From 1961929df6d721971563122f4f3d7a2b5f95df55 Mon Sep 17 00:00:00 2001
From: caowei <cao.wei@99cloud.net>
Date: Mon, 11 Dec 2017 17:08:18 +0800
Subject: [PATCH] Add CephFS backend in Manila

Depends-On: I5bf14a668a9e8976a18aa28a5bbfe586690bbd31
Implements: blueprint manila-cephfs-backend

Change-Id: I483be398d929429e35e460b5a7660b82f409b587
---
 ansible/group_vars/all.yml                    |  2 +
 ansible/roles/manila/defaults/main.yml        | 17 ++++++++
 ansible/roles/manila/tasks/ceph.yml           | 26 ++++++++++++
 ansible/roles/manila/tasks/deploy.yml         | 15 +++++++
 ansible/roles/manila/tasks/external_ceph.yml  | 20 +++++++++
 .../manila/templates/manila-share.conf.j2     | 25 +++++++++++
 .../manila/templates/manila-share.json.j2     |  8 +++-
 ansible/roles/manila/templates/manila.conf.j2 |  2 +
 doc/source/reference/external-ceph-guide.rst  | 41 +++++++++++++++++++
 etc/kolla/globals.yml                         |  2 +
 ...anila-cephfs-backend-31437ae72d9adee2.yaml |  3 ++
 11 files changed, 160 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/manila/tasks/ceph.yml
 create mode 100644 ansible/roles/manila/tasks/external_ceph.yml
 create mode 100644 releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 0562ad3678..52b1cc527f 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -432,6 +432,8 @@ enable_magnum: "no"
 enable_manila: "no"
 enable_manila_backend_generic: "no"
 enable_manila_backend_hnas: "no"
+enable_manila_backend_cephfs_native: "no"
+enable_manila_backend_cephfs_nfs: "no"
 enable_mistral: "no"
 enable_mongodb: "no"
 enable_multipathd: "no"
diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml
index 5d6a851590..c2d6eabe43 100644
--- a/ansible/roles/manila/defaults/main.yml
+++ b/ansible/roles/manila/defaults/main.yml
@@ -101,8 +101,25 @@ manila_backends:
   - name: "generic"
     driver: "generic"
     enabled: "{{ enable_manila_backend_generic | bool }}"
+    protocols:
+      - "NFS"
+      - "CIFS"
   - name: "hnas1"
     driver: "hnas"
     enabled: "{{ enable_manila_backend_hnas | bool }}"
+    protocols:
+      - "NFS"
+      - "CIFS"
+  - name: "cephfsnative1"
+    driver: "cephfsnative"
+    enabled: "{{ enable_manila_backend_cephfs_native | bool }}"
+    protocols:
+      - "CEPHFS"
+  - name: "cephfsnfs1"
+    driver: "cephfsnfs"
+    enabled: "{{ enable_manila_backend_cephfs_nfs | bool }}"
+    protocols:
+      - "NFS"
+      - "CIFS"
 
 manila_enabled_backends: "{{ manila_backends|selectattr('enabled', 'equalto', true)|list }}"
diff --git a/ansible/roles/manila/tasks/ceph.yml b/ansible/roles/manila/tasks/ceph.yml
new file mode 100644
index 0000000000..994b723b13
--- /dev/null
+++ b/ansible/roles/manila/tasks/ceph.yml
@@ -0,0 +1,26 @@
+---
+- name: Ensuring config directory exists
+  file:
+    path: "{{ node_config_directory }}/manila-share"
+    state: "directory"
+
+- name: Copying over ceph.conf for manila
+  merge_configs:
+    sources:
+      - "{{ role_path }}/../ceph/templates/ceph.conf.j2"
+      - "{{ node_custom_config }}/ceph.conf"
+      - "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
+    dest: "{{ node_config_directory }}/manila-share/ceph.conf"
+
+- name: Pulling cephx keyring for manila
+  command: docker exec ceph_mon ceph auth get-or-create client.manila mon 'allow r, allow command "auth del", allow command "auth caps", allow command "auth get", allow command "auth get-or-create"' osd 'allow rw' mds 'allow *'
+  register: cephx_key_manila
+  delegate_to: "{{ groups['ceph-mon'][0] }}"
+  changed_when: False
+  run_once: True
+
+- name: Pushing cephx keyring
+  copy:
+    content: "{{ cephx_key_manila.stdout }}\n\r"
+    dest: "{{ node_config_directory }}/manila-share/ceph.client.manila.keyring"
+    mode: "0600"
diff --git a/ansible/roles/manila/tasks/deploy.yml b/ansible/roles/manila/tasks/deploy.yml
index 4c28754051..cb21c0812a 100644
--- a/ansible/roles/manila/tasks/deploy.yml
+++ b/ansible/roles/manila/tasks/deploy.yml
@@ -1,4 +1,19 @@
 ---
+- include: ceph.yml
+  when:
+    - enable_ceph | bool
+    - enable_ceph_mds | bool
+    - (enable_manila_backend_cephfs_native | bool) or (enable_manila_backend_cephfs_nfs | bool)
+    - inventory_hostname in groups['manila-share']
+
+- include: external_ceph.yml
+  when:
+    - enable_ceph| bool == False
+    - enable_ceph_mds| bool == False
+    - (enable_manila_backend_cephfs_native | bool) or (enable_manila_backend_cephfs_nfs | bool)
+    - inventory_hostname in groups['manila-share']
+
+
 - include: register.yml
   when: inventory_hostname in groups['manila-api']
 
diff --git a/ansible/roles/manila/tasks/external_ceph.yml b/ansible/roles/manila/tasks/external_ceph.yml
new file mode 100644
index 0000000000..fbfe4ae589
--- /dev/null
+++ b/ansible/roles/manila/tasks/external_ceph.yml
@@ -0,0 +1,20 @@
+---
+- name: Ensuring config directory exists
+  file:
+    path: "{{ node_config_directory }}/manila-share"
+    state: "directory"
+
+- name: Copying over ceph.conf for manila
+  merge_configs:
+    sources:
+      - "{{ node_custom_config }}/manila/ceph.conf"
+      - "{{ node_custom_config }}/manila/manila-share/ceph.conf"
+    dest: "{{ node_config_directory }}/manila-share/ceph.conf"
+
+- name: Copy over Ceph keyring files for manila
+  copy:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/manila-share/"
+  with_fileglob:
+    - "{{ node_custom_config }}/manila/ceph.client.manila.keyring"
+    - "{{ node_custom_config }}/manila/manila/ceph.client.manila.keyring"
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index 332143069f..9bb751d2da 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -84,3 +84,28 @@ hitachi_hnas_evs_id = {{ hnas_evs_id }}
 hitachi_hnas_evs_ip = {{ hnas_evs_ip }}
 hitachi_hnas_file_system_name = {{ hnas_file_system_name }}
 {% endif %}
+
+{% if enable_manila_backend_cephfs_native | bool %}
+[cephfsnative1]
+driver_handles_share_servers = False
+share_backend_name = CEPHFS1
+share_driver = manila.share.drivers.cephfs.cephfs_native.CephFSNativeDriver
+cephfs_conf_path = /etc/ceph/ceph.conf
+cephfs_auth_id = manila
+cephfs_cluster_name = ceph
+cephfs_enable_snapshots = False
+{% endif %}
+
+{% if enable_manila_backend_cephfs_nfs | bool %}
+[cephfsnfs1]
+driver_handles_share_servers = False
+share_backend_name = CEPHFSNFS1
+share_driver = manila.share.drivers.cephfs.driver.CephFSDriver
+cephfs_protocol_helper_type = NFS
+cephfs_conf_path = /etc/ceph/ceph.conf
+cephfs_auth_id = manila
+cephfs_cluster_name = ceph
+cephfs_enable_snapshots = False
+cephfs_ganesha_server_is_remote= False
+cephfs_ganesha_server_ip = {{ api_interface_address }}
+{% endif %}
diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2
index 974169063d..3484b6f16a 100644
--- a/ansible/roles/manila/templates/manila-share.json.j2
+++ b/ansible/roles/manila/templates/manila-share.json.j2
@@ -6,7 +6,13 @@
             "dest": "/etc/manila/manila.conf",
             "owner": "manila",
             "perm": "0600"
-        },
+        }{% if enable_manila_backend_cephfs_native | bool or enable_manila_backend_cephfs_nfs | bool %},
+        {
+            "source": "{{ container_config_directory }}/ceph.*",
+            "dest": "/etc/ceph/",
+            "owner": "manila",
+            "perm": "0600"
+        }{% endif %},
         {
             "source": "{{ container_config_directory }}/policy.json",
             "dest": "/etc/manila/policy.json",
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index 7bab7bfc37..0bc17ee5ac 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -13,6 +13,8 @@ osapi_share_workers = {{ openstack_service_workers }}
 rootwrap_config = /etc/manila/rootwrap.conf
 api_paste_config = /etc/manila/api-paste.ini
 
+enabled_share_protocols = "{{ manila_backends|selectattr('enabled', 'equalto', true)|sum(attribute='protocols', start=[]) | unique | join(',') }}"
+
 auth_strategy = keystone
 
 os_region_name = {{ openstack_region_name }}
diff --git a/doc/source/reference/external-ceph-guide.rst b/doc/source/reference/external-ceph-guide.rst
index 7a8e2f6032..8ec0a0b777 100644
--- a/doc/source/reference/external-ceph-guide.rst
+++ b/doc/source/reference/external-ceph-guide.rst
@@ -37,6 +37,7 @@ service in ``/etc/kolla/globals.yml``:
   cinder_backend_ceph: "yes"
   nova_backend_ceph: "yes"
   gnocchi_backend_storage: "ceph"
+  enable_manila_backend_ceph_native: "yes"
 
 The combination of ``enable_ceph: "no"`` and ``<service>_backend_ceph: "yes"``
 triggers the activation of external ceph mechanism in Kolla.
@@ -226,3 +227,43 @@ Put ceph.conf and gnocchi client keyring file in
 
   $ ls /etc/kolla/config/gnocchi
   ceph.client.gnocchi.keyring ceph.conf gnocchi.conf
+
+Manila
+------
+
+Configuring Manila for Ceph includes four steps:
+
+1) Configure CephFS backend, setting enable_manila_backend_ceph_native
+2) Create Ceph configuration file in /etc/ceph/ceph.conf
+3) Create Ceph keyring file in /etc/ceph/ceph.client.<username>.keyring
+4) Setup Manila in the usual way
+
+Step 1 is done by using setting enable_manila_backend_ceph_native=true
+
+Now put ceph.conf and the keyring file (name depends on the username created
+in Ceph) into the same directory, for example:
+
+/etc/kolla/config/manila/ceph.conf
+
+::
+
+  [global]
+  fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
+  mon_host = 192.168.0.56
+  auth_cluster_required = cephx
+  auth_service_required = cephx
+  auth_client_required = cephx
+
+/etc/kolla/config/manila/ceph.client.manila.keyring
+
+::
+
+  [client.manila]
+  key = AQAg5YRXS0qxLRAAXe6a4R1a15AoRx7ft80DhA==
+
+For more details on the rest of the Manila setup, such as creating the share
+type ``default_share_type``, please see:
+https://docs.openstack.org/kolla-ansible/latest/reference/manila-guide.html
+
+For more details on the CephFS Native driver, please see:
+https://docs.openstack.org/manila/latest/admin/cephfs_driver.html
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 88ba199690..3135b838a8 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -192,6 +192,8 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_manila: "no"
 #enable_manila_backend_generic: "no"
 #enable_manila_backend_hnas: "no"
+#enable_manila_backend_cephfs_native: "no"
+#enable_manila_backend_cephfs_nfs: "no"
 #enable_mistral: "no"
 #enable_mongodb: "no"
 #enable_murano: "no"
diff --git a/releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml b/releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml
new file mode 100644
index 0000000000..4d1b3e73bf
--- /dev/null
+++ b/releasenotes/notes/add-manila-cephfs-backend-31437ae72d9adee2.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Add CephFS driver support to manila