Update glance NFS for systemd

Systemd has the ability to manage mounts and ensure functionality
/ resource management. Using a systemd mount has the benifit of not
requiring writes to the legacy fstab file which can impact OS
functionality especially when deploying on baremetal. This change
moves the glance NFS mount to a systemd unit file allowing systemd
to manage it independently with no potentially breaking impact to
the underlying operating system.

Changes:
 - This PR corrects a long standing issue when using Glance+NFS where
   initial deployment would work but if the playbooks were run again
   it would fail due to the glance images location being an NFS mount
   point with a potentially different UID/GID. To correct this we stat
   the directory and if it does NOT exist it is created.
 - Following the nova pattern options have been provided to set the UID
   and GID of the glance user.
 - To ensure out NFS backend solution works with the installation of
   glance a test has been added to deploy glance using an NFS backend.
 - An upgrade task has been added to this commit to clean up legacy
   mounts, This task should be removed in R.

Change-Id: I716c9fe35391629532e67e212d45ea27a5422d1b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2017-12-10 11:06:38 -06:00
parent 43aa00424f
commit 477d44cab9
No known key found for this signature in database
GPG Key ID: 9443251A787B9FB3
14 changed files with 227 additions and 10 deletions

View File

@ -55,6 +55,18 @@ glance_system_shell: /bin/false
glance_system_comment: glance system user
glance_system_user_home: "/var/lib/{{ glance_system_user_name }}"
## Manually specified nova UID/GID
# Deployers can specify a UID for the glance user as well as the GID for the
# glance group if needed. This is commonly used in environments where shared
# storage is used, such as NFS or GlusterFS, and glance UID/GID values must be
# in sync between multiple servers.
#
# WARNING: Changing these values on an existing deployment can lead to
# failures, errors, and instability.
#
# glance_system_user_uid: <UID>
# glance_system_group_gid: <GID>
glance_registry_host: "{{ internal_lb_vip_address }}"
glance_default_store: file
glance_additional_stores:
@ -184,6 +196,7 @@ glance_nfs_client: []
# local_path: "/var/lib/glance/images" ## Local path on machine
# type: "nfs" ## This can be nfs or nfs4
# options: "_netdev,auto" ## Mount options
# config_overrides: "{}" ## Override dictionary for unit file
## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged

View File

@ -13,6 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Start glance mount(s)
systemd:
daemon_reload: yes
name: "{{ item.local_path.lstrip('/') | replace('/', '-') }}.mount"
enabled: "yes"
state: "restarted"
with_items: "{{ glance_nfs_client }}"
- name: Stop services
service:
name: "{{ item.service_name }}"

View File

@ -0,0 +1,11 @@
---
features:
- When using Glance and NFS the NFS mount point will now be managed using a
systemd mount unit file. This change ensures the deployment of glance is not
making potentially system impacting changes to the ``/etc/fstab`` and
modernizes how we deploy glance when using shared storage.
- New variables have been added to the glance role allowing a deployer to set
the UID and GID of the glance user. The new options are,
``glance_system_user_uid`` and ``glance_system_group_uid``. These options
are useful when deploying glance with shared storage as the back-end for
images and will only set the UID and GID of the glance user when defined.

View File

@ -84,13 +84,27 @@
state: directory
with_items: "{{ glance_nfs_client }}"
- name: Glance nfs mount(s)
config_template:
src: "glance-systemd-mount.j2"
dest: "/etc/systemd/system/{{ item.local_path.lstrip('/') | replace('/', '-') }}.mount"
owner: "root"
group: "root"
mode: "0640"
config_overrides: "{{ item.config_overrides | default({}) }}"
config_type: "ini"
when: item.condition | default(True)
with_items: "{{ glance_nfs_client }}"
notify:
- Start glance mount(s)
# NOTE(cloudnull): This remove the legacy mount in /etc/fstab. This task should
# be removed in the R release.
- name: Glance mount nfs
mount:
name: "{{ item.local_path }}"
src: "{{ item.server }}:{{ item.remote_path }}"
fstype: "{{ item.type }}"
opts: "{{ item.options }}"
state: "mounted"
lineinfile:
path: /etc/fstab
state: absent
regexp: '^{{ item.server }}:{{ item.remote_path }}.*'
with_items: "{{ glance_nfs_client }}"
- name: Create glance cache management cron jobs

View File

@ -16,12 +16,14 @@
- name: create the system group
group:
name: "{{ glance_system_group_name }}"
gid: "{{ glance_system_group_gid | default(omit) }}"
state: "present"
system: "yes"
- name: Create the glance system user
user:
name: "{{ glance_system_user_name }}"
uid: "{{ glance_system_user_uid | default(omit) }}"
group: "{{ glance_system_group_name }}"
comment: "{{ glance_system_comment }}"
shell: "{{ glance_system_shell }}"
@ -29,6 +31,13 @@
createhome: "yes"
home: "{{ glance_system_user_home }}"
- name: Create glance NFS mount point(s)
file:
path: "{{ item.local_path }}"
state: directory
mode: "0755"
with_items: "{{ glance_nfs_client }}"
- name: Create glance dir
file:
path: "{{ item.path }}"
@ -43,9 +52,24 @@
- { path: "{{ glance_system_user_home }}" }
- { path: "{{ glance_system_user_home }}/cache/api", mode: "0700" }
- { path: "{{ glance_system_user_home }}/cache/registry" }
- { path: "{{ glance_system_user_home }}/images/" }
- { path: "{{ glance_system_user_home }}/scrubber" }
- name: Stat the images directory
stat:
path: "{{ glance_system_user_home }}/images/"
changed_when: false
register: images_stat
- name: Create glance images dir
file:
path: "{{ glance_system_user_home }}/images/"
state: directory
owner: "{{ glance_system_user_name }}"
group: "{{ glance_system_group_name }}"
mode: "0755"
when:
- not images_stat.stat.exists | default(false) | bool
- name: Test for log directory or link
shell: |
if [ -h "/var/log/glance" ]; then

View File

@ -0,0 +1,12 @@
[Unit]
Description=Glance Images {{ item.local_path }}
After=network.target
[Mount]
What={{ item.server }}:{{ item.remote_path }}
Where={{ item.local_path }}
Type={{ item.type }}
Options={{ item.options | default('_netdev,auto') }}
[Install]
WantedBy=multi-user.target

View File

@ -24,3 +24,8 @@ container_networks:
physical_host: localhost
properties:
service_name: "{{ inventory_hostname }}"
# NOTE(cloudnull): The lxc-openstack AA profile for is used to ensure general
# container functionality typical to the integrated build.
lxc_container_config_list:
- "lxc.aa_profile=lxc-openstack"

View File

@ -14,6 +14,7 @@
# limitations under the License.
bridges:
- "br-mgmt"
- name: "br-mgmt"
ip_addr: "10.1.0.1"
ansible_python_interpreter: "/usr/bin/python2"

23
tests/overrides-nfs.yml Normal file
View File

@ -0,0 +1,23 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Force glance to use file by default which will be an NFS mount point.
glance_default_store: file
glance_nfs_client:
- server: "10.1.0.1"
remote_path: "/srv/nfs/glance"
local_path: "/var/lib/glance/images"
type: "nfs"
options: "_netdev,auto"

View File

@ -0,0 +1,82 @@
---
# Copyright 2017, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create an NFS backing store
hosts: localhost
user: root
become: true
connection: local
tasks:
- block:
- name: Install NFS packages
package:
name: "{{ nfs_package[ansible_distribution | lower] }}"
state: present
- name: create the system group for nfs
group:
name: "nfs-user"
gid: "10000"
state: "present"
system: "yes"
- name: Create the system user for nfs
user:
name: "nfs-user"
uid: "10000"
group: "nfs-user"
comment: "nfs-user"
shell: "/bin/false"
system: "yes"
createhome: "yes"
home: "/srv/nfs"
- name: Create base directories
file:
path: "{{ item }}"
state: "directory"
owner: "nfs-user"
group: "nfs-user"
with_items:
- "/srv/nfs/glance"
- name: Create exports file
lineinfile:
path: /etc/exports
line: '{{ item }} 10.0.0.0/255.0.0.0(rw,sync,no_subtree_check,insecure,all_squash,anonuid=10000,anongid=10000)'
owner: root
group: root
mode: 0644
create: yes
with_items:
- "/srv/nfs/glance"
register: nfs_exportfs
- name: Restart nfs-server
systemd:
daemon_reload: yes
name: "nfs-server"
enabled: "yes"
state: "restarted"
when:
- nfs_exportfs | changed
- name: Export NFS
command: exportfs -rav
vars:
nfs_package:
ubuntu: "nfs-kernel-server"
centos: "nfs-utils"
suse: "nfs-kernel-server"

View File

@ -13,6 +13,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- include: test-create-nfs-dev.yml
when:
- test_deploy_nfs | default(false) | bool
# Setup the host
- include: common/test-setup-host.yml

12
tox.ini
View File

@ -136,6 +136,18 @@ commands =
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:nfs]
deps =
{[testenv:ansible]deps}
setenv =
{[testenv]setenv}
ANSIBLE_OVERRIDES={toxinidir}/tests/overrides-nfs.yml
ANSIBLE_PARAMETERS=-e test_deploy_nfs=yes
commands =
bash -c "{toxinidir}/tests/tests-repo-clone.sh"
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:linters]
deps =
{[testenv:ansible]deps}

View File

@ -26,3 +26,10 @@
nodeset: ubuntu-xenial
vars:
tox_env: v2_registry_enabled
- job:
name: openstack-ansible-nfs_glance
parent: openstack-ansible-functional
nodeset: ubuntu-xenial
vars:
tox_env: nfs

View File

@ -21,6 +21,7 @@
- openstack-ansible-functional-centos-7
- openstack-ansible-functional-opensuse-423
- openstack-ansible-functional-ubuntu-xenial
- openstack-ansible-nfs_glance
- openstack-ansible-upgrade-ubuntu-xenial
- openstack-ansible-v1_api_enabled
- openstack-ansible-v2_registry_enabled
@ -33,7 +34,7 @@
- openstack-ansible-functional-centos-7
- openstack-ansible-functional-opensuse-423
- openstack-ansible-functional-ubuntu-xenial
- openstack-ansible-nfs_glance
- openstack-ansible-upgrade-ubuntu-xenial
- openstack-ansible-v1_api_enabled
- openstack-ansible-v2_registry_enabled