WIP SOC8 support

[bmwiedemann]

No description provided.

[houndci-bot]

Layout/EmptyLines: Extra blank line detected. (https://github.com/bbatsov/ruby-style-guide#two-or-more-empty-lines)

[houndci-bot]

Metrics/LineLength: Line is too long. [135/100] (https://github.com/SUSE/style-guides/blob/master/Ruby.md#metricslinelength)

[houndci-bot]

Layout/EmptyLines: Extra blank line detected. (https://github.com/bbatsov/ruby-style-guide#two-or-more-empty-lines)

[houndci-bot]

Layout/EmptyLines: Extra blank line detected. (https://github.com/bbatsov/ruby-style-guide#two-or-more-empty-lines)

[rsalevsky]

Please note master is in this case Cloud 8 and we actually disabled support for it.

[tserong]

Aside from the keyring change, this looks like it will work to deploy ceph-mgr.

Note though that SES5 doesn't include Calamari, so if SOC8 ends up supporting deploying SES5, the Calamari role will need to be removed. This leaves the Ceph cluster without a GUI, unless we were to add an openATTIC role, to deploy openATTIC instead, but that gets more complicated, as parts of openATTIC rely on DeepSea, which won't be present if SES is deployed via Crowbar.

[tserong]

The mgr keyring needs to be written to /var/lib/ceph/mgr/ceph-#{mon_name}/keyring and needs caps mon 'allow profile mgr' osd 'allow *' mds 'allow *', something like the "create mds keyring" block in chef/cookbooks/ceph/recipes/mds.rb.

[bmwiedemann]

Added that, but somehow there is no admin keyring.
Maybe something else needs to be done first.
Addding include_recipe "ceph::keyring" also does not help

ceph auth get-or-create mgr.public.d52-54-77-77-01-03              mon 'allow profile mgr' osd 'allow *' mds 'allow *'              -o /var/lib/ceph/mgr/ceph-public.d52-54-77-77-01-03/keyring
2018-10-01 13:44:28.538622 7f52022dc700 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.admin.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
2018-10-01 13:44:28.538650 7f52022dc700 -1 monclient: ERROR: missing keyring, cannot use cephx for authentication
2018-10-01 13:44:28.538653 7f52022dc700  0 librados: client.admin initialization error (2) No such file or directory
[errno 2] error connecting to the cluster

[tserong]

Try moving all the mgr creation stuff down to the end of the file; ceph.client.admin.keyring isn't created yet until about line 200.

[houndci-bot]

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylestringliterals)

[houndci-bot]

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylestringliterals)

[houndci-bot]

Layout/EmptyLines: Extra blank line detected. (https://github.com/bbatsov/ruby-style-guide#two-or-more-empty-lines)

[bmwiedemann]

got a bit further now. I was able to adapt radosgw recipes to keystonev3
I never used a ceph UI so far, so I guess, dropping calamares can be OK for now.

Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph ----
STDOUT: 
STDERR: chown: cannot access '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring': No such file or directory
2018-10-04 12:24:53.035565 7f0168094f40 -1 mon.public.d52-54-77-77-01-01@-1(probing) e0 unable to find a keyring file on /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring: (2) No such file or directory
2018-10-04 12:24:53.035590 7f0168094f40 -1 ceph-mon: error creating monfs: (2) No such file or directory
---- End output of chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph ----
Ran chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph returned 1



Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/ceph/recipes/mon.rb


109:   execute "ceph-mon mkfs" do
110:     command "chown ceph:ceph #{keyring} ; ceph-mon --mkfs -i #{mon_name} " \
111:             "--keyring '#{keyring}' --setuser ceph --setgroup ceph"
112:     action :nothing
113:   end
114: 


Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/ceph/recipes/mon.rb:109:in `from_file'


execute("ceph-mon mkfs") do
  action [:nothing]
  retries 0
  retry_delay 2
  command "chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph"
  backup 5
  returns 0
  cookbook_name "ceph"
  recipe_name "mon"
end


[2018-10-04T12:24:53+00:00] ERROR: Running exception handlers
[2018-10-04T12:24:53+00:00] FATAL: Saving node information to /var/chef/cache/failed-run-data.json
[2018-10-04T12:24:53+00:00] ERROR: Exception handlers complete
[2018-10-04T12:24:53+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2018-10-04T12:24:53+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: execute[ceph-mon mkfs] (ceph::mon line 109) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph ----
STDOUT: 
STDERR: chown: cannot access '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring': No such file or directory
2018-10-04 12:24:53.035565 7f0168094f40 -1 mon.public.d52-54-77-77-01-01@-1(probing) e0 unable to find a keyring file on /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring: (2) No such file or directory
2018-10-04 12:24:53.035590 7f0168094f40 -1 ceph-mon: error creating monfs: (2) No such file or directory
---- End output of chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph ----
Ran chown ceph:ceph /var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring ; ceph-mon --mkfs -i public.d52-54-77-77-01-01 --keyring '/var/chef/cache/ceph-public.d52-54-77-77-01-01.mon.keyring' --setuser ceph --setgroup ceph returned 1

[tserong]

OK, that's weird. You didn't change anything related to mon keyring creation AFAICT, so why are those keyring files inaccessible?

[bmwiedemann]

maybe the added package lines did something unexpected or something between SES4 and 5 packaging changed.

[tserong]

I don't think this failure can be due to packaging changes -- that keyring file is created by the ceph barclamp during initial mon creation:

crowbar-ceph/chef/cookbooks/ceph/recipes/mon.rb

Lines 46 to 122 in 0a96245

	unless File.exist?("/var/lib/ceph/mon/ceph-#{mon_name}/done")
	keyring = "#{Chef::Config[:file_cache_path]}/#{cluster}-#{mon_name}.mon.keyring"
	execute "create monitor keyring" do
	command "ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{node["ceph"]["monitor-secret"]}' --cap mon 'allow *'"
	not_if { node["ceph"]["monitor-secret"].empty? }
	notifies :run, "execute[ceph-mon mkfs]", :immediately
	end
	ruby_block "generate monitor-secret" do
	block do
	gen_key = Mixlib::ShellOut.new("ceph-authtool --gen-print-key")
	monitor_key = gen_key.run_command.stdout.strip
	gen_key.error!
	add_key = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{monitor_key}' --cap mon 'allow *'")
	add_key.run_command
	add_key.error!
	# no need to check if the attribute is already set: it's part of the
	# only_if
	node.set["ceph"]["monitor-secret"] = monitor_key
	node.save
	end
	only_if { node["ceph"]["monitor-secret"].empty? && node[:ceph][:master] }
	notifies :run, "execute[ceph-mon mkfs]", :immediately
	end
	ruby_block "get monitor-secret" do
	block do
	require "timeout"
	monitor_key = ""
	begin
	Timeout.timeout(600) do
	while monitor_key.empty?
	mon_nodes = get_mon_nodes
	mon_nodes.each do |mon|
	if mon[:ceph][:master] && !mon["ceph"]["monitor-secret"].empty?
	monitor_key = mon["ceph"]["monitor-secret"]
	end
	end
	sleep 1
	end
	end
	rescue Timeout::Error
	message = "Cannot fetch monitor secret from master!"
	Chef::Log.fatal(message)
	raise message
	end
	add_key = Mixlib::ShellOut.new("ceph-authtool '#{keyring}' --create-keyring --name=mon. --add-key='#{monitor_key}' --cap mon 'allow *'")
	add_key.run_command
	add_key.error!
	# no need to check if the attribute is already set: it's part of the
	# only_if
	node.set["ceph"]["monitor-secret"] = monitor_key
	node.save
	end
	only_if { node["ceph"]["monitor-secret"].empty? && !node[:ceph][:master] }
	notifies :run, "execute[ceph-mon mkfs]", :immediately
	end
	execute "ceph-mon mkfs" do
	command "chown ceph:ceph #{keyring} ; ceph-mon --mkfs -i #{mon_name} " \
	"--keyring '#{keyring}' --setuser ceph --setgroup ceph"
	action :nothing
	end
	ruby_block "finalise" do
	block do
	["done", service_type].each do |ack|
	File.open("/var/lib/ceph/mon/ceph-#{mon_name}/#{ack}", "w").close
	end
	end
	end
	end

It should have been created by one of the three ceph-authtool invocations. Is there any indication earlier in the logs of ceph-authtool failing somehow?

[jsuchome]

Hi @bmwiedemann, any update on this one?

[bmwiedemann]

No, I was busy working on other parts and dont know how to continue here. Feel free to play around and improve this PR.

[bmwiedemann]

ceph playground is open again: http://crowbar.vi16.cloud.suse.de/crowbar/ceph/1.0/proposals/default