John Mulligan [Thu, 15 Jun 2023 19:54:09 +0000 (15:54 -0400)]
cephadm: remove call to get_parm from fetch_configs
Stop using get_parm in fetch_configs. Doing so makes clear that
the two if-branches in fetch_configs are symmetric, in the
handling of custom_config_files and symmetric with the behavior
of fetch_custom_config_files.
It also reveals that get_parm only has one remaining caller making it
simpler to remove get_parm in the future.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Tue, 30 May 2023 20:23:13 +0000 (16:23 -0400)]
cephadm: combine deploy functions some more
During review it was pointed out that much of command_deploy and
command_deploy_from were still common. Combine the bulk of
command_deploy and command_deploy_from into a new _common_deploy.
The old _common_deploy is renamed to _dispatch_deploy but kept
as a separate function.
The reason for keeping _dispatch_deploy as a function is that
it limits the scope of variables. It helps knowing exactly what
is needed and what is not needed from _common_deploy.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 1 Jun 2023 17:27:37 +0000 (13:27 -0400)]
cephadm: drop deploy_arguments key from deploy config JSON
Drop the now unnecessary deploy_arguments subsection from the JSON
object that the new `_orch deploy` takes. The intermediate code that
used it in the ceph mgr module has been replaced with `params`.
We still want to share some code with the old deploy, especially the
default values for various things that get attached to `ctx`. In
some cases this is particularly important as not all code checks
that `ctx` has an attribute first. Create an `ArgumentFacade` type
to reuse the `add_argument` calls for deploy, and instead store the
default key-value pairs for `ctx`.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Sat, 20 May 2023 17:42:02 +0000 (13:42 -0400)]
cephadm: split command_deploy_from into mockable parts
Split up command_deploy_from so that the part that reads the JSON
from an input source is moved into read_configuration_source and
the part that applied the configuration data to the ctx is moved
into apply_deploy_config_to_ctx. This will make these sections
reusable and, more importantly, make it easier to mock/monkeypatch
these functions in tests.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 18 May 2023 20:14:24 +0000 (16:14 -0400)]
cephadm: make the old command_deploy deprecated with decorator
Add a deprecated command decorator. Decorate the old command_deploy with
it. By default it just logs if a deprecated command was used, but
custom builds of cephadm can set the NO_DEPRECATED var to True
and fail if a deprecated command is used.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 18 May 2023 19:10:16 +0000 (15:10 -0400)]
mgr/cephadm: add exchange types and use them for deploy
Add an exchange module for defining the "exchange protocol" that the
mgr module uses for communicating with the cephadm binary. The
exchange module classes use data descriptors to define supported
fields in the resulting data and will be serialized to JSON for
communicating with cephadm.
The cephadm binary does not use these types because it currently
doesn't import anything outside of the standard library. A suggested
future change would be to move 'exhange.py' to python-common somewhere
and have the module be imported by both the mgr and cephadm and used
for both serialization and deserialization.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Tue, 16 May 2023 17:49:28 +0000 (13:49 -0400)]
mgr/cephadm: block future use of extra_args
Convert `extra_args` into a read-only property so that
current code continues to work but anything that tries
to set any `extra_args` now or in the future will be
intentionally broken.
This is mainly to find issues when running unit and teuthology tests.
This patch could be dropped before the final merge if desired.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Tue, 16 May 2023 17:48:58 +0000 (13:48 -0400)]
mgr/cephadm: convert extra_args to daemon_params dict
In serve.py we were creating various command line arguments
(and their values) to pass to cephadm. Now that we support
a single unified JSON-based input we can stop passing
these as CLI parameters and just pass it as a singular
JSONified dict.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 11 May 2023 15:07:53 +0000 (11:07 -0400)]
mgr/cephadm: deploy using deploy-from command
The new `deploy-from` command aims to be a cleaner, clearer way to pass
input to cephadm for service deployment. Make a minimal set of change to
use that new command.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Wed, 24 May 2023 18:11:52 +0000 (14:11 -0400)]
mgr/cephadm: allow passing a list as a compound command to _run_cephadm
As we're adding "namespaces" to the cephadm command it's easier to work
with a compound list of terms as the command. This also avoids an issue
where the function call injects args between the command and the "args"
passed to _run_cephadm.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 15 Jun 2023 19:34:15 +0000 (15:34 -0400)]
cephadm: update code to use fetch_custom_config_files
Update the code to use fetch_custom_config_files rather than
get_custom_config_files. Like other fetch_ functions recently added
to cephadm we don't LBYL for checking values on ctx, but rather
call the fetch function on ctx and then check if the result contains
actionable data.
get_custom_config_files gets removed as no remaining callers exist.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 15 Jun 2023 19:34:09 +0000 (15:34 -0400)]
cephadm: add fetch_custom_config_files function
This function works similarly to get_custom_config_files but doesn't
require the use of "ctx.config_json" and will prefer sourcing the
data from `config_blobs`.
This function also returns the list of dicts rather than return a dict
with exactly one key which maps to said list of dicts. There appeared
to be no benefit to that when the call sites of get_custom_config_files
was examined.
This function is `fetch_configs` evil twin.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Fri, 26 May 2023 19:06:40 +0000 (15:06 -0400)]
cephadm: add fetch_tcp_ports function for getting processed ports
The cephadm cli can pass ports as either a string containing space
separated port numbers or, in the newer method, a (JSON) list of ints.
The fetch_tcp_ports function abstracts away the handling of
these input forms.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 11 May 2023 15:05:07 +0000 (11:05 -0400)]
cephadm: add deploy-from command
Add the `deploy-from` command. This command is like `deploy` in
functionality but instead of sourcing input from a mixture of various
CLI arguments, CLI arguments that take JSON strings, and JSON data
provided on stdin - this command aims to take configuration from a
single unified JSON object provided on the commands stdin.
This change strives to be as reasonably backwards compatible with
`deploy` as possible and this leads to some awkward hoop-jumping,
including: needing to nest CLI arguments inside the JSON, because
that is what the manager constructs; duplicate sources of the fsid
(CLI and JSON); the strange behavior of CephadmContext when setting
values; and a few others I'm probably forgetting.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 11 May 2023 14:30:51 +0000 (10:30 -0400)]
cephadm: add fetch_configs function for reading configuration items from ctx
The CephadmContext holds much of cephadm's state, including values
from cli options and (soon) configuration file input. Add a
`fetch_configs` function that reads processed configuration items from `config_blobs`
(a dict mapping config name to arbitrary configuration content) or
falls back to using the `get_parm` function on `ctx.config_json`.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 11 May 2023 14:30:12 +0000 (10:30 -0400)]
cephadm: add fetch_meta function for reading metadata properties from ctx
The CephadmContext holds much of cephadm's state, including values from
cli options and (soon) configuration file input. Add a `fetch_meta`
function that reads processed metadata from `meta_properties` or parses
JSON stored on `meta_json`. Parsed JSON is saved to `meta_properties`.
Future code should always use fetch_meta for reading, and only ever
set `meta_properties` as a python dict, not round trip JSON through
meta_json.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 11 May 2023 14:25:38 +0000 (10:25 -0400)]
cephadm: split default_image decorator into two functions
Keep default_image as a decorator for functions that will only
ever need to update an image passed by the CLI. For other future
functions that want to execute code prior to assigning an image
from CLI parameters add `update_default_image` which takes a
CephadmContext and updates it and can be used by the caller
at an arbitrary point in the code flow.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
John Mulligan [Thu, 1 Jun 2023 15:16:13 +0000 (11:16 -0400)]
cephadm: change tests to assert using mock call not func.args
The Python docs [1] note that:
Changed in version 3.8: Added args and kwargs properties.
In order to run tests on python 3.6 (example: `tox -e py36`) we
change the tests to do the asserts using the older call(...)
comparison style, with mock.ANY used for args we don't care about.
Adam King [Thu, 13 Apr 2023 17:54:00 +0000 (13:54 -0400)]
cephadm: open ports in firewall when adopting monitoring stack daemons
Otherwise we risk the prometheus/alertmanager/grafana
not functioning properly after adoption due to the necessary
port in the firewall not being open.
Adam King [Thu, 13 Apr 2023 17:05:11 +0000 (13:05 -0400)]
cephadm: still try to open ports in firewall on redeploy/reconfig
Prior to this patch we were discarding the provided
ports on reconfig and redeploy in order to not fail
thinking there was a port conflict with the instance
of the daemon we were about to reconfig/redeploy. However,
it's still desirable for us to make sure the firewall ports
are open when we do a reconfig/redpeloy, so this refactors
the port handling approach to have it do that but
still avoid checking for port conflicts. It also include
an update of the type signature of deploy_daemon
to the py3 style. That wasn't needed for the change
but since I was added an arugment there I thought we might
as well do it now.
John Mulligan [Tue, 6 Jun 2023 17:24:37 +0000 (13:24 -0400)]
cephadm: use 0o600 as the default mode for write_new
Add a constant DEFAULT_MODE of `0o600`, and make it the default of
the perms argument to write_new. This reduces a lot of code since
0o600 is the majority of the permissions used. Other cases can continue
to pass None to indicate no particular permissions are desired.
John Mulligan [Tue, 6 Jun 2023 17:16:29 +0000 (13:16 -0400)]
cephadm: convert SNMPGateway create_daemon_conf to use write_new
While it is not entirely clear why this pattern of using os.open and
posix open flags instead of `open` directly was used I determined (using
strace) that the only major difference between these open flags and
those used by `open` was the lack of O_TRUNC. Unlike some other cases
this function does not use an intermediate temporary file. This means
that if the file being written already exists and the data being written
is smaller then the remaining data will not be over-written.
I looked over the context that this function is used in and decided that
this behavior must not be intentional. Thus it should be safe
to convert this function to `write_new`.
John Mulligan [Tue, 6 Jun 2023 16:37:14 +0000 (12:37 -0400)]
cephadm: convert more temporary file writes to use write_new
Some functions are using the pattern:
```
with open(os.open(name + '.new, os.O_CREAT | os.O_WRONLY, 0o600), 'w') as f:
f.write(...)
os.rename(name + '.new', name)
```
While it is not entirely clear why this pattern was first used,
it accomplishes the same goal as `write_new` only directly calling
the posix open call. I analyzed the open flags for `write_new` and
these calls using `strace` and noted that the only significant
difference was the lack of O_TRUNC in these cases. Since the ".new"
files should not exist the lack of O_TRUC ought not make any difference.
With this decided we can convert these instances to `write_new`.
John Mulligan [Tue, 6 Jun 2023 16:25:34 +0000 (12:25 -0400)]
cephadm: convert _write_custom_conf_files to use write_new
We double checked the meaning of "w+" and it will open the file
read-write. Since the file is never read there's no real reason
to keep it that way so its OK to convert to `write_new`.
John Mulligan [Tue, 6 Jun 2023 00:12:59 +0000 (20:12 -0400)]
cephadm: convert some functions to use write_new
Convert a lot of the basic uses of the pattern:
with open(...) as f:
f.write(...)
os.fchown(f, ...) # sometimes
os.fchmod(f, ...) # sometimes
os.rename(...) # sometimes
These are the most obvious cases to convert to `write_new`
and should largely be uncontroversial.
John Mulligan [Tue, 6 Jun 2023 00:08:49 +0000 (20:08 -0400)]
cephadm: create functional mock for fchown
The pyfakefs library apparently doesn't have its own mock for os.fchown.
This means that code using fchown currently calls into a mock with
no affect on the fake fs. For some reason I don't fully understand,
existing test cases work because they don't always follow the pattern
of open-write-rename. Switching to `write_new`, which always does a
rename, breaks some of the assertions performed in the tests on the fake
fs. Add a mock fchown that updates the state of the fake fs so
that converting call sites to use `write_new` will continue to work.
John Mulligan [Tue, 6 Jun 2023 00:12:10 +0000 (20:12 -0400)]
cephadm: add write_new function for robust file writes
The cephadm code has a very common pattern made of at least one of
the three following steps:
* call fchown on the open file to set ownership
* call fchmod on the open file to set permissions
* rename the file from a temp name to final name
Add the write_new function to encapsulate these common actions.
If owner is not None then fchown will be called.
If perms is not None then fchmod will be called.
An optional encoding value may be passed.
It always uses a temporary file as a temporary file ensures that
there can never be a partially written file even in the event of
a power outage or system crash.
Encapsulating this all into a function also allows us to make
changes to this approach in the future without touching every
call site using `open(..., "w")` etc.
John Mulligan [Mon, 8 May 2023 17:54:32 +0000 (13:54 -0400)]
qa/workunits/cephadm: align test_cephadm.sh with new cephadm version
The `cephadm version` command no longer bases the output on the
container images, rather it uses a special python file added to the
zipapp during the build to report on the version of cephadm (the
binary).
The other option was to preserve this behavior and add a new version
command or make it behave differently depending on what options were
provided. I discussed the options with AMK in person and we decided that
changing the tests was preferable.
John Mulligan [Thu, 27 Apr 2023 17:39:02 +0000 (13:39 -0400)]
cephadm: add executes_early decorator to version command
Add the executes_early decorator and apply it to the version command
such that the version command will function without the uaual
requirements and set up steps that a cephadm command needs.
This allows anyone with a binary, root or not, to check the version.
John Mulligan [Thu, 27 Apr 2023 17:36:51 +0000 (13:36 -0400)]
cephadm: get cephadm version information from zipapp module
Use the `_version.py` module that gets embedded into the zipapp at build
time to print cephadm's own version information.
The version string printed is basically copied from the one printed by
the `ceph` command.
John Mulligan [Tue, 27 Sep 2022 20:51:57 +0000 (16:51 -0400)]
cephadm: add generated version info file to zipapp
Pass --set-version-var=KEY=VALUE cli options to the script and it
will create an embedded "_version.py" file in the zipapp containing
the passed parameters.
Nizamudeen A [Tue, 29 Aug 2023 14:16:07 +0000 (19:46 +0530)]
mgr/dashboard: fix cephfs create form validator
dashboard was allowing to create a filesystem with / in its name but the
cli throws out error in doing so. And the created volume in dashboard
just gets ended up as a stale volume
Zac Dover [Wed, 23 Aug 2023 15:15:54 +0000 (01:15 +1000)]
doc/start: edit os-recommendations.rst
Improve the grammar in one sentence of the "Platforms" section of
doc/start/os-recommendations.rst. Improving that grammar involved
splitting the sentence into two sentences, but that's life. Update:
Anthony substantially rewrote this, so credit for this should rightly
go to him.
Co-authored-by: Anthony D'Atri <anthony.datri@gmail.com> Signed-off-by: Zac Dover <zac.dover@proton.me>
(cherry picked from commit e19b9cea62c56cbd73049957d69d5aac16a97c08)
Adam King [Fri, 2 Jun 2023 00:06:35 +0000 (20:06 -0400)]
cephadm: add tcmu-runner to logrotate config
This process could be used to set up the tcmu-runner
to log to a file much like other ceph daemons
- create /etc/tcmu directory
- create /etc/tcmu/tcmu.conf directory with default options
- change dir to /var/log
- change log level to 4
- add -v /etc/tcmu:/etc/tcmu to tcmu-runner container podman line in unit.run
In order to support this (mostly for debugging) we should
add tcmu-runner to the logrotate config
Adam King [Fri, 7 Jul 2023 15:03:56 +0000 (11:03 -0400)]
qa/cephadm: add test for ca signed keys
Test that bootstraps with a CA signed key using
the use_ca_signed_key cephadm override. Then follows
up by doing a check-host on each host which verifies
the cephadm mgr module can reach and authenticate with
the nodes using the new key setup.
This probably should really be a workunit, but
I didn't want to create a full new section for
this test and I needed a section that didn't
already run the cephadm task for every test. I could
see this being moved into some sort of
"test_special_deployment_scenarios" section in the future
projects / ceph.git / log