Skip to content

Commit

Permalink
Add Swift adoption docs and tests
Browse files Browse the repository at this point in the history
Adds documentation and tests to adopt an existing Swift object storage
workload. This does not yet include migrating data itself.
  • Loading branch information
cschwede committed Feb 16, 2024
1 parent 6be9a9f commit 1b04d59
Show file tree
Hide file tree
Showing 12 changed files with 265 additions and 2 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@ links:
* [Contributing to documentation](https://openstack-k8s-operators.github.io/data-plane-adoption/contributing/documentation/) -
how to build docs locally, docs patterns and tips.

* [Tests](https://openstack-k8s-operators.github.io/data-plane-adoption/contributing/tests/) -
* [Tests](https://openstack-k8s-operators.github.io/data-plane-adoption/dev/tests/#_tests) -
information about the test suite, and how to run it.
11 changes: 11 additions & 0 deletions docs_dev/assemblies/development_environment.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,17 @@ sudo ip addr add dev vlan20 172.17.0.222/24
sudo ip link set up dev vlan20
----

To adopt the Swift service as well, route VLAN23 to have access to the storage
backend services:

[,bash]
----
EDPM_BRIDGE=$(sudo virsh dumpxml edpm-compute-0 | grep -oP "(?<=bridge=').*(?=')")
sudo ip link add link $EDPM_BRIDGE name vlan23 type vlan id 23
sudo ip addr add dev vlan23 172.20.0.222/24
sudo ip link set up dev vlan23
----

=== Snapshot/revert

When the deployment of the Standalone OpenStack is finished, it's a
Expand Down
1 change: 1 addition & 0 deletions docs_user/assemblies/openstack_adoption.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ include::../modules/openstack-mariadb_copy.adoc[leveloffset=+1]
include::../modules/openstack-ovn_adoption.adoc[leveloffset=+1]
include::../modules/openstack-keystone_adoption.adoc[leveloffset=+1]
include::../modules/openstack-neutron_adoption.adoc[leveloffset=+1]
include::../modules/openstack-swift_adoption.adoc[leveloffset=+1]
include::../modules/openstack-glance_adoption.adoc[leveloffset=+1]
include::../modules/openstack-placement_adoption.adoc[leveloffset=+1]
include::../modules/openstack-nova_adoption.adoc[leveloffset=+1]
Expand Down
2 changes: 2 additions & 0 deletions docs_user/modules/openstack-backend_services_deployment.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ NEUTRON_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' NeutronPassw
NOVA_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' NovaPassword:' | awk -F ': ' '{ print $2; }')
OCTAVIA_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' OctaviaPassword:' | awk -F ': ' '{ print $2; }')
PLACEMENT_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' PlacementPassword:' | awk -F ': ' '{ print $2; }')
SWIFT_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' SwiftPassword:' | awk -F ': ' '{ print $2; }')
----

== Pre-checks
Expand Down Expand Up @@ -121,6 +122,7 @@ oc set data secret/osp-secret "NeutronPassword=$NEUTRON_PASSWORD"
oc set data secret/osp-secret "NovaPassword=$NOVA_PASSWORD"
oc set data secret/osp-secret "OctaviaPassword=$OCTAVIA_PASSWORD"
oc set data secret/osp-secret "PlacementPassword=$PLACEMENT_PASSWORD"
oc set data secret/osp-secret "SwiftPassword=$SWIFT_PASSWORD"
----

* Deploy OpenStackControlPlane. *Make sure to only enable DNS,
Expand Down
2 changes: 1 addition & 1 deletion docs_user/modules/openstack-stop_openstack_services.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Since gracefully stopping all services is non-trivial and beyond the scope of th
recommendations on how to check some things in the services.

Note that you should not stop the infrastructure management services yet, such as database, RabbitMQ, and HAProxy Load Balancer, nor should you stop the
Nova compute service and containerized modular libvirt daemons.
Nova compute service, containerized modular libvirt daemons and Swift storage backend services.

== Variables

Expand Down
150 changes: 150 additions & 0 deletions docs_user/modules/openstack-swift_adoption.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
[id="adopting-the-object-storage-service_{context}"]

//:context: adopting-object-storage-service

= Adopting the Object Storage service

== Limitations

* The described process does not migrate data from existing nodes yet. Data is
still stored on existing nodes, but is accessed through the Swift proxy
instance running on the OpenShift control plane.

== Prerequisites

* Previous adoption steps completed.
* The Swift storage backend services must NOT be stopped.
* Storage network has been properly configured on the OpenShift cluster.

== Variables

No new environmental variables need to be defined, though you use the
`CONTROLLER1_SSH` that was defined in a previous step for the pre-checks.

== Pre-checks

== Copy over swift.conf file

* Create the `swift-conf` secret, containing the Swift hash path suffix and prefix:
+
[source,yaml]
----
oc apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: swift-conf
namespace: openstack
type: Opaque
data:
swift.conf: $($CONTROLLER1_SSH cat /var/lib/config-data/puppet-generated/swift/etc/swift/swift.conf | base64 -w0)
EOF
----

== Copy existing Swift ring files

* Create the `swift-ring-files` configmap, containing the Swift ring files:
+
[source,yaml]
----
oc apply -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: swift-ring-files
binaryData:
swiftrings.tar.gz: $($CONTROLLER1_SSH "cd /var/lib/config-data/puppet-generated/swift/etc/swift && tar cz *.builder *.ring.gz backups/ | base64 -w0")
EOF
----

== Procedure - Swift adoption

* Patch OpenStackControlPlane to deploy Swift:
+
[source,yaml]
----
oc patch openstackcontrolplane openstack --type=merge --patch '
spec:
swift:
enabled: true
template:
secret: osp-secret
swiftConfSecret: swift-conf
memcachedInstance: memcached
swiftRing:
ringReplicas: 1
swiftStorage:
replicas: 0
networkAttachments:
- storage
storageClass: local-storage
storageRequest: 10Gi
swiftProxy:
secret: osp-secret
replicas: 1
passwordSelectors:
service: SwiftPassword
serviceUser: swift
override:
service:
internal:
metadata:
annotations:
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/allow-shared-ip: internalapi
metallb.universe.tf/loadBalancerIPs: 172.17.0.80
spec:
type: LoadBalancer
networkAttachments:
- storage
'
----

== Post-checks

=== Inspect the resulting swift service pods

[,bash]
----
oc get pods -l app.kubernetes.io/name=SwiftProxy
----

=== Check that Swift proxy service is registered in Keystone:

[,bash]
----
openstack service list | grep swift
| b5b9b1d3c79241aa867fa2d05f2bbd52 | swift | object-store |
----

[,bash]
----
openstack endpoint list | grep swift
| 32ee4bd555414ab48f2dc90a19e1bcd5 | regionOne | swift | object-store | True | public | https://swift-public-openstack.apps-crc.testing/v1/AUTH_%(tenant_id)s |
| db4b8547d3ae4e7999154b203c6a5bed | regionOne | swift | object-store | True | internal | http://swift-internal.openstack.svc:8080/v1/AUTH_%(tenant_id)s |
----

=== Verify resources

Check that you are able to up- and download objects:

[,bash]
----
echo "Hello World!" > obj
openstack container create test
+---------------------------------------+-----------+------------------------------------+
| account | container | x-trans-id |
+---------------------------------------+-----------+------------------------------------+
| AUTH_4d9be0a9193e4577820d187acdd2714a | test | txe5f9a10ce21e4cddad473-0065ce41b9 |
+---------------------------------------+-----------+------------------------------------+
openstack object create test obj
+--------+-----------+----------------------------------+
| object | container | etag |
+--------+-----------+----------------------------------+
| obj | test | d41d8cd98f00b204e9800998ecf8427e |
+--------+-----------+----------------------------------+
openstack object save test obj --file -
Hello World!
----
1 change: 1 addition & 0 deletions tests/playbooks/test_minimal.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
- ovn_adoption
- keystone_adoption
- neutron_adoption
- swift_adoption
- glance_adoption
- placement_adoption
- nova_adoption
Expand Down
1 change: 1 addition & 0 deletions tests/roles/backend_services/defaults/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ octavia_password: ''
placement_password: ''
heat_password: ''
heat_auth_encryption_key: ''
swift_password: ''
3 changes: 3 additions & 0 deletions tests/roles/backend_services/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@
{% if manila_password %}
oc set data secret/osp-secret "ManilaPassword={{ manila_password }}"
{% endif %}
{% if swift_password %}
oc set data secret/osp-secret "SwiftPassword={{ swift_password }}"
{% endif %}
- name: when not a periodic CI job use the base deployment
when: not periodic|default(false)
Expand Down
2 changes: 2 additions & 0 deletions tests/roles/swift_adoption/meta/main.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
dependencies:
- role: common_defaults
91 changes: 91 additions & 0 deletions tests/roles/swift_adoption/tasks/main.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
- name: Add swift.conf secret
ansible.builtin.shell: |
{{ shell_header }}
{{ oc_header }}
CONTROLLER1_SSH="{{ controller1_ssh }}"
oc apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: swift-conf
namespace: openstack
type: Opaque
data:
swift.conf: $($CONTROLLER1_SSH cat /var/lib/config-data/puppet-generated/swift/etc/swift/swift.conf | base64 -w0)
EOF
- name: Add swift ring files configmap
ansible.builtin.shell: |
{{ shell_header }}
{{ oc_header }}
CONTROLLER1_SSH="{{ controller1_ssh }}"
oc apply -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: swift-ring-files
binaryData:
swiftrings.tar.gz: $($CONTROLLER1_SSH "cd /var/lib/config-data/puppet-generated/swift/etc/swift && tar cz *.builder *.ring.gz backups/ | base64 -w0")
EOF
- name: Deploy podified Swift
ansible.builtin.shell: |
{{ shell_header }}
{{ oc_header }}
oc patch openstackcontrolplane openstack --type=merge --patch '
spec:
swift:
enabled: true
template:
secret: osp-secret
swiftConfSecret: swift-conf
memcachedInstance: memcached
swiftRing:
ringReplicas: 1
swiftStorage:
replicas: 0
networkAttachments:
- storage
storageClass: local-storage
storageRequest: 10Gi
swiftProxy:
secret: osp-secret
replicas: 1
passwordSelectors:
service: SwiftPassword
serviceUser: swift
override:
service:
internal:
metadata:
annotations:
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/allow-shared-ip: internalapi
metallb.universe.tf/loadBalancerIPs: 172.17.0.80
spec:
type: LoadBalancer
networkAttachments:
- storage
'
- name: Wait for Swift to start up
ansible.builtin.shell: |
{{ shell_header }}
{{ oc_header }}
oc get pod -l app.kubernetes.io/name=SwiftProxy -o jsonpath='{.items[0].status.phase}{"\n"}' | grep Running
register: swift_running_result
until: swift_running_result is success
retries: 60
delay: 2

- name: check that Swift is reachable and its endpoints are defined
ansible.builtin.shell: |
{{ shell_header }}
{{ oc_header }}
alias openstack="oc exec -t openstackclient -- openstack"
${BASH_ALIASES[openstack]} endpoint list | grep -i object-store
${BASH_ALIASES[openstack]} container list
register: swift_responding_result
until: swift_responding_result is success
retries: 15
1 change: 1 addition & 0 deletions tests/secrets.sample.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ heat_auth_encryption_key: "{{ lookup('file', tripleo_passwords) | from_yaml | co
nova_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.NovaPassword') | first }}"
octavia_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.OctaviaPassword') | first }}"
placement_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.PlacementPassword') | first }}"
swift_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.SwiftPassword') | first }}"

# Controller SSH connection strings for the MariaDB copy procedure.
# Use ":" for controler 2 and 3 if you are testing with a single controller.
Expand Down

0 comments on commit 1b04d59

Please sign in to comment.