Re: OpenStack and ceph integration with puppet

[Loic Dachary <loic@dachary.org>]

[-- Attachment #1: Type: text/plain, Size: 2947 bytes --]



On 09/10/2013 22:46, Loic Dachary wrote:
> 
> 
> On 08/10/2013 16:20, Don Talton (dotalton) wrote:> Hi Loic, 
>>
> 
>> We utilize stackforge's puppet modules to do our heavy lifting, including p-openstack, p-cinder, p-glance. There are dependency chains so that services will be restarted after configuration changes are made. Since many of our customers don't allow their baremetal  nodes Internet access, we've added the packages to our APT repo to avoid the version issues with using either stock or public packages.
>>
>> You can probably find some other useful code the https://github.com/CiscoSystems/ repo, including what is needed to cohabitate MON/OSD nodes with OpenStack service nodes (https://github.com/CiscoSystems/puppet-coe/tree/grizzly/manifests/ceph) and more. The primary orchestration is in grizzly-manifests. You can see HOWTOs for different deployment scenarios here: http://docwiki.cisco.com/wiki/OpenStack:Ceph-COI-Installation. 
>>
>> Hope this helps some!
> 
> It does and it's great that all this is documented :-) Although there are a few modules around, re-using ceph-deploy seems to be the preferred method. I wonder what Alfredo would suggest. From a previous discussion we had I think he will suggest to use ceph-disk directly + cli / rest call instead. Looking at 
> 
> https://github.com/ceph/ceph-deploy/blob/master/ceph_deploy/new.py
> https://github.com/ceph/ceph-deploy/blob/master/ceph_deploy/mon.py
> etc.
> 
> the layer provided by ceph-deploy is indeed thin. But is it something that needs to be duplicated in a puppet module ?
> 

I took a look at ceph-deploy and it won't rely on sudo if run from root

ceph_deploy/sudo_pushy.py
def needs_sudo():
    if getpass.getuser() == 'root':
        return False
    return True

and that it won't rely on ssh if the target host is localhost:

ceph_deploy/lib/remoto/connection.py
def needs_ssh(hostname, _socket=None):
    """
    Obtains remote hostname of the socket and cuts off the domain part
    of its FQDN.
    """
    _socket = _socket or socket
    local_hostname = _socket.gethostname()
    local_short_hostname = local_hostname.split('.')[0]
    if local_hostname == hostname or local_short_hostname == hostname:
        return False
    return True

Since puppet-cephdeploy runs on the target host as root, it means that

puppet-cephdeploy/manifests/init.pp
  file {"/home/$user/.ssh/authorized_keys":
...
etc.

could probably be avoided since puppet-cephdeploy/manifests/mon.pp runs

command => "/usr/local/bin/ceph-deploy mon create $::hostname",

runs as root, on the target host.

I'm not sure if the distribution of the keys would work though as it relies on files collected by "gatherkeys" which is still a little mysterious for me :-)

Cheers

-- 
Loïc Dachary, Artisan Logiciel Libre
All that is necessary for the triumph of evil is that good people do nothing.






[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 263 bytes --]