Merge pull request #5 from cloudm2/master

Added ceph-rest-api and more

README.md

@@ -146,8 +146,7 @@ Ceph Rados Gateway nodes should use the ceph-radosgw role
 
 * `node['ceph']['radosgw']['api_fqdn']` - what vhost to configure in the web server
 * `node['ceph']['radosgw']['admin_email']` - the admin email address to configure in the web server
-* `node['ceph']['radosgw']['rgw_addr']` - the web server's bind address, such as *:80
-* `node['ceph']['radosgw']['rgw_port']` - if set, connects to the radosgw fastcgi over this port instead of a unix socket
+* `node['ceph']['radosgw']['port']` - Port of the rgw. Defaults to 80
 * `node['ceph']['radosgw']['webserver_companion']` - defaults to 'apache2', but it can be set to 'civetweb', or to false in order to leave it unconfigured
 * `node['ceph']['radosgw']['path']` - where to save the s3gw.fcgi file
 * `node['ceph']['config']['global']['rgw dns name']` -  the main domain of the radosgw daemon, to calculate the bucket name from a subdomain

attributes/default.rb

@@ -37,6 +37,7 @@
 default['ceph']['mon']['tag'] = 'ceph-mon'
 default['ceph']['osd']['tag'] = 'ceph-osd'
 default['ceph']['mds']['tag'] = 'ceph-mds'
+default['ceph']['restapi']['tag'] = 'ceph-restapi'
 
 default['ceph']['install_repo'] = true
 default['ceph']['btrfs'] = false

attributes/radosgw.rb

@@ -35,8 +35,7 @@
 
 default['ceph']['radosgw']['api_fqdn'] = 'localhost'
 default['ceph']['radosgw']['admin_email'] = '[email protected]'
-default['ceph']['radosgw']['rgw_addr'] = '*:80'
-default['ceph']['radosgw']['rgw_port'] = false
+default['ceph']['radosgw']['port'] = 80
 default['ceph']['radosgw']['webserver'] = 'civetweb'
 
 # init_style in each major section is allowed so that radosgw or osds or mons etc could be a different OS if required.
@@ -56,7 +55,7 @@
 default['ceph']['radosgw']['user']['test']['access_key'] = ceph_chef_secure_password_alphanum_upper(20)
 default['ceph']['radosgw']['user']['test']['secret'] = ceph_chef_secure_password(40)
 default['ceph']['radosgw']['user']['test']['max_buckets'] = 3
-default['ceph']['radosgw']['user']['test']['caps'] = 'usage=read; user=read; bucket=read;'
+default['ceph']['radosgw']['user']['test']['caps'] = 'usage=read; user=read; bucket=*'
 
 default['ceph']['radosgw']['secret_file'] = '/etc/chef/secrets/ceph_chef_rgw'
 

attributes/repo.rb

@@ -17,6 +17,11 @@
 default['ceph']['branch'] = 'stable' # Can be stable, testing or dev.
 # Major release version to install or gitbuilder branch
 default['ceph']['version'] = 'hammer'
+# NOTE: If the version is greater than 'hammer' then change owner and group to 'ceph'
+default['ceph']['owner'] = 'root'
+default['ceph']['group'] = 'root'
+default['ceph']['mode'] = 0755
+
 default['ceph']['el_version'] = 'el7'
 default['ceph']['el_add_epel'] = true
 default['ceph']['repo_url'] = 'http://ceph.com'

attributes/restapi.rb

@@ -0,0 +1,28 @@
+#
+# Cookbook Name:: ceph
+# Attributes:: restapi
+#
+# Copyright 2015, Bloomberg Finance L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_attribute 'ceph-chef'
+
+default['ceph']['restapi']['port'] = 5080
+default['ceph']['restapi']['base_url'] = '/api/v0.1'
+default['ceph']['restapi']['log']['level'] = 'warning'
+
+default['ceph']['restapi']['role'] = 'search-ceph-restapi'
+
+default['ceph']['restapi']['secret_file'] = '/etc/chef/secrets/ceph_chef_restapi'

libraries/ceph_chef_helper.rb

@@ -55,6 +55,18 @@ def ceph_chef_is_radosgw_node
   val
 end
 
+def ceph_chef_is_restapi_node
+  val = false
+  nodes = ceph_chef_restapi_nodes
+  nodes.each do |n|
+    if n['hostname'] == node['hostname']
+      val = true
+      break
+    end
+  end
+  val
+end
+
 def ceph_chef_is_admin_node
   val = false
   nodes = ceph_chef_admin_nodes
@@ -202,6 +214,27 @@ def ceph_chef_save_radosgw_secret(secret)
   secret
 end
 
+def ceph_chef_restapi_secret
+  if node['ceph']['encrypted_data_bags']
+    secret = Chef::EncryptedDataBagItem.load_secret(node['ceph']['restapi']['secret_file'])
+    Chef::EncryptedDataBagItem.load('ceph', 'restapi', secret)['secret']
+  elsif !ceph_chef_restapi_nodes.empty?
+    ceph_chef_save_restapi_secret(ceph_chef_restapi_nodes[0]['ceph']['restapi-secret'])
+    ceph_chef_restapi_nodes[0]['ceph']['restapi-secret']
+  elsif node['ceph']['restapi-secret']
+    node['ceph']['restapi-secret']
+  else
+    Chef::Log.info('No restapi secret found')
+    nil
+  end
+end
+
+def ceph_chef_save_restapi_secret(secret)
+  node.set['ceph']['restapi-secret'] = secret
+  node.save
+  secret
+end
+
 # If public_network is specified with one or more networks, we need to
 # search for a matching monitor IP in the node environment.
 # 1. For each public network specified:
@@ -257,7 +290,6 @@ def ceph_chef_ip_address_to_ceph_chef_address(ip, params)
 # For this function to work, this cookbook will need to be part of a wrapper or project that implements ceph-mon role
 # Returns a list of nodes (not hostnames!)
 def ceph_chef_mon_nodes
-  # results = search(:node, "role:#{node['ceph']['mon']['role']} AND chef_environment:#{node.chef_environment}")
   results = search(:node, "tags:#{node['ceph']['mon']['tag']}")
   results.map! { |x| x['hostname'] == node['hostname'] ? node : x }
   if !results.include?(node) && node.run_list.roles.include?(node['ceph']['mon']['role'])
@@ -267,7 +299,6 @@ def ceph_chef_mon_nodes
 end
 
 def ceph_chef_osd_nodes
-  # results = search(:node, "role:#{node['ceph']['osd']['role']} AND chef_environment:#{node.chef_environment}")
   results = search(:node, "tags:#{node['ceph']['osd']['tag']}")
   results.map! { |x| x['hostname'] == node['hostname'] ? node : x }
   if !results.include?(node) && node.run_list.roles.include?(node['ceph']['osd']['role'])
@@ -277,7 +308,6 @@ def ceph_chef_osd_nodes
 end
 
 def ceph_chef_radosgw_nodes
-  # results = search(:node, "role:#{node['ceph']['radosgw']['role']} AND chef_environment:#{node.chef_environment}")
   results = search(:node, "tags:#{node['ceph']['radosgw']['tag']}")
   results.map! { |x| x['hostname'] == node['hostname'] ? node : x }
   if !results.include?(node) && node.run_list.roles.include?(node['ceph']['radosgw']['role'])
@@ -286,8 +316,16 @@ def ceph_chef_radosgw_nodes
   results.sort! { |a, b| a['hostname'] <=> b['hostname'] }
 end
 
+def ceph_chef_restapi_nodes
+  results = search(:node, "tags:#{node['ceph']['restapi']['tag']}")
+  results.map! { |x| x['hostname'] == node['hostname'] ? node : x }
+  if !results.include?(node) && node.run_list.roles.include?(node['ceph']['restapi']['role'])
+    results.push(node)
+  end
+  results.sort! { |a, b| a['hostname'] <=> b['hostname'] }
+end
+
 def ceph_chef_admin_nodes
-  # results = search(:node, "role:#{node['ceph']['admin']['role']} AND chef_environment:#{node.chef_environment}")
   results = search(:node, "tags:#{node['ceph']['admin']['tag']}")
   results.map! { |x| x['hostname'] == node['hostname'] ? node : x }
   if !results.include?(node) && node.run_list.roles.include?(node['ceph']['admin']['role'])
@@ -297,7 +335,6 @@ def ceph_chef_admin_nodes
 end
 
 def ceph_chef_mds_nodes
-  # results = search(:node, "role:#{node['ceph']['mds']['role']} AND chef_environment:#{node.chef_environment}")
   results = search(:node, "tags:#{node['ceph']['mds']['tag']}")
   results.map! { |x| x['hostname'] == node['hostname'] ? node : x }
   if !results.include?(node) && node.run_list.roles.include?(node['ceph']['mds']['role'])

metadata.rb

@@ -1,10 +1,10 @@
 name 'ceph-chef'
 maintainer 'Chris Jones'
-maintainer_email '[email protected]'
+maintainer_email '[email protected]'
 license 'Apache v2.0'
 description 'Installs/Configures Ceph (Hammer and above)'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.9.1'
+version '0.9.3'
 
 depends	'apache2', '>= 1.1.12'
 depends 'apt'
@@ -14,3 +14,6 @@
 supports 'ubuntu', '>= 14.04'
 supports 'redhat', '>= 7.1'
 supports 'centos', '>= 7.1'
+
+issues_url 'https://github.com/ceph/ceph-chef/issues'
+source_url 'https://github.com/ceph/ceph-chef'

recipes/admin_client.rb

@@ -17,17 +17,22 @@
 # limitations under the License.
 #
 
+keyring = "/etc/ceph/#{node['ceph']['cluster']}.client.admin.keyring"
+
 # This will execute on other nodes besides the first mon node.
 execute 'format ceph-admin-secret as keyring' do
-  command lazy { "ceph-authtool --create-keyring /etc/ceph/#{node['ceph']['cluster']}.client.admin.keyring --name=client.admin --add-key='#{node['ceph']['admin-secret']}' --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *'" }
+  command lazy { "ceph-authtool --create-keyring #{keyring} --name=client.admin --add-key='#{node['ceph']['admin-secret']}' --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *'" }
+  creates keyring
   only_if { ceph_chef_admin_secret }
   sensitive true if Chef::Resource::Execute.method_defined? :sensitive
 end
 
 execute 'gen ceph-admin-secret' do
-  command lazy { "ceph-authtool --create-keyring /etc/ceph/#{node['ceph']['cluster']}.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *'" }
+  command lazy { "ceph-authtool --create-keyring #{keyring} --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *'" }
+  creates keyring
   not_if { ceph_chef_admin_secret }
   notifies :create, 'ruby_block[save ceph_chef_admin_secret]', :immediately
+  sensitive true if Chef::Resource::Execute.method_defined? :sensitive
 end
 
 ruby_block 'save ceph_chef_admin_secret' do

recipes/conf.rb

@@ -47,7 +47,8 @@
       :fsid_secret => ceph_chef_fsid_secret,
       :mon_addresses => ceph_chef_mon_addresses,
       :is_rbd => node['ceph']['is_rbd'],
-      :is_rgw => ceph_chef_is_radosgw_node
+      :is_rgw => ceph_chef_is_radosgw_node,
+      :is_rest_api => ceph_chef_is_restapi_node
     }
   }
   mode '0644'

recipes/default.rb

@@ -26,4 +26,11 @@
 end
 
 # Can't put compile_time false because of templates
+# Since the cookbook will run where no net access exists then you should pre-install netaddr so check to see if it exists.
+#netadd = Mixlib::ShellOut.new('gem list | grep netaddr')
+#netadd.run_command
+#if !netadd.stdout
+#  chef_gem 'netaddr'
+#end
+
 chef_gem 'netaddr'

recipes/mon_start.rb

@@ -38,8 +38,10 @@
       command 'systemctl start ceph.target'
     end
   else
-    execute 'raw mon start' do
-      command 'service ceph start mon'
+    service 'ceph_mon' do
+      service_name 'ceph'
+      supports :restart => true, :status => true
+      action [:enable, :start]
     end
   end
 end

recipes/osd_start_all.rb

@@ -32,7 +32,12 @@
     supports :restart => true
   end
 else
-  execute 'raw osd start' do
-    command 'service ceph start osd'
+  # execute 'raw osd start' do
+  #   command 'service ceph start osd'
+  # end
+  service 'ceph_osd' do
+    service_name 'ceph'
+    supports :restart => true, :status => true
+    action [:enable, :start]
   end
 end

recipes/pools_create.rb

@@ -22,15 +22,16 @@
 if node['ceph']['pools']['active']
   node['ceph']['pools']['active'].each do |pool|
     # Create pool and set type (replicated or erasure - default is replicated)
-    node['ceph']['pools']["#{pool}"]['names'].each do |name|
+    # #{pool}
+    node['ceph']['pools'][pool]['names'].each do |name|
       pool_name = ".#{name}"
 
       ceph_chef_pool pool_name do
         action :create
-        pg_num node['ceph']['pools']["#{pool}"]['settings']['pg_num']
-        pgp_num node['ceph']['pools']["#{pool}"]['settings']['pgp_num']
-        type node['ceph']['pools']["#{pool}"]['settings']['type']
-        options node['ceph']['pools']["#{pool}"]['settings']['options'] if node['ceph']['pools']["#{pool}"]['settings']['options']
+        pg_num node['ceph']['pools'][pool]['settings']['pg_num']
+        pgp_num node['ceph']['pools'][pool]['settings']['pgp_num']
+        type node['ceph']['pools'][pool]['settings']['type']
+        options node['ceph']['pools'][pool]['settings']['options'] if node['ceph']['pools'][pool]['settings']['options']
       end
 
       # TODO: Need to add for calculated PGs options

recipes/pools_delete.rb

@@ -24,7 +24,7 @@
 
 if node['ceph']['pools']['active']
   node['ceph']['pools']['active'].each do |pool|
-    node['ceph']['pools']["#{pool}"]['names'].each do |name|
+    node['ceph']['pools'][pool]['names'].each do |name|
       # pool_name = "#{node['ceph']['cluster']}.#{name}"
       pool_name = ".#{name}"
 

recipes/pools_set.rb

@@ -25,25 +25,27 @@
 if node['ceph']['pools']['active']
   node['ceph']['pools']['active'].each do |pool|
     # Create pool and set type (replicated or erasure - default is replicated)
-    node['ceph']['pools']["#{pool}"]['names'].each do |name|
-      cluster = ".#{node['ceph']['cluster']}" unless "#{node['ceph']['cluster']}".downcase == 'ceph'
+    node['ceph']['pools'][pool]['names'].each do |name|
+      cluster = ".#{node['ceph']['cluster']}" unless node['ceph']['cluster'].downcase == 'ceph'
       pool_name = "#{cluster}.#{name}"
 
       # TODO: Need to add for calculated PGs options
       # TODO: Need to add crush_rule_set
       # TODO: Add other options later for EC etc...
 
-      if node['ceph']['pools']["#{pool}"]['settings']['size']
-        val = node['ceph']['pools']["#{pool}"]['settings']['size']
-      else
-        val = node['ceph']['osd']['size']['max']
-      end
+      if node['ceph']['pools'][pool]['settings']['type'] == 'replicated'
+        if node['ceph']['pools'][pool]['settings']['size']
+          val = node['ceph']['pools'][pool]['settings']['size']
+        else
+          val = node['ceph']['osd']['size']['max']
+        end
 
-      # Set...
-      ceph_chef_pool pool_name do
-        action :set
-        key 'size'
-        value val
+        # Set replicas...
+        ceph_chef_pool pool_name do
+          action :set
+          key 'size'
+          value val
+        end
       end
     end
   end

recipes/radosgw.rb

@@ -66,33 +66,36 @@
 
 # NOTE: This base_key can also be the bootstrap-rgw key (ceph.keyring) if desired. Just change it here.
 base_key = "/etc/ceph/#{node['ceph']['cluster']}.client.admin.keyring"
+keyring = "/etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring"
 
 # NOTE: If the rgw keyring exists and you are using the same key on for different nodes (load balancing) then
 # this method will work well. Since the key is already part of the cluster the only thing needed is to copy it
 # to the correct area (where ever the ceph.conf settings are pointing to on the given node). You can keep things
 # simple by keeping the same ceph.conf the same (except for hostname info) for each rgw node.
+
 execute 'write ceph-radosgw-secret' do
-  command lazy { "ceph-authtool /etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring --create-keyring --name=client.radosgw.#{node['hostname']} --add-key='#{node['ceph']['radosgw-secret']}'" }
+  command lazy { "ceph-authtool #{keyring} --create-keyring --name=client.radosgw.#{node['hostname']} --add-key='#{node['ceph']['radosgw-secret']}'" }
+  creates keyring
   only_if { ceph_chef_radosgw_secret }
   sensitive true if Chef::Resource::Execute.method_defined? :sensitive
 end
 
-bash 'gen client-radosgw-secret' do
-  code <<-EOH
-    ceph-authtool --create-keyring /etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring
-    ceph-authtool /etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring -n client.radosgw.#{node['hostname']} --gen-key
-    ceph-authtool -n client.radosgw.#{node['hostname']} --cap osd 'allow rwx' --cap mon 'allow rw' /etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring
+execute 'gen client-radosgw-secret' do
+  command <<-EOH
+    ceph-authtool --create-keyring #{keyring} -n client.radosgw.#{node['hostname']} --gen-key --cap osd 'allow rwx' --cap mon 'allow rw'
     ceph -k #{base_key} auth add client.radosgw.#{node['hostname']} -i /etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring
   EOH
+  creates keyring
   not_if { ceph_chef_radosgw_secret }
   notifies :create, 'ruby_block[save radosgw_secret]', :immediately
+  sensitive true if Chef::Resource::Execute.method_defined? :sensitive
 end
 
 # This ruby_block saves the key if it is needed at any other point plus this and all node data is saved on the
 # Chef Server for this given node
 ruby_block 'save radosgw_secret' do
   block do
-    fetch = Mixlib::ShellOut.new("ceph-authtool /etc/ceph/#{node['ceph']['cluster']}.client.radosgw.keyring --print-key")
+    fetch = Mixlib::ShellOut.new("ceph-authtool #{keyring} --print-key")
     fetch.run_command
     key = fetch.stdout
     node.set['ceph']['radosgw-secret'] = key.delete!("\n")