Commit Graph

2453 Commits (04868bf882da39857a377ad832ea42f0ffe449b9)
 

Author SHA1 Message Date
Andrew Schoen e874c7e8ac Merge pull request #1287 from ceph/no-priviledge-mode
No priviledge mode
2017-02-22 15:24:18 -06:00
Andrew Schoen a551ad97bb tests: when using pytest mark decorators ensure all fixtures are defined
Decorating a test method directly with a pytest mark seems to break if
the test function does not explicitly define all pytest fixtures it
expects to recieve.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-22 13:43:59 -06:00
Sébastien Han 503ec9be57 ci: decorate the tests to not run on docker scenario
Certain scenario won't work on containerized deployment. So we decorate
them so they can be skipped.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-22 10:53:03 -05:00
Sébastien Han e22acb81e6 ci: fix issue on ansible2.2-docker_dedicated_journal
journal_collocation was enabled so the test suite was testing this
scenario and obviously failed since there is no second partition to
verify.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 16:14:39 -05:00
Sébastien Han 51b759fc16 ci: do not use atomic host for ansible2.2-docker_dedicated_journal
Switch to CentOS since Atomic host does not have the right Docker
version.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han 55bde0336f ci: set a different directory for ceph osd docker run script
/usr/share is not writable on Atomic Host so we use /var/tmp instead.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han e9311bcc74 ci: do not generate random hostname for ansible2.2-docker_dedicated_journal
This fixes the error: Call to virDomainCreateWithFlags failed: internal
error: Monitor path
/var/lib/libvirt/qemu/domain-docker-cluster-dedicated-journal_osd0_1487692576_dbfc21d851071d3e2cd2/monitor.sock
too big for destination

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han 458a9ad5c3 mon: docker, ability to enable centos extra repo
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han 72b17d2480 docker: osd, clarify variable usage for scenarii
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han 3b633d5ddc purge-docker: re-implement zap devices
We now run the container and waits until it dies. Prior to this we were
stopping it before completion so not all the devices where zapped.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han b91d227b99 docker: make ceph docker osd script path
Since distro will not allow /usr/share to be writable (e.g: atomic) so
we let the operator decide where to put that script.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Sébastien Han 7b216aa8e0 ci: add docker-cluster-dmcrypt-journal-collocation scenario
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:56:09 -05:00
Andrew Schoen 36eaca693b tests: enable the docker_dedicated_journal scenario
Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 15:55:38 -05:00
Sébastien Han 7aabbc931d tests: add scenario for dedicated-journal on docker
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han 73cf0378c2 docker: osd, do not use priviledged container anymore
Oh yeah! This patch adds more fine grained control on how we run the
activation osd container. We now use --device to give a read, write and
mknodaccess to a specific device to be consumed by Ceph. We also use
SYS_ADMIN cap to allow mount operations, ceph-disk needs to temporary
mount the osd data directory during the activation sequence.

This patch also enables the support of dedicated journal devices when
deploying ceph-docker with ceph-ansible.

Depends on https://github.com/ceph/ceph-docker/pull/478

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han a002508a91 purge-docker: also purge journal devices
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han dd548c6034 docker: osd, do not skip on failure
If the systemd unit file can not be generated we should fail, same for
systemd enable and reload.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han 661a9d0cdf Merge pull request #1315 from ceph/rolling-update-tests
adds a testing scenario for rolling updates
2017-02-21 15:53:57 -05:00
Andrew Schoen f3a1c6464c update group_vars sample for rolling_update variable
Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:36:54 -06:00
Andrew Schoen 6cf842eb39 ceph-common: remove infernalis comment on radosgw_civetweb_port
As of Infernalis, the Ceph daemons run as an unprivileged "ceph" UID,
and this is by design.

Commit f19b765 altered the default
civetweb port from 80 to 8080 with a comment in the commit log about
"until this gets solved"

Remove the comment about permissions on Infernalis, because this is
always going to be the case on the Ceph versions we support, and it
is just confusing.

If users want to expose civetweb to s3 clients using privileged TCP
ports, they can redirect traffic with iptables, or use a reverse proxy
application like HAproxy.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:35:00 -06:00
Andrew Schoen 0cdc6fb79a tests: adds a new ansible2.2-update_dmcrypt scenario
This performs a rolling update on a cluster using dmcrypt dedicated
journals.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:27 -06:00
Andrew Schoen 5622c94e8b rolling-update: do not use upstart to stop mons when using systemd
Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:26 -06:00
Andrew Schoen 1579642e3f ceph-common: do not get current fsid when performing a rolling_update
This avoids a situation where during a rolling_update we try to talk to
a mon to get the fsid and if that mon is down the playbook hangs
indefinitely.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:26 -06:00
Andrew Schoen 920bd9cf2d ceph-common: use yum_repository when adding the ceph_stable repo
This gives us more flexibility than installing the ceph-release package
as we can easily use different mirrors. Also, I noticed an issue when
upgrading from jewel -> kraken as the ceph-release package for those
releases both have the same version number and yum doesn't know to
update anything.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:26 -06:00
Sébastien Han 5d8174b1ef Merge pull request #1324 from ktdreyer/rm-civetweb-port-comment
group_vars: rm Infernalis comment
2017-02-21 13:28:16 -05:00
Ken Dreyer 4db4de52b0 group_vars: rm Infernalis comment
As of Infernalis, the Ceph daemons run as an unprivileged "ceph" UID,
and this is by design.

Commit f19b765f79 altered the default
civetweb port from 80 to 8080 with a comment in the commit log about
"until this gets solved"

Remove the comment about permissions on Infernalis, because this is
always going to be the case on the Ceph versions we support, and it
is just confusing.

If users want to expose civetweb to s3 clients using privileged TCP
ports, they can redirect traffic with iptables, or use a reverse proxy
application like HAproxy.
2017-02-21 10:05:49 -07:00
Sébastien Han acd4432f16 Merge pull request #1325 from ceph/ipv6-rgw-doc
Ipv6 rgw doc
2017-02-21 12:02:06 -05:00
Sébastien Han 9e7fbbd6c5 docker-common: sync group_vars file
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 12:01:08 -05:00
Sébastien Han effefe91d5 common: add doc for rgw on ipv6
See: https://bugzilla.redhat.com/show_bug.cgi?id=1424799

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 12:00:37 -05:00
Sébastien Han 5915daf0e0 Merge pull request #1322 from ceph/fix-transparent-page
common: fix "disable transparent hugepage"
2017-02-21 09:34:30 -05:00
WingKai Ho 421d1a2853 Update ceph_keys.yml
jewel version need to build the {{ cluster }}.client.admin.keyring exists key
2017-02-21 09:49:52 +08:00
Sébastien Han 7c79e09424 common: fix "disable transparent hugepage"
To configure kernel the task is using "command" module which is not
respect operator ">". So this task just print to "stdout": "never >
/sys/kernel/mm/transparent_hugepage/enabled"

fix: #1319

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-20 17:07:53 -05:00
Sébastien Han adb85530b7 Merge pull request #1316 from zhsj/fix-osd-id
fix grep match pattern for osd ids
2017-02-20 16:57:14 -05:00
Shengjing Zhu 32923fd217 fix grep match pattern for osd ids
Some playbooks use [0-9]*, others use \d+$
The latter is more correct since cluster name may contain numbers.

Signed-off-by: Shengjing Zhu <zsj950618@gmail.com>
2017-02-20 16:35:56 +08:00
Sébastien Han 95bece97e5 Merge pull request #1313 from ceph/docker-systemd-units
docker: homogenise systemd file location
2017-02-16 20:02:13 +01:00
Sébastien Han cc769464d0 docker: homogenise systemd file location
So unit files were stored in /var/lib/ceph some where in
/etc/systemd/system. Now they are all under /etc/systemd/system.

closes: #1296

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-16 18:31:32 +01:00
Andrew Schoen a81b40eb6f Merge pull request #1311 from ceph/BZ-1414647
purge-cluster: also purge dmcrypt dedicated journals
2017-02-15 11:57:09 -06:00
Andrew Schoen 22f52a9dc6 purge-cluster: also purge dmcrypt dedicated journals
See: https://bugzilla.redhat.com/show_bug.cgi?id=1414647

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-15 10:27:17 -06:00
Sébastien Han d82dc96d57 Merge pull request #1307 from ceph/rgw-configure
rgw-standalone.yml will also now collect keys
2017-02-15 10:52:38 +01:00
Andrew Schoen 3964929a56 rgw-standalone: also fetch keys from mons
This is to allow for ceph-installer usage of this playbook and
to ensure that you have the correct keys locally when bootstrapping.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-14 16:12:59 -06:00
Andrew Schoen be4cffe782 Merge pull request #1306 from ceph/BZ-1422134
purge-cluster: remove calamari-server package
2017-02-14 12:29:54 -06:00
Andrew Schoen c5f561a4e9 purge-cluster: remove calamari-server package
See: https://bugzilla.redhat.com/show_bug.cgi?id=1422134

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

Resolves rhbz#1422134
2017-02-14 09:24:02 -06:00
Sébastien Han 978093d843 Merge pull request #1304 from guits/fix_1300
Skip facts_mon_fsid.yml if cephx is disabled
2017-02-11 13:14:07 +01:00
Andrew Schoen c5a5658e09 Merge pull request #1301 from guits/fix_1294
Check if ceph_conf_overrides.global is defined before calling it
2017-02-10 10:20:14 -06:00
Andrew Schoen 94ac749918 Merge pull request #1302 from ceph/docker-pull
docker: use a better method to pull images
2017-02-10 10:18:37 -06:00
Guillaume Abrioux 11bae8b252 Skip facts_mon_fsid.yml if cephx is disabled
If cephx is disabled it is not necessary to include `facts_mon_fsid.yml`
in `roles/ceph-common/tasks/facts.yml`.

Fix: #1300
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-02-10 17:04:32 +01:00
Andrew Schoen 315b1bf702 Merge pull request #1305 from guits/quick_fix
bugfix: Add missing conditions for kraken release
2017-02-10 10:02:10 -06:00
Guillaume Abrioux e63631a4ab bugfix: Add missing conditions for kraken release
76ddcbc introduced an issue by removing some needed conditions on tasks
that need to be run only on release >= kraken.
2017-02-10 15:14:54 +01:00
Guillaume Abrioux 4295d427b9 Check if ceph_conf_overrides.global is defined before calling it
Expand the fix in #1291 to all the playbook in order to get a full coverage.

Fix: #1294
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-02-09 20:28:58 +01:00
Sébastien Han c2f1dca823 docker: use a better method to pull images
We changed the way we declare image.
Prior to this patch we must have a "user/image:tag"
format, which is incompatible with non docker-hub registry where you
usually don't have a "user". On the docker hub a "user" is also
identified as a namespace, so for Ceph the user was "ceph".

Variables have been simplified with only:

* ceph_docker_image
* ceph_docker_image_tag

1. For docker hub images: ceph_docker_name: "ceph/daemon" will give
you the 'daemon' image of the 'ceph' user.

2. For non docker hub images: ceph_docker_name: "daemon" will simply
give you the "daemon" image.

Infrastructure playbooks have been modified as well.
The file group_vars/all.docker.yml.sample has been removed as well.
It is hard to maintain since we have to generate it manually. If
you want to configure specific variables for a specific daemon simply
edit group_vars/$DAEMON.yml

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1420207
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-09 17:57:18 +01:00