radosgw_zone: + name: z1 + state: absent +''' + +RETURN = '''# ''' + +from ansible.module_utils.basic import AnsibleModule # noqa E402 +import datetime # noqa E402 +import json # noqa E402 +import os # noqa E402 +import stat # noqa E402 +import time # noqa E402 + + +def container_exec(binary, container_image): + ''' + Build the docker CLI to run a command inside a container + ''' + + container_binary = os.getenv('CEPH_CONTAINER_BINARY') + command_exec = [container_binary, + 'run', + '--rm', + '--net=host', + '-v', '/etc/ceph:/etc/ceph:z', + '-v', '/var/lib/ceph/:/var/lib/ceph/:z', + '-v', '/var/log/ceph/:/var/log/ceph/:z', + '--entrypoint=' + binary, container_image] + return command_exec + + +def is_containerized(): + ''' + Check if we are running on a containerized cluster + ''' + + if 'CEPH_CONTAINER_IMAGE' in os.environ: + container_image = os.getenv('CEPH_CONTAINER_IMAGE') + else: + container_image = None + + return container_image + + +def pre_generate_radosgw_cmd(container_image=None): + ''' + Generate radosgw-admin prefix comaand + ''' + if container_image: + cmd = container_exec('radosgw-admin', container_image) + else: + cmd = ['radosgw-admin'] + + return cmd + + +def generate_radosgw_cmd(cluster, args, container_image=None): + ''' + Generate 'radosgw' command line to execute + ''' + + cmd = pre_generate_radosgw_cmd(container_image=container_image) + + base_cmd = [ + '--cluster', + cluster, + 'zone' + ] + + cmd.extend(base_cmd + args) + + return cmd + + +def exec_commands(module, cmd): + ''' + Execute command(s) + ''' + + rc, out, err = module.run_command(cmd) + + return rc, cmd, out, err + + +def create_zone(module, container_image=None): + ''' + Create a new zone + ''' + + cluster = module.params.get('cluster') + name = module.params.get('name') + realm = module.params.get('realm') + zonegroup = module.params.get('zonegroup') + endpoints = module.params.get('endpoints') + access_key = module.params.get('access_key') + secret_key = module.params.get('secret_key') + default = module.params.get('default') + master = module.params.get('master') + + args = [ + 'create', + '--rgw-realm=' + realm, + '--rgw-zonegroup=' + zonegroup, + '--rgw-zone=' + name + ] + + if endpoints: + args.extend(['--endpoints=' + ','.join(endpoints)]) + + if access_key: + args.extend(['--access-key=' + access_key]) + + if secret_key: + args.extend(['--secret-key=' + secret_key]) + + if default: + args.append('--default') + + if master: + args.append('--master') + + cmd = generate_radosgw_cmd(cluster=cluster, args=args, container_image=container_image) + + return cmd + + +def modify_zone(module, container_image=None): + ''' + Modify a new zone + ''' + + cluster = module.params.get('cluster') + name = module.params.get('name') + realm = module.params.get('realm') + zonegroup = module.params.get('zonegroup') + endpoints = module.params.get('endpoints') + access_key = module.params.get('access_key') + secret_key = module.params.get('secret_key') + default = module.params.get('default') + master = module.params.get('master') + + args = [ + 'modify', + '--rgw-realm=' + realm, + '--rgw-zonegroup=' + zonegroup, + '--rgw-zone=' + name + ] + + if endpoints: + args.extend(['--endpoints=' + ','.join(endpoints)]) + + if access_key: + args.extend(['--access-key=' + access_key]) + + if secret_key: + args.extend(['--secret-key=' + secret_key]) + + if default: + args.append('--default') + + if master: + args.append('--master') + + cmd = generate_radosgw_cmd(cluster=cluster, args=args, container_image=container_image) + + return cmd + + +def get_zone(module, container_image=None): + ''' + Get existing zone + ''' + + cluster = module.params.get('cluster') + name = module.params.get('name') + realm = module.params.get('realm') + zonegroup = module.params.get('zonegroup') + + args = [ + 'get', + '--rgw-realm=' + realm, + '--rgw-zonegroup=' + zonegroup, + '--rgw-zone=' + name, + '--format=json' + ] + + cmd = generate_radosgw_cmd(cluster=cluster, + args=args, + container_image=container_image) + + return cmd + + +def get_zonegroup(module, container_image=None): + ''' + Get existing zonegroup + ''' + + cluster = module.params.get('cluster') + realm = module.params.get('realm') + zonegroup = module.params.get('zonegroup') + + cmd = pre_generate_radosgw_cmd(container_image=container_image) + + args = [ + '--cluster', + cluster, + 'zonegroup', + 'get', + '--rgw-realm=' + realm, + '--rgw-zonegroup=' + zonegroup, + '--format=json' + ] + + cmd.extend(args) + + return cmd + + +def remove_zone(module, container_image=None): + ''' + Remove a zone + ''' + + cluster = module.params.get('cluster') + name = module.params.get('name') + realm = module.params.get('realm') + zonegroup = module.params.get('zonegroup') + + args = [ + 'delete', + '--rgw-realm=' + realm, + '--rgw-zonegroup=' + zonegroup, + '--rgw-zone=' + name + ] + + cmd = generate_radosgw_cmd(cluster=cluster, args=args, container_image=container_image) + + return cmd + + +def exit_module(module, out, rc, cmd, err, startd, changed=False): + endd = datetime.datetime.now() + delta = endd - startd + + result = dict( + cmd=cmd, + start=str(startd), + end=str(endd), + delta=str(delta), + rc=rc, + stdout=out.rstrip("\r\n"), + stderr=err.rstrip("\r\n"), + changed=changed, + ) + module.exit_json(**result) + + +def run_module(): + module_args = dict( + cluster=dict(type='str', required=False, default='ceph'), + name=dict(type='str', required=True), + state=dict(type='str', required=False, choices=['present', 'absent', 'info'], default='present'), + realm=dict(type='str', require=True), + zonegroup=dict(type='str', require=True), + endpoints=dict(type='list', require=False, default=[]), + access_key=dict(type='str', required=False), + secret_key=dict(type='str', required=False), + default=dict(type='bool', required=False, default=False), + master=dict(type='bool', required=False, default=False), + ) + + module = AnsibleModule( + argument_spec=module_args, + supports_check_mode=True, + ) + + # Gather module parameters in variables + name = module.params.get('name') + state = module.params.get('state') + endpoints = module.params.get('endpoints') + access_key = module.params.get('access_key') + secret_key = module.params.get('secret_key') + + if module.check_mode: + module.exit_json( + changed=False, + stdout='', + stderr='', + rc=0, + start='', + end='', + delta='', + ) + + startd = datetime.datetime.now() + changed = False + + # will return either the image name or None + container_image = is_containerized() + + if state == "present": + rc, cmd, out, err = exec_commands(module, get_zone(module, container_image=container_image)) + if rc == 0: + zone = json.loads(out) + _rc, _cmd, _out, _err = exec_commands(module, get_zonegroup(module, container_image=container_image)) + zonegroup = json.loads(_out) + if not access_key: + access_key = '' + if not secret_key: + secret_key = '' + current = { + 'endpoints': next(zone['endpoints'] for zone in zonegroup['zones'] if zone['name'] == name), + 'access_key': zone['system_key']['access_key'], + 'secret_key': zone['system_key']['secret_key'] + } + asked = { + 'endpoints': endpoints, + 'access_key': access_key, + 'secret_key': secret_key + } + if current != asked: + rc, cmd, out, err = exec_commands(module, modify_zone(module, container_image=container_image)) + changed = True + else: + rc, cmd, out, err = exec_commands(module, create_zone(module, container_image=container_image)) + changed = True + + elif state == "absent": + rc, cmd, out, err = exec_commands(module, get_zone(module, container_image=container_image)) + if rc == 0: + rc, cmd, out, err = exec_commands(module, remove_zone(module, container_image=container_image)) + changed = True + else: + rc = 0 + out = "Zone {} doesn't exist".format(name) + + elif state == "info": + rc, cmd, out, err = exec_commands(module, get_zone(module, container_image=container_image)) + + exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, changed=changed) + + +def main(): + run_module() + + +if __name__ == '__main__': + main() diff --git a/roles/ceph-rgw/tasks/multisite/checks.yml b/roles/ceph-rgw/tasks/multisite/checks.yml deleted file mode 100644 index 3783d9bf5..000000000 --- a/roles/ceph-rgw/tasks/multisite/checks.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: check if the zone already exists - command: "{{ container_exec_cmd }} radosgw-admin zone get --rgw-realm={{ item.realm }} --cluster={{ cluster }} --rgw-zonegroup={{ item.zonegroup }} --rgw-zone={{ item.zone }}" - delegate_to: "{{ groups[mon_group_name][0] }}" - register: zonecheck - failed_when: False - changed_when: False - check_mode: no - run_once: True - loop: "{{ zones }}" - when: zones is defined diff --git a/roles/ceph-rgw/tasks/multisite/main.yml b/roles/ceph-rgw/tasks/multisite/main.yml index 93299b3ad..37a4496e6 100644 --- a/roles/ceph-rgw/tasks/multisite/main.yml +++ b/roles/ceph-rgw/tasks/multisite/main.yml @@ -2,9 +2,6 @@ - name: include_tasks create_realm_zonegroup_zone_lists.yml include_tasks: create_realm_zonegroup_zone_lists.yml -- name: include multisite checks - include_tasks: checks.yml - # Include the tasks depending on the zone type - name: include_tasks master.yml include_tasks: master.yml diff --git a/roles/ceph-rgw/tasks/multisite/master.yml b/roles/ceph-rgw/tasks/multisite/master.yml index b60c35aa4..8b34565fb 100644 --- a/roles/ceph-rgw/tasks/multisite/master.yml +++ b/roles/ceph-rgw/tasks/multisite/master.yml @@ -27,16 +27,25 @@ CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" CEPH_CONTAINER_BINARY: "{{ container_binary }}" -- name: create the master zone - command: "{{ container_exec_cmd }} radosgw-admin zone create --cluster={{ cluster }} --rgw-realm={{ item.item.realm }} --rgw-zonegroup={{ item.item.zonegroup }} --rgw-zone={{ item.item.zone }} --access-key={{ item.item.system_access_key }} --secret={{ item.item.system_secret_key }} {{ '--default' if zones | length == 1 else '' }} --master" +- name: create the master zone(s) + radosgw_zone: + name: "{{ item.zone }}" + cluster: "{{ cluster }}" + realm: "{{ item.realm }}" + zonegroup: "{{ item.zonegroup }}" + access_key: "{{ item.system_access_key }}" + secret_key: "{{ item.system_secret_key }}" + default: "{{ true if zones | length == 1 else false }}" + master: true delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - loop: "{{ zonecheck.results }}" + loop: "{{ zones }}" when: - zones is defined - - zones | length > 0 - - item.item.is_master | bool - - "'No such file or directory' in item.stderr" + - item.is_master | bool + environment: + CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" + CEPH_CONTAINER_BINARY: "{{ container_binary }}" - name: add endpoints to their zone groups(s) radosgw_zonegroup: @@ -55,13 +64,21 @@ CEPH_CONTAINER_BINARY: "{{ container_binary }}" - name: add endpoints to their zone(s) - command: "{{ container_exec_cmd }} radosgw-admin zone modify --cluster={{ cluster }} --rgw-realm={{ item.realm }} --rgw-zonegroup={{ item.zonegroup }} --rgw-zone={{ item.zone }} --endpoints {{ item.endpoints }}" - loop: "{{ zone_endpoints_list }}" + radosgw_zone: + name: "{{ item.zone }}" + cluster: "{{ cluster }}" + realm: "{{ item.realm }}" + zonegroup: "{{ item.zonegroup }}" + endpoints: "{{ item.endpoints.split(',') }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true + loop: "{{ zone_endpoints_list }}" when: - zone_endpoints_list is defined - item.is_master | bool + environment: + CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" + CEPH_CONTAINER_BINARY: "{{ container_binary }}" - name: update period for zone creation command: "{{ container_exec_cmd }} radosgw-admin --cluster={{ cluster }} --rgw-realm={{ item.realm }} --rgw-zonegroup={{ item.zonegroup }} --rgw-zone={{ item.zone }} period update --commit" diff --git a/roles/ceph-rgw/tasks/multisite/secondary.yml b/roles/ceph-rgw/tasks/multisite/secondary.yml index 4537bc7a0..4d9230c47 100644 --- a/roles/ceph-rgw/tasks/multisite/secondary.yml +++ b/roles/ceph-rgw/tasks/multisite/secondary.yml @@ -26,25 +26,42 @@ loop: "{{ secondary_realms }}" when: secondary_realms is defined -- name: create the zone - command: "{{ container_exec_cmd }} radosgw-admin zone create --cluster={{ cluster }} --rgw-realm={{ item.item.realm }} --rgw-zonegroup={{ item.item.zonegroup }} --rgw-zone={{ item.item.zone }} --access-key={{ item.item.system_access_key }} --secret={{ item.item.system_secret_key }} {{ '--default' if zones | length == 1 else '' }}" +- name: create the zone(s) + radosgw_zone: + name: "{{ item.zone }}" + cluster: "{{ cluster }}" + realm: "{{ item.realm }}" + zonegroup: "{{ item.zonegroup }}" + access_key: "{{ item.system_access_key }}" + secret_key: "{{ item.system_secret_key }}" + default: "{{ true if zones | length == 1 else false }}" + master: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - loop: "{{ zonecheck.results }}" + loop: "{{ zones }}" when: - zones is defined - - zones | length > 0 - - not item.item.is_master | bool - - "'No such file or directory' in item.stderr" + - not item.is_master | bool + environment: + CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" + CEPH_CONTAINER_BINARY: "{{ container_binary }}" - name: add endpoints to their zone(s) - command: "{{ container_exec_cmd }} radosgw-admin zone modify --cluster={{ cluster }} --rgw-realm={{ item.realm }} --rgw-zonegroup={{ item.zonegroup }} --rgw-zone={{ item.zone }} --endpoints {{ item.endpoints }}" - loop: "{{ zone_endpoints_list }}" + radosgw_zone: + name: "{{ item.zone }}" + cluster: "{{ cluster }}" + realm: "{{ item.realm }}" + zonegroup: "{{ item.zonegroup }}" + endpoints: "{{ item.endpoints.split(',') }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true + loop: "{{ zone_endpoints_list }}" when: - zone_endpoints_list is defined - not item.is_master | bool + environment: + CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" + CEPH_CONTAINER_BINARY: "{{ container_binary }}" - name: update period for zone creation command: "{{ container_exec_cmd }} radosgw-admin --cluster={{ cluster }} --rgw-realm={{ item.realm }} --rgw-zonegroup={{ item.zonegroup }} --rgw-zone={{ item.zone }} period update --commit" diff --git a/tests/library/test_radosgw_zone.py b/tests/library/test_radosgw_zone.py new file mode 100644 index 000000000..fd1bfcdd1 --- /dev/null +++ b/tests/library/test_radosgw_zone.py @@ -0,0 +1,151 @@ +import os +import sys +from mock.mock import patch, MagicMock +import pytest +sys.path.append('./library') +import radosgw_zone # noqa: E402 + + +fake_binary = 'radosgw-admin' +fake_cluster = 'ceph' +fake_container_binary = 'podman' +fake_container_image = 'docker.io/ceph/daemon:latest' +fake_container_cmd = [ + fake_container_binary, + 'run', + '--rm', + '--net=host', + '-v', '/etc/ceph:/etc/ceph:z', + '-v', '/var/lib/ceph/:/var/lib/ceph/:z', + '-v', '/var/log/ceph/:/var/log/ceph/:z', + '--entrypoint=' + fake_binary, + fake_container_image +] +fake_realm = 'foo' +fake_zonegroup = 'bar' +fake_zone = 'z1' +fake_endpoints = ['http://192.168.1.10:8080', 'http://192.168.1.11:8080'] +fake_params = {'cluster': fake_cluster, + 'name': fake_zone, + 'realm': fake_realm, + 'zonegroup': fake_zonegroup, + 'endpoints': fake_endpoints, + 'default': True, + 'master': True} + + +class TestRadosgwZoneModule(object): + + @patch.dict(os.environ, {'CEPH_CONTAINER_BINARY': fake_container_binary}) + def test_container_exec(self): + cmd = radosgw_zone.container_exec(fake_binary, fake_container_image) + assert cmd == fake_container_cmd + + def test_not_is_containerized(self): + assert radosgw_zone.is_containerized() is None + + @patch.dict(os.environ, {'CEPH_CONTAINER_IMAGE': fake_container_image}) + def test_is_containerized(self): + assert radosgw_zone.is_containerized() == fake_container_image + + @pytest.mark.parametrize('image', [None, fake_container_image]) + @patch.dict(os.environ, {'CEPH_CONTAINER_BINARY': fake_container_binary}) + def test_pre_generate_radosgw_cmd(self, image): + if image: + expected_cmd = fake_container_cmd + else: + expected_cmd = [fake_binary] + + assert radosgw_zone.pre_generate_radosgw_cmd(image) == expected_cmd + + @pytest.mark.parametrize('image', [None, fake_container_image]) + @patch.dict(os.environ, {'CEPH_CONTAINER_BINARY': fake_container_binary}) + def test_generate_radosgw_cmd(self, image): + if image: + expected_cmd = fake_container_cmd + else: + expected_cmd = [fake_binary] + + expected_cmd.extend([ + '--cluster', + fake_cluster, + 'zone' + ]) + assert radosgw_zone.generate_radosgw_cmd(fake_cluster, [], image) == expected_cmd + + def test_create_zone(self): + fake_module = MagicMock() + fake_module.params = fake_params + expected_cmd = [ + fake_binary, + '--cluster', fake_cluster, + 'zone', 'create', + '--rgw-realm=' + fake_realm, + '--rgw-zonegroup=' + fake_zonegroup, + '--rgw-zone=' + fake_zone, + '--endpoints=' + ','.join(fake_endpoints), + '--default', + '--master' + ] + + assert radosgw_zone.create_zone(fake_module) == expected_cmd + + def test_modify_zone(self): + fake_module = MagicMock() + fake_module.params = fake_params + expected_cmd = [ + fake_binary, + '--cluster', fake_cluster, + 'zone', 'modify', + '--rgw-realm=' + fake_realm, + '--rgw-zonegroup=' + fake_zonegroup, + '--rgw-zone=' + fake_zone, + '--endpoints=' + ','.join(fake_endpoints), + '--default', + '--master' + ] + + assert radosgw_zone.modify_zone(fake_module) == expected_cmd + + def test_get_zone(self): + fake_module = MagicMock() + fake_module.params = fake_params + expected_cmd = [ + fake_binary, + '--cluster', fake_cluster, + 'zone', 'get', + '--rgw-realm=' + fake_realm, + '--rgw-zonegroup=' + fake_zonegroup, + '--rgw-zone=' + fake_zone, + '--format=json' + ] + + assert radosgw_zone.get_zone(fake_module) == expected_cmd + + def test_get_zonegroup(self): + fake_module = MagicMock() + fake_module.params = fake_params + expected_cmd = [ + fake_binary, + '--cluster', fake_cluster, + 'zonegroup', 'get', + '--rgw-realm=' + fake_realm, + '--rgw-zonegroup=' + fake_zonegroup, + '--format=json' + ] + + assert radosgw_zone.get_zonegroup(fake_module) == expected_cmd + + def test_remove_zone(self): + fake_module = MagicMock() + fake_module.params = fake_params + expected_cmd = [ + fake_binary, + '--cluster', fake_cluster, + 'zone', 'delete', + '--rgw-realm=' + fake_realm, + '--rgw-zonegroup=' + fake_zonegroup, + '--rgw-zone=' + fake_zone + ] + + assert radosgw_zone.remove_zone(fake_module) == expected_cmd