Update glance NFS for systemd
Systemd has the ability to manage mounts and ensure functionality / resource management. Using a systemd mount has the benifit of not requiring writes to the legacy fstab file which can impact OS functionality especially when deploying on baremetal. This change moves the glance NFS mount to a systemd unit file allowing systemd to manage it independently with no potentially breaking impact to the underlying operating system. Changes: - This PR corrects a long standing issue when using Glance+NFS where initial deployment would work but if the playbooks were run again it would fail due to the glance images location being an NFS mount point with a potentially different UID/GID. To correct this we stat the directory and if it does NOT exist it is created. - Following the nova pattern options have been provided to set the UID and GID of the glance user. - To ensure out NFS backend solution works with the installation of glance a test has been added to deploy glance using an NFS backend. - An upgrade task has been added to this commit to clean up legacy mounts, This task should be removed in R. Change-Id: I716c9fe35391629532e67e212d45ea27a5422d1b Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
43aa00424f
commit
477d44cab9
@ -55,6 +55,18 @@ glance_system_shell: /bin/false
|
||||
glance_system_comment: glance system user
|
||||
glance_system_user_home: "/var/lib/{{ glance_system_user_name }}"
|
||||
|
||||
## Manually specified nova UID/GID
|
||||
# Deployers can specify a UID for the glance user as well as the GID for the
|
||||
# glance group if needed. This is commonly used in environments where shared
|
||||
# storage is used, such as NFS or GlusterFS, and glance UID/GID values must be
|
||||
# in sync between multiple servers.
|
||||
#
|
||||
# WARNING: Changing these values on an existing deployment can lead to
|
||||
# failures, errors, and instability.
|
||||
#
|
||||
# glance_system_user_uid: <UID>
|
||||
# glance_system_group_gid: <GID>
|
||||
|
||||
glance_registry_host: "{{ internal_lb_vip_address }}"
|
||||
glance_default_store: file
|
||||
glance_additional_stores:
|
||||
@ -184,6 +196,7 @@ glance_nfs_client: []
|
||||
# local_path: "/var/lib/glance/images" ## Local path on machine
|
||||
# type: "nfs" ## This can be nfs or nfs4
|
||||
# options: "_netdev,auto" ## Mount options
|
||||
# config_overrides: "{}" ## Override dictionary for unit file
|
||||
|
||||
## Policy vars
|
||||
# Provide a list of access controls to update the default policy.json with. These changes will be merged
|
||||
|
@ -13,6 +13,14 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Start glance mount(s)
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: "{{ item.local_path.lstrip('/') | replace('/', '-') }}.mount"
|
||||
enabled: "yes"
|
||||
state: "restarted"
|
||||
with_items: "{{ glance_nfs_client }}"
|
||||
|
||||
- name: Stop services
|
||||
service:
|
||||
name: "{{ item.service_name }}"
|
||||
|
11
releasenotes/notes/systemd-nfs-setup-5c35c23eda4443be.yaml
Normal file
11
releasenotes/notes/systemd-nfs-setup-5c35c23eda4443be.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- When using Glance and NFS the NFS mount point will now be managed using a
|
||||
systemd mount unit file. This change ensures the deployment of glance is not
|
||||
making potentially system impacting changes to the ``/etc/fstab`` and
|
||||
modernizes how we deploy glance when using shared storage.
|
||||
- New variables have been added to the glance role allowing a deployer to set
|
||||
the UID and GID of the glance user. The new options are,
|
||||
``glance_system_user_uid`` and ``glance_system_group_uid``. These options
|
||||
are useful when deploying glance with shared storage as the back-end for
|
||||
images and will only set the UID and GID of the glance user when defined.
|
@ -84,13 +84,27 @@
|
||||
state: directory
|
||||
with_items: "{{ glance_nfs_client }}"
|
||||
|
||||
- name: Glance nfs mount(s)
|
||||
config_template:
|
||||
src: "glance-systemd-mount.j2"
|
||||
dest: "/etc/systemd/system/{{ item.local_path.lstrip('/') | replace('/', '-') }}.mount"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0640"
|
||||
config_overrides: "{{ item.config_overrides | default({}) }}"
|
||||
config_type: "ini"
|
||||
when: item.condition | default(True)
|
||||
with_items: "{{ glance_nfs_client }}"
|
||||
notify:
|
||||
- Start glance mount(s)
|
||||
|
||||
# NOTE(cloudnull): This remove the legacy mount in /etc/fstab. This task should
|
||||
# be removed in the R release.
|
||||
- name: Glance mount nfs
|
||||
mount:
|
||||
name: "{{ item.local_path }}"
|
||||
src: "{{ item.server }}:{{ item.remote_path }}"
|
||||
fstype: "{{ item.type }}"
|
||||
opts: "{{ item.options }}"
|
||||
state: "mounted"
|
||||
lineinfile:
|
||||
path: /etc/fstab
|
||||
state: absent
|
||||
regexp: '^{{ item.server }}:{{ item.remote_path }}.*'
|
||||
with_items: "{{ glance_nfs_client }}"
|
||||
|
||||
- name: Create glance cache management cron jobs
|
||||
|
@ -16,12 +16,14 @@
|
||||
- name: create the system group
|
||||
group:
|
||||
name: "{{ glance_system_group_name }}"
|
||||
gid: "{{ glance_system_group_gid | default(omit) }}"
|
||||
state: "present"
|
||||
system: "yes"
|
||||
|
||||
- name: Create the glance system user
|
||||
user:
|
||||
name: "{{ glance_system_user_name }}"
|
||||
uid: "{{ glance_system_user_uid | default(omit) }}"
|
||||
group: "{{ glance_system_group_name }}"
|
||||
comment: "{{ glance_system_comment }}"
|
||||
shell: "{{ glance_system_shell }}"
|
||||
@ -29,6 +31,13 @@
|
||||
createhome: "yes"
|
||||
home: "{{ glance_system_user_home }}"
|
||||
|
||||
- name: Create glance NFS mount point(s)
|
||||
file:
|
||||
path: "{{ item.local_path }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
with_items: "{{ glance_nfs_client }}"
|
||||
|
||||
- name: Create glance dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
@ -43,9 +52,24 @@
|
||||
- { path: "{{ glance_system_user_home }}" }
|
||||
- { path: "{{ glance_system_user_home }}/cache/api", mode: "0700" }
|
||||
- { path: "{{ glance_system_user_home }}/cache/registry" }
|
||||
- { path: "{{ glance_system_user_home }}/images/" }
|
||||
- { path: "{{ glance_system_user_home }}/scrubber" }
|
||||
|
||||
- name: Stat the images directory
|
||||
stat:
|
||||
path: "{{ glance_system_user_home }}/images/"
|
||||
changed_when: false
|
||||
register: images_stat
|
||||
|
||||
- name: Create glance images dir
|
||||
file:
|
||||
path: "{{ glance_system_user_home }}/images/"
|
||||
state: directory
|
||||
owner: "{{ glance_system_user_name }}"
|
||||
group: "{{ glance_system_group_name }}"
|
||||
mode: "0755"
|
||||
when:
|
||||
- not images_stat.stat.exists | default(false) | bool
|
||||
|
||||
- name: Test for log directory or link
|
||||
shell: |
|
||||
if [ -h "/var/log/glance" ]; then
|
||||
|
12
templates/glance-systemd-mount.j2
Normal file
12
templates/glance-systemd-mount.j2
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=Glance Images {{ item.local_path }}
|
||||
After=network.target
|
||||
|
||||
[Mount]
|
||||
What={{ item.server }}:{{ item.remote_path }}
|
||||
Where={{ item.local_path }}
|
||||
Type={{ item.type }}
|
||||
Options={{ item.options | default('_netdev,auto') }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -24,3 +24,8 @@ container_networks:
|
||||
physical_host: localhost
|
||||
properties:
|
||||
service_name: "{{ inventory_hostname }}"
|
||||
|
||||
# NOTE(cloudnull): The lxc-openstack AA profile for is used to ensure general
|
||||
# container functionality typical to the integrated build.
|
||||
lxc_container_config_list:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
|
@ -14,6 +14,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
bridges:
|
||||
- "br-mgmt"
|
||||
- name: "br-mgmt"
|
||||
ip_addr: "10.1.0.1"
|
||||
|
||||
ansible_python_interpreter: "/usr/bin/python2"
|
23
tests/overrides-nfs.yml
Normal file
23
tests/overrides-nfs.yml
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Force glance to use file by default which will be an NFS mount point.
|
||||
glance_default_store: file
|
||||
glance_nfs_client:
|
||||
- server: "10.1.0.1"
|
||||
remote_path: "/srv/nfs/glance"
|
||||
local_path: "/var/lib/glance/images"
|
||||
type: "nfs"
|
||||
options: "_netdev,auto"
|
82
tests/test-create-nfs-dev.yml
Normal file
82
tests/test-create-nfs-dev.yml
Normal file
@ -0,0 +1,82 @@
|
||||
---
|
||||
# Copyright 2017, BBC R&D
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create an NFS backing store
|
||||
hosts: localhost
|
||||
user: root
|
||||
become: true
|
||||
connection: local
|
||||
tasks:
|
||||
- block:
|
||||
- name: Install NFS packages
|
||||
package:
|
||||
name: "{{ nfs_package[ansible_distribution | lower] }}"
|
||||
state: present
|
||||
|
||||
- name: create the system group for nfs
|
||||
group:
|
||||
name: "nfs-user"
|
||||
gid: "10000"
|
||||
state: "present"
|
||||
system: "yes"
|
||||
|
||||
- name: Create the system user for nfs
|
||||
user:
|
||||
name: "nfs-user"
|
||||
uid: "10000"
|
||||
group: "nfs-user"
|
||||
comment: "nfs-user"
|
||||
shell: "/bin/false"
|
||||
system: "yes"
|
||||
createhome: "yes"
|
||||
home: "/srv/nfs"
|
||||
|
||||
- name: Create base directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: "directory"
|
||||
owner: "nfs-user"
|
||||
group: "nfs-user"
|
||||
with_items:
|
||||
- "/srv/nfs/glance"
|
||||
|
||||
- name: Create exports file
|
||||
lineinfile:
|
||||
path: /etc/exports
|
||||
line: '{{ item }} 10.0.0.0/255.0.0.0(rw,sync,no_subtree_check,insecure,all_squash,anonuid=10000,anongid=10000)'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
create: yes
|
||||
with_items:
|
||||
- "/srv/nfs/glance"
|
||||
register: nfs_exportfs
|
||||
|
||||
- name: Restart nfs-server
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: "nfs-server"
|
||||
enabled: "yes"
|
||||
state: "restarted"
|
||||
when:
|
||||
- nfs_exportfs | changed
|
||||
|
||||
- name: Export NFS
|
||||
command: exportfs -rav
|
||||
vars:
|
||||
nfs_package:
|
||||
ubuntu: "nfs-kernel-server"
|
||||
centos: "nfs-utils"
|
||||
suse: "nfs-kernel-server"
|
@ -13,6 +13,10 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: test-create-nfs-dev.yml
|
||||
when:
|
||||
- test_deploy_nfs | default(false) | bool
|
||||
|
||||
# Setup the host
|
||||
- include: common/test-setup-host.yml
|
||||
|
||||
|
12
tox.ini
12
tox.ini
@ -136,6 +136,18 @@ commands =
|
||||
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
|
||||
|
||||
|
||||
[testenv:nfs]
|
||||
deps =
|
||||
{[testenv:ansible]deps}
|
||||
setenv =
|
||||
{[testenv]setenv}
|
||||
ANSIBLE_OVERRIDES={toxinidir}/tests/overrides-nfs.yml
|
||||
ANSIBLE_PARAMETERS=-e test_deploy_nfs=yes
|
||||
commands =
|
||||
bash -c "{toxinidir}/tests/tests-repo-clone.sh"
|
||||
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
|
||||
|
||||
|
||||
[testenv:linters]
|
||||
deps =
|
||||
{[testenv:ansible]deps}
|
||||
|
@ -26,3 +26,10 @@
|
||||
nodeset: ubuntu-xenial
|
||||
vars:
|
||||
tox_env: v2_registry_enabled
|
||||
|
||||
- job:
|
||||
name: openstack-ansible-nfs_glance
|
||||
parent: openstack-ansible-functional
|
||||
nodeset: ubuntu-xenial
|
||||
vars:
|
||||
tox_env: nfs
|
||||
|
@ -21,6 +21,7 @@
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-opensuse-423
|
||||
- openstack-ansible-functional-ubuntu-xenial
|
||||
- openstack-ansible-nfs_glance
|
||||
- openstack-ansible-upgrade-ubuntu-xenial
|
||||
- openstack-ansible-v1_api_enabled
|
||||
- openstack-ansible-v2_registry_enabled
|
||||
@ -33,7 +34,7 @@
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-opensuse-423
|
||||
- openstack-ansible-functional-ubuntu-xenial
|
||||
- openstack-ansible-nfs_glance
|
||||
- openstack-ansible-upgrade-ubuntu-xenial
|
||||
- openstack-ansible-v1_api_enabled
|
||||
- openstack-ansible-v2_registry_enabled
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user