[ceph.git] / ceph / qa / tasks / rgw.py

"""
rgw routines
"""
import argparse
import contextlib
import logging

from teuthology.orchestra import run
from teuthology import misc as teuthology
from teuthology import contextutil
from teuthology.exceptions import ConfigError
from tasks.ceph_manager import get_valgrind_args
from tasks.util import get_remote_for_role
from tasks.util.rgw import rgwadmin, wait_for_radosgw
from tasks.util.rados import (create_ec_pool,
                              create_replicated_pool,
                              create_cache_pool)

log = logging.getLogger(__name__)

class RGWEndpoint:
    def __init__(self, hostname=None, port=None, cert=None, dns_name=None, website_dns_name=None):
        self.hostname = hostname
        self.port = port
        self.cert = cert
        self.dns_name = dns_name
        self.website_dns_name = website_dns_name

    def url(self):
        proto = 'https' if self.cert else 'http'
        return '{proto}://{hostname}:{port}/'.format(proto=proto, hostname=self.hostname, port=self.port)

@contextlib.contextmanager
def start_rgw(ctx, config, clients):
    """
    Start rgw on remote sites.
    """
    log.info('Starting rgw...')
    testdir = teuthology.get_testdir(ctx)
    for client in clients:
        (remote,) = ctx.cluster.only(client).remotes.keys()
        cluster_name, daemon_type, client_id = teuthology.split_role(client)
        client_with_id = daemon_type + '.' + client_id
        client_with_cluster = cluster_name + '.' + client_with_id

        client_config = config.get(client)
        if client_config is None:
            client_config = {}
        log.info("rgw %s config is %s", client, client_config)
        cmd_prefix = [
            'sudo',
            'adjust-ulimits',
            'ceph-coverage',
            '{tdir}/archive/coverage'.format(tdir=testdir),
            'daemon-helper',
            'term',
            ]

        rgw_cmd = ['radosgw']

        log.info("Using %s as radosgw frontend", ctx.rgw.frontend)

        endpoint = ctx.rgw.role_endpoints[client]
        frontends = ctx.rgw.frontend
        frontend_prefix = client_config.get('frontend_prefix', None)
        if frontend_prefix:
            frontends += ' prefix={pfx}'.format(pfx=frontend_prefix)

        if endpoint.cert:
            # add the ssl certificate path
            frontends += ' ssl_certificate={}'.format(endpoint.cert.certificate)
            frontends += ' ssl_port={}'.format(endpoint.port)
        else:
            frontends += ' port={}'.format(endpoint.port)

        rgw_cmd.extend([
            '--rgw-frontends', frontends,
            '-n', client_with_id,
            '--cluster', cluster_name,
            '-k', '/etc/ceph/{client_with_cluster}.keyring'.format(client_with_cluster=client_with_cluster),
            '--log-file',
            '/var/log/ceph/rgw.{client_with_cluster}.log'.format(client_with_cluster=client_with_cluster),
            '--rgw_ops_log_socket_path',
            '{tdir}/rgw.opslog.{client_with_cluster}.sock'.format(tdir=testdir,
                                                     client_with_cluster=client_with_cluster),
	    ])

        keystone_role = client_config.get('use-keystone-role', None)
        if keystone_role is not None:
            if not ctx.keystone:
                raise ConfigError('rgw must run after the keystone task')
            url = 'http://{host}:{port}/v1/KEY_$(tenant_id)s'.format(host=endpoint.hostname,
                                                                     port=endpoint.port)
            ctx.keystone.create_endpoint(ctx, keystone_role, 'swift', url)

            keystone_host, keystone_port = \
                ctx.keystone.public_endpoints[keystone_role]
            rgw_cmd.extend([
                '--rgw_keystone_url',
                'http://{khost}:{kport}'.format(khost=keystone_host,
                                                kport=keystone_port),
                ])


        if client_config.get('dns-name') is not None:
            rgw_cmd.extend(['--rgw-dns-name', endpoint.dns_name])
        if client_config.get('dns-s3website-name') is not None:
            rgw_cmd.extend(['--rgw-dns-s3website-name', endpoint.website_dns_name])


        vault_role = client_config.get('use-vault-role', None)
        barbican_role = client_config.get('use-barbican-role', None)
        pykmip_role = client_config.get('use-pykmip-role', None)

        token_path = '/etc/ceph/vault-root-token'
        if barbican_role is not None:
            if not hasattr(ctx, 'barbican'):
                raise ConfigError('rgw must run after the barbican task')

            barbican_host, barbican_port = \
                ctx.barbican.endpoints[barbican_role]
            log.info("Use barbican url=%s:%s", barbican_host, barbican_port)

            rgw_cmd.extend([
                '--rgw_barbican_url',
                'http://{bhost}:{bport}'.format(bhost=barbican_host,
                                                bport=barbican_port),
                ])
        elif vault_role is not None:
            if not ctx.vault.root_token:
                raise ConfigError('vault: no "root_token" specified')
            # create token on file
            ctx.rgw.vault_role = vault_role
            ctx.cluster.only(client).run(args=['sudo', 'echo', '-n', ctx.vault.root_token, run.Raw('|'), 'sudo', 'tee', token_path])
            log.info("Token file content")
            ctx.cluster.only(client).run(args=['cat', token_path])
            log.info("Restrict access to token file")
            ctx.cluster.only(client).run(args=['sudo', 'chmod', '600', token_path])
            ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', token_path])

            rgw_cmd.extend([
                '--rgw_crypt_vault_addr', "{}:{}".format(*ctx.vault.endpoints[vault_role]),
                '--rgw_crypt_vault_token_file', token_path
            ])
        elif pykmip_role is not None:
            if not hasattr(ctx, 'pykmip'):
                raise ConfigError('rgw must run after the pykmip task')
            ctx.rgw.pykmip_role = pykmip_role
            rgw_cmd.extend([
                '--rgw_crypt_kmip_addr', "{}:{}".format(*ctx.pykmip.endpoints[pykmip_role]),
            ])

            clientcert = ctx.ssl_certificates.get('kmip-client')
            servercert = ctx.ssl_certificates.get('kmip-server')
            clientca = ctx.ssl_certificates.get('kmiproot')

            clientkey = clientcert.key
            clientcert = clientcert.certificate
            serverkey = servercert.key
            servercert = servercert.certificate
            rootkey = clientca.key
            rootcert = clientca.certificate

            cert_path = '/etc/ceph/'
            ctx.cluster.only(client).run(args=['sudo', 'cp', clientcert, cert_path])
            ctx.cluster.only(client).run(args=['sudo', 'cp', clientkey, cert_path])
            ctx.cluster.only(client).run(args=['sudo', 'cp', servercert, cert_path])
            ctx.cluster.only(client).run(args=['sudo', 'cp', serverkey, cert_path])
            ctx.cluster.only(client).run(args=['sudo', 'cp', rootkey, cert_path])
            ctx.cluster.only(client).run(args=['sudo', 'cp', rootcert, cert_path])

            clientcert = cert_path + 'kmip-client.crt'
            clientkey = cert_path + 'kmip-client.key'
            servercert = cert_path + 'kmip-server.crt'
            serverkey = cert_path + 'kmip-server.key'
            rootkey = cert_path + 'kmiproot.key'
            rootcert = cert_path + 'kmiproot.crt'

            ctx.cluster.only(client).run(args=['sudo', 'chmod', '600', clientcert, clientkey, servercert, serverkey, rootkey, rootcert])
            ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', clientcert, clientkey, servercert, serverkey, rootkey, rootcert])

        rgw_cmd.extend([
            '--foreground',
            run.Raw('|'),
            'sudo',
            'tee',
            '/var/log/ceph/rgw.{client_with_cluster}.stdout'.format(client_with_cluster=client_with_cluster),
            run.Raw('2>&1'),
            ])

        if client_config.get('valgrind'):
            cmd_prefix = get_valgrind_args(
                testdir,
                client_with_cluster,
                cmd_prefix,
                client_config.get('valgrind'),
                # see https://github.com/ceph/teuthology/pull/1600
                exit_on_first_error=False
                )

        run_cmd = list(cmd_prefix)
        run_cmd.extend(rgw_cmd)

        ctx.daemons.add_daemon(
            remote, 'rgw', client_with_id,
            cluster=cluster_name,
            fsid=ctx.ceph[cluster_name].fsid,
            args=run_cmd,
            logger=log.getChild(client),
            stdin=run.PIPE,
            wait=False,
            )

    # XXX: add_daemon() doesn't let us wait until radosgw finishes startup
    for client in clients:
        endpoint = ctx.rgw.role_endpoints[client]
        url = endpoint.url()
        log.info('Polling {client} until it starts accepting connections on {url}'.format(client=client, url=url))
        (remote,) = ctx.cluster.only(client).remotes.keys()
        wait_for_radosgw(url, remote)

    try:
        yield
    finally:
        for client in clients:
            cluster_name, daemon_type, client_id = teuthology.split_role(client)
            client_with_id = daemon_type + '.' + client_id
            client_with_cluster = cluster_name + '.' + client_with_id
            ctx.daemons.get_daemon('rgw', client_with_id, cluster_name).stop()
            ctx.cluster.only(client).run(
                args=[
                    'rm',
                    '-f',
                    '{tdir}/rgw.opslog.{client}.sock'.format(tdir=testdir,
                                                             client=client_with_cluster),
                    ],
                )
            ctx.cluster.only(client).run(args=['sudo', 'rm', '-f', token_path])

def assign_endpoints(ctx, config, default_cert):
    role_endpoints = {}
    for role, client_config in config.items():
        client_config = client_config or {}
        remote = get_remote_for_role(ctx, role)

        cert = client_config.get('ssl certificate', default_cert)
        if cert:
            # find the certificate created by the ssl task
            if not hasattr(ctx, 'ssl_certificates'):
                raise ConfigError('rgw: no ssl task found for option "ssl certificate"')
            ssl_certificate = ctx.ssl_certificates.get(cert, None)
            if not ssl_certificate:
                raise ConfigError('rgw: missing ssl certificate "{}"'.format(cert))
        else:
            ssl_certificate = None

        port = client_config.get('port', 443 if ssl_certificate else 80)

        # if dns-name is given, use it as the hostname (or as a prefix)
        dns_name = client_config.get('dns-name', '')
        if len(dns_name) == 0 or dns_name.endswith('.'):
            dns_name += remote.hostname

        website_dns_name = client_config.get('dns-s3website-name')
        if website_dns_name is not None and (len(website_dns_name) == 0 or website_dns_name.endswith('.')):
            website_dns_name += remote.hostname

        role_endpoints[role] = RGWEndpoint(remote.hostname, port, ssl_certificate, dns_name, website_dns_name)

    return role_endpoints

@contextlib.contextmanager
def create_pools(ctx, clients):
    """Create replicated or erasure coded data pools for rgw."""

    log.info('Creating data pools')
    for client in clients:
        log.debug("Obtaining remote for client {}".format(client))
        (remote,) = ctx.cluster.only(client).remotes.keys()
        data_pool = 'default.rgw.buckets.data'
        cluster_name, daemon_type, client_id = teuthology.split_role(client)

        if ctx.rgw.ec_data_pool:
            create_ec_pool(remote, data_pool, client, ctx.rgw.data_pool_pg_size,
                           ctx.rgw.erasure_code_profile, cluster_name, 'rgw')
        else:
            create_replicated_pool(remote, data_pool, ctx.rgw.data_pool_pg_size, cluster_name, 'rgw')

        index_pool = 'default.rgw.buckets.index'
        create_replicated_pool(remote, index_pool, ctx.rgw.index_pool_pg_size, cluster_name, 'rgw')

        if ctx.rgw.cache_pools:
            create_cache_pool(remote, data_pool, data_pool + '.cache', 64,
                              64*1024*1024, cluster_name)
    log.debug('Pools created')
    yield

@contextlib.contextmanager
def configure_compression(ctx, clients, compression):
    """ set a compression type in the default zone placement """
    log.info('Configuring compression type = %s', compression)
    for client in clients:
        # XXX: the 'default' zone and zonegroup aren't created until we run RGWRados::init_complete().
        # issue a 'radosgw-admin user list' command to trigger this
        rgwadmin(ctx, client, cmd=['user', 'list'], check_status=True)

        rgwadmin(ctx, client,
                cmd=['zone', 'placement', 'modify', '--rgw-zone', 'default',
                     '--placement-id', 'default-placement',
                     '--compression', compression],
                check_status=True)
    yield

@contextlib.contextmanager
def configure_datacache(ctx, clients, datacache_path):
    """ create directory for rgw datacache """
    log.info('Preparing directory for rgw datacache at %s', datacache_path)
    for client in clients:
        if(datacache_path != None):
            ctx.cluster.only(client).run(args=['mkdir', '-p', datacache_path])
            ctx.cluster.only(client).run(args=['sudo', 'chmod', 'a+rwx', datacache_path])
        else:
            log.info('path for datacache was not provided')
    yield

@contextlib.contextmanager
def configure_storage_classes(ctx, clients, storage_classes):
    """ set a compression type in the default zone placement """

    sc = [s.strip() for s in storage_classes.split(',')]

    for client in clients:
        # XXX: the 'default' zone and zonegroup aren't created until we run RGWRados::init_complete().
        # issue a 'radosgw-admin user list' command to trigger this
        rgwadmin(ctx, client, cmd=['user', 'list'], check_status=True)

        for storage_class in sc:
            log.info('Configuring storage class type = %s', storage_class)
            rgwadmin(ctx, client,
                    cmd=['zonegroup', 'placement', 'add',
                        '--rgw-zone', 'default',
                        '--placement-id', 'default-placement',
                        '--storage-class', storage_class],
                    check_status=True)
            rgwadmin(ctx, client,
                    cmd=['zone', 'placement', 'add',
                        '--rgw-zone', 'default',
                        '--placement-id', 'default-placement',
                        '--storage-class', storage_class,
                        '--data-pool', 'default.rgw.buckets.data.' + storage_class.lower()],
                    check_status=True)
    yield

@contextlib.contextmanager
def task(ctx, config):
    """
    For example, to run rgw on all clients::

        tasks:
        - ceph:
        - rgw:

    To only run on certain clients::

        tasks:
        - ceph:
        - rgw: [client.0, client.3]

    or

        tasks:
        - ceph:
        - rgw:
            client.0:
            client.3:

    To run radosgw through valgrind:

        tasks:
        - ceph:
        - rgw:
            client.0:
              valgrind: [--tool=memcheck]
            client.3:
              valgrind: [--tool=memcheck]

    To configure data or index pool pg_size:

        overrides:
          rgw:
            data_pool_pg_size: 256
            index_pool_pg_size: 128
    """
    if config is None:
        config = dict(('client.{id}'.format(id=id_), None)
                      for id_ in teuthology.all_roles_of_type(
                          ctx.cluster, 'client'))
    elif isinstance(config, list):
        config = dict((name, None) for name in config)

    clients = config.keys() # http://tracker.ceph.com/issues/20417

    overrides = ctx.config.get('overrides', {})
    teuthology.deep_merge(config, overrides.get('rgw', {}))

    ctx.rgw = argparse.Namespace()

    ctx.rgw.ec_data_pool = bool(config.pop('ec-data-pool', False))
    ctx.rgw.erasure_code_profile = config.pop('erasure_code_profile', {})
    ctx.rgw.cache_pools = bool(config.pop('cache-pools', False))
    ctx.rgw.frontend = config.pop('frontend', 'beast')
    ctx.rgw.compression_type = config.pop('compression type', None)
    ctx.rgw.storage_classes = config.pop('storage classes', None)
    default_cert = config.pop('ssl certificate', None)
    ctx.rgw.data_pool_pg_size = config.pop('data_pool_pg_size', 64)
    ctx.rgw.index_pool_pg_size = config.pop('index_pool_pg_size', 64)
    ctx.rgw.datacache = bool(config.pop('datacache', False))
    ctx.rgw.datacache_path = config.pop('datacache_path', None)
    ctx.rgw.config = config

    log.debug("config is {}".format(config))
    log.debug("client list is {}".format(clients))

    ctx.rgw.role_endpoints = assign_endpoints(ctx, config, default_cert)

    subtasks = [
        lambda: create_pools(ctx=ctx, clients=clients),
    ]
    if ctx.rgw.compression_type:
        subtasks.extend([
            lambda: configure_compression(ctx=ctx, clients=clients,
                                          compression=ctx.rgw.compression_type),
        ])
    if ctx.rgw.datacache:
        subtasks.extend([
            lambda: configure_datacache(ctx=ctx, clients=clients,
                                        datacache_path=ctx.rgw.datacache_path),
        ])
    if ctx.rgw.storage_classes:
        subtasks.extend([
            lambda: configure_storage_classes(ctx=ctx, clients=clients,
                                              storage_classes=ctx.rgw.storage_classes),
        ])
    subtasks.extend([
        lambda: start_rgw(ctx=ctx, config=config, clients=clients),
    ])

    with contextutil.nested(*subtasks):
        yield
Commit	Line	Data
7c673cae FG	1	"""
	2	rgw routines
	3	"""
	4	import argparse
	5	import contextlib
7c673cae	6	import logging
7c673cae	7
7c673cae FG	8	from teuthology.orchestra import run
	9	from teuthology import misc as teuthology
	10	from teuthology import contextutil
11fdf7f2	11	from teuthology.exceptions import ConfigError
f67539c2	12	from tasks.ceph_manager import get_valgrind_args
e306af50 TL	13	from tasks.util import get_remote_for_role
	14	from tasks.util.rgw import rgwadmin, wait_for_radosgw
	15	from tasks.util.rados import (create_ec_pool,
	16	create_replicated_pool,
	17	create_cache_pool)
7c673cae FG	18
	19	log = logging.getLogger(__name__)
	20
11fdf7f2	21	class RGWEndpoint:
494da23a	22	def __init__(self, hostname=None, port=None, cert=None, dns_name=None, website_dns_name=None):
11fdf7f2 TL	23	self.hostname = hostname
	24	self.port = port
	25	self.cert = cert
494da23a TL	26	self.dns_name = dns_name
494da23a TL	27	self.website_dns_name = website_dns_name
11fdf7f2 TL	28
	29	def url(self):
	30	proto = 'https' if self.cert else 'http'
	31	return '{proto}://{hostname}:{port}/'.format(proto=proto, hostname=self.hostname, port=self.port)
	32
7c673cae	33	@contextlib.contextmanager
224ce89b	34	def start_rgw(ctx, config, clients):
7c673cae FG	35	"""
	36	Start rgw on remote sites.
	37	"""
	38	log.info('Starting rgw...')
7c673cae	39	testdir = teuthology.get_testdir(ctx)
224ce89b	40	for client in clients:
9f95a23c	41	(remote,) = ctx.cluster.only(client).remotes.keys()
7c673cae FG	42	cluster_name, daemon_type, client_id = teuthology.split_role(client)
	43	client_with_id = daemon_type + '.' + client_id
	44	client_with_cluster = cluster_name + '.' + client_with_id
7c673cae FG	45
	46	client_config = config.get(client)
	47	if client_config is None:
	48	client_config = {}
	49	log.info("rgw %s config is %s", client, client_config)
7c673cae FG	50	cmd_prefix = [
	51	'sudo',
	52	'adjust-ulimits',
	53	'ceph-coverage',
	54	'{tdir}/archive/coverage'.format(tdir=testdir),
	55	'daemon-helper',
	56	'term',
	57	]
	58
	59	rgw_cmd = ['radosgw']
	60
31f18b77	61	log.info("Using %s as radosgw frontend", ctx.rgw.frontend)
7c673cae	62
11fdf7f2 TL	63	endpoint = ctx.rgw.role_endpoints[client]
	64	frontends = ctx.rgw.frontend
	65	frontend_prefix = client_config.get('frontend_prefix', None)
	66	if frontend_prefix:
	67	frontends += ' prefix={pfx}'.format(pfx=frontend_prefix)
	68
	69	if endpoint.cert:
	70	# add the ssl certificate path
	71	frontends += ' ssl_certificate={}'.format(endpoint.cert.certificate)
20effc67	72	frontends += ' ssl_port={}'.format(endpoint.port)
11fdf7f2 TL	73	else:
	74	frontends += ' port={}'.format(endpoint.port)
	75
7c673cae	76	rgw_cmd.extend([
11fdf7f2	77	'--rgw-frontends', frontends,
7c673cae FG	78	'-n', client_with_id,
	79	'--cluster', cluster_name,
	80	'-k', '/etc/ceph/{client_with_cluster}.keyring'.format(client_with_cluster=client_with_cluster),
	81	'--log-file',
	82	'/var/log/ceph/rgw.{client_with_cluster}.log'.format(client_with_cluster=client_with_cluster),
	83	'--rgw_ops_log_socket_path',
	84	'{tdir}/rgw.opslog.{client_with_cluster}.sock'.format(tdir=testdir,
9f95a23c	85	client_with_cluster=client_with_cluster),
11fdf7f2 TL	86	])
	87
	88	keystone_role = client_config.get('use-keystone-role', None)
	89	if keystone_role is not None:
	90	if not ctx.keystone:
	91	raise ConfigError('rgw must run after the keystone task')
	92	url = 'http://{host}:{port}/v1/KEY_$(tenant_id)s'.format(host=endpoint.hostname,
	93	port=endpoint.port)
	94	ctx.keystone.create_endpoint(ctx, keystone_role, 'swift', url)
	95
	96	keystone_host, keystone_port = \
	97	ctx.keystone.public_endpoints[keystone_role]
	98	rgw_cmd.extend([
	99	'--rgw_keystone_url',
	100	'http://{khost}:{kport}'.format(khost=keystone_host,
	101	kport=keystone_port),
	102	])
	103
9f95a23c	104
e306af50	105	if client_config.get('dns-name') is not None:
494da23a	106	rgw_cmd.extend(['--rgw-dns-name', endpoint.dns_name])
e306af50	107	if client_config.get('dns-s3website-name') is not None:
494da23a TL	108	rgw_cmd.extend(['--rgw-dns-s3website-name', endpoint.website_dns_name])
494da23a TL	109
9f95a23c TL	110
	111	vault_role = client_config.get('use-vault-role', None)
	112	barbican_role = client_config.get('use-barbican-role', None)
f67539c2	113	pykmip_role = client_config.get('use-pykmip-role', None)
9f95a23c	114
20effc67	115	token_path = '/etc/ceph/vault-root-token'
9f95a23c TL	116	if barbican_role is not None:
	117	if not hasattr(ctx, 'barbican'):
	118	raise ConfigError('rgw must run after the barbican task')
	119
	120	barbican_host, barbican_port = \
	121	ctx.barbican.endpoints[barbican_role]
	122	log.info("Use barbican url=%s:%s", barbican_host, barbican_port)
	123
	124	rgw_cmd.extend([
	125	'--rgw_barbican_url',
	126	'http://{bhost}:{bport}'.format(bhost=barbican_host,
	127	bport=barbican_port),
	128	])
	129	elif vault_role is not None:
	130	if not ctx.vault.root_token:
	131	raise ConfigError('vault: no "root_token" specified')
	132	# create token on file
f67539c2	133	ctx.rgw.vault_role = vault_role
20effc67	134	ctx.cluster.only(client).run(args=['sudo', 'echo', '-n', ctx.vault.root_token, run.Raw('\|'), 'sudo', 'tee', token_path])
9f95a23c TL	135	log.info("Token file content")
9f95a23c TL	136	ctx.cluster.only(client).run(args=['cat', token_path])
1911f103	137	log.info("Restrict access to token file")
20effc67	138	ctx.cluster.only(client).run(args=['sudo', 'chmod', '600', token_path])
1911f103	139	ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', token_path])
9f95a23c TL	140
	141	rgw_cmd.extend([
	142	'--rgw_crypt_vault_addr', "{}:{}".format(*ctx.vault.endpoints[vault_role]),
	143	'--rgw_crypt_vault_token_file', token_path
	144	])
f67539c2 TL	145	elif pykmip_role is not None:
	146	if not hasattr(ctx, 'pykmip'):
	147	raise ConfigError('rgw must run after the pykmip task')
	148	ctx.rgw.pykmip_role = pykmip_role
	149	rgw_cmd.extend([
	150	'--rgw_crypt_kmip_addr', "{}:{}".format(*ctx.pykmip.endpoints[pykmip_role]),
	151	])
9f95a23c	152
20effc67 TL	153	clientcert = ctx.ssl_certificates.get('kmip-client')
	154	servercert = ctx.ssl_certificates.get('kmip-server')
	155	clientca = ctx.ssl_certificates.get('kmiproot')
	156
	157	clientkey = clientcert.key
	158	clientcert = clientcert.certificate
	159	serverkey = servercert.key
	160	servercert = servercert.certificate
	161	rootkey = clientca.key
	162	rootcert = clientca.certificate
	163
	164	cert_path = '/etc/ceph/'
	165	ctx.cluster.only(client).run(args=['sudo', 'cp', clientcert, cert_path])
	166	ctx.cluster.only(client).run(args=['sudo', 'cp', clientkey, cert_path])
	167	ctx.cluster.only(client).run(args=['sudo', 'cp', servercert, cert_path])
	168	ctx.cluster.only(client).run(args=['sudo', 'cp', serverkey, cert_path])
	169	ctx.cluster.only(client).run(args=['sudo', 'cp', rootkey, cert_path])
	170	ctx.cluster.only(client).run(args=['sudo', 'cp', rootcert, cert_path])
	171
	172	clientcert = cert_path + 'kmip-client.crt'
	173	clientkey = cert_path + 'kmip-client.key'
	174	servercert = cert_path + 'kmip-server.crt'
	175	serverkey = cert_path + 'kmip-server.key'
	176	rootkey = cert_path + 'kmiproot.key'
	177	rootcert = cert_path + 'kmiproot.crt'
	178
	179	ctx.cluster.only(client).run(args=['sudo', 'chmod', '600', clientcert, clientkey, servercert, serverkey, rootkey, rootcert])
	180	ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', clientcert, clientkey, servercert, serverkey, rootkey, rootcert])
	181
11fdf7f2	182	rgw_cmd.extend([
7c673cae FG	183	'--foreground',
	184	run.Raw('\|'),
	185	'sudo',
	186	'tee',
9f95a23c	187	'/var/log/ceph/rgw.{client_with_cluster}.stdout'.format(client_with_cluster=client_with_cluster),
7c673cae FG	188	run.Raw('2>&1'),
	189	])
	190
	191	if client_config.get('valgrind'):
f67539c2	192	cmd_prefix = get_valgrind_args(
7c673cae	193	testdir,
31f18b77	194	client_with_cluster,
7c673cae	195	cmd_prefix,
20effc67 TL	196	client_config.get('valgrind'),
	197	# see https://github.com/ceph/teuthology/pull/1600
	198	exit_on_first_error=False
7c673cae FG	199	)
	200
	201	run_cmd = list(cmd_prefix)
	202	run_cmd.extend(rgw_cmd)
	203
	204	ctx.daemons.add_daemon(
31f18b77	205	remote, 'rgw', client_with_id,
7c673cae	206	cluster=cluster_name,
f67539c2	207	fsid=ctx.ceph[cluster_name].fsid,
7c673cae FG	208	args=run_cmd,
	209	logger=log.getChild(client),
	210	stdin=run.PIPE,
	211	wait=False,
	212	)
	213
	214	# XXX: add_daemon() doesn't let us wait until radosgw finishes startup
11fdf7f2 TL	215	for client in clients:
	216	endpoint = ctx.rgw.role_endpoints[client]
	217	url = endpoint.url()
	218	log.info('Polling {client} until it starts accepting connections on {url}'.format(client=client, url=url))
9f95a23c	219	(remote,) = ctx.cluster.only(client).remotes.keys()
81eedcae	220	wait_for_radosgw(url, remote)
7c673cae FG	221
	222	try:
	223	yield
	224	finally:
11fdf7f2	225	for client in clients:
31f18b77 FG	226	cluster_name, daemon_type, client_id = teuthology.split_role(client)
	227	client_with_id = daemon_type + '.' + client_id
	228	client_with_cluster = cluster_name + '.' + client_with_id
	229	ctx.daemons.get_daemon('rgw', client_with_id, cluster_name).stop()
7c673cae FG	230	ctx.cluster.only(client).run(
	231	args=[
	232	'rm',
	233	'-f',
31f18b77 FG	234	'{tdir}/rgw.opslog.{client}.sock'.format(tdir=testdir,
31f18b77 FG	235	client=client_with_cluster),
7c673cae FG	236	],
7c673cae FG	237	)
20effc67	238	ctx.cluster.only(client).run(args=['sudo', 'rm', '-f', token_path])
7c673cae	239
11fdf7f2	240	def assign_endpoints(ctx, config, default_cert):
7c673cae	241	role_endpoints = {}
9f95a23c	242	for role, client_config in config.items():
11fdf7f2 TL	243	client_config = client_config or {}
	244	remote = get_remote_for_role(ctx, role)
	245
	246	cert = client_config.get('ssl certificate', default_cert)
	247	if cert:
	248	# find the certificate created by the ssl task
	249	if not hasattr(ctx, 'ssl_certificates'):
	250	raise ConfigError('rgw: no ssl task found for option "ssl certificate"')
	251	ssl_certificate = ctx.ssl_certificates.get(cert, None)
	252	if not ssl_certificate:
	253	raise ConfigError('rgw: missing ssl certificate "{}"'.format(cert))
	254	else:
	255	ssl_certificate = None
	256
494da23a TL	257	port = client_config.get('port', 443 if ssl_certificate else 80)
	258
	259	# if dns-name is given, use it as the hostname (or as a prefix)
	260	dns_name = client_config.get('dns-name', '')
	261	if len(dns_name) == 0 or dns_name.endswith('.'):
	262	dns_name += remote.hostname
	263
	264	website_dns_name = client_config.get('dns-s3website-name')
e306af50 TL	265	if website_dns_name is not None and (len(website_dns_name) == 0 or website_dns_name.endswith('.')):
e306af50 TL	266	website_dns_name += remote.hostname
494da23a TL	267
494da23a TL	268	role_endpoints[role] = RGWEndpoint(remote.hostname, port, ssl_certificate, dns_name, website_dns_name)
7c673cae FG	269
	270	return role_endpoints
	271
7c673cae	272	@contextlib.contextmanager
224ce89b	273	def create_pools(ctx, clients):
7c673cae	274	"""Create replicated or erasure coded data pools for rgw."""
7c673cae	275
31f18b77	276	log.info('Creating data pools')
224ce89b WB	277	for client in clients:
224ce89b WB	278	log.debug("Obtaining remote for client {}".format(client))
9f95a23c	279	(remote,) = ctx.cluster.only(client).remotes.keys()
11fdf7f2	280	data_pool = 'default.rgw.buckets.data'
7c673cae FG	281	cluster_name, daemon_type, client_id = teuthology.split_role(client)
	282
	283	if ctx.rgw.ec_data_pool:
11fdf7f2	284	create_ec_pool(remote, data_pool, client, ctx.rgw.data_pool_pg_size,
b5b8bbf5	285	ctx.rgw.erasure_code_profile, cluster_name, 'rgw')
7c673cae	286	else:
11fdf7f2 TL	287	create_replicated_pool(remote, data_pool, ctx.rgw.data_pool_pg_size, cluster_name, 'rgw')
	288
	289	index_pool = 'default.rgw.buckets.index'
	290	create_replicated_pool(remote, index_pool, ctx.rgw.index_pool_pg_size, cluster_name, 'rgw')
	291
7c673cae FG	292	if ctx.rgw.cache_pools:
7c673cae FG	293	create_cache_pool(remote, data_pool, data_pool + '.cache', 64,
181888fb	294	6410241024, cluster_name)
31f18b77	295	log.debug('Pools created')
7c673cae FG	296	yield
	297
	298	@contextlib.contextmanager
224ce89b	299	def configure_compression(ctx, clients, compression):
31f18b77 FG	300	""" set a compression type in the default zone placement """
31f18b77 FG	301	log.info('Configuring compression type = %s', compression)
224ce89b	302	for client in clients:
7c673cae FG	303	# XXX: the 'default' zone and zonegroup aren't created until we run RGWRados::init_complete().
	304	# issue a 'radosgw-admin user list' command to trigger this
	305	rgwadmin(ctx, client, cmd=['user', 'list'], check_status=True)
	306
	307	rgwadmin(ctx, client,
	308	cmd=['zone', 'placement', 'modify', '--rgw-zone', 'default',
31f18b77 FG	309	'--placement-id', 'default-placement',
31f18b77 FG	310	'--compression', compression],
7c673cae	311	check_status=True)
7c673cae FG	312	yield
7c673cae FG	313
20effc67 TL	314	@contextlib.contextmanager
	315	def configure_datacache(ctx, clients, datacache_path):
	316	""" create directory for rgw datacache """
	317	log.info('Preparing directory for rgw datacache at %s', datacache_path)
	318	for client in clients:
	319	if(datacache_path != None):
	320	ctx.cluster.only(client).run(args=['mkdir', '-p', datacache_path])
	321	ctx.cluster.only(client).run(args=['sudo', 'chmod', 'a+rwx', datacache_path])
	322	else:
	323	log.info('path for datacache was not provided')
	324	yield
	325
11fdf7f2 TL	326	@contextlib.contextmanager
	327	def configure_storage_classes(ctx, clients, storage_classes):
	328	""" set a compression type in the default zone placement """
	329
	330	sc = [s.strip() for s in storage_classes.split(',')]
	331
	332	for client in clients:
	333	# XXX: the 'default' zone and zonegroup aren't created until we run RGWRados::init_complete().
	334	# issue a 'radosgw-admin user list' command to trigger this
	335	rgwadmin(ctx, client, cmd=['user', 'list'], check_status=True)
	336
	337	for storage_class in sc:
	338	log.info('Configuring storage class type = %s', storage_class)
	339	rgwadmin(ctx, client,
	340	cmd=['zonegroup', 'placement', 'add',
	341	'--rgw-zone', 'default',
	342	'--placement-id', 'default-placement',
	343	'--storage-class', storage_class],
	344	check_status=True)
	345	rgwadmin(ctx, client,
	346	cmd=['zone', 'placement', 'add',
	347	'--rgw-zone', 'default',
	348	'--placement-id', 'default-placement',
	349	'--storage-class', storage_class,
	350	'--data-pool', 'default.rgw.buckets.data.' + storage_class.lower()],
	351	check_status=True)
	352	yield
	353
7c673cae FG	354	@contextlib.contextmanager
	355	def task(ctx, config):
	356	"""
7c673cae FG	357	For example, to run rgw on all clients::
	358
	359	tasks:
	360	- ceph:
	361	- rgw:
	362
	363	To only run on certain clients::
	364
	365	tasks:
	366	- ceph:
	367	- rgw: [client.0, client.3]
	368
	369	or
	370
	371	tasks:
	372	- ceph:
	373	- rgw:
	374	client.0:
	375	client.3:
	376
7c673cae FG	377	To run radosgw through valgrind:
	378
	379	tasks:
	380	- ceph:
	381	- rgw:
	382	client.0:
	383	valgrind: [--tool=memcheck]
	384	client.3:
	385	valgrind: [--tool=memcheck]
11fdf7f2 TL	386
	387	To configure data or index pool pg_size:
	388
	389	overrides:
	390	rgw:
	391	data_pool_pg_size: 256
	392	index_pool_pg_size: 128
7c673cae FG	393	"""
	394	if config is None:
	395	config = dict(('client.{id}'.format(id=id_), None)
	396	for id_ in teuthology.all_roles_of_type(
	397	ctx.cluster, 'client'))
	398	elif isinstance(config, list):
	399	config = dict((name, None) for name in config)
	400
224ce89b WB	401	clients = config.keys() # http://tracker.ceph.com/issues/20417
224ce89b WB	402
7c673cae FG	403	overrides = ctx.config.get('overrides', {})
	404	teuthology.deep_merge(config, overrides.get('rgw', {}))
	405
7c673cae	406	ctx.rgw = argparse.Namespace()
7c673cae	407
31f18b77 FG	408	ctx.rgw.ec_data_pool = bool(config.pop('ec-data-pool', False))
	409	ctx.rgw.erasure_code_profile = config.pop('erasure_code_profile', {})
	410	ctx.rgw.cache_pools = bool(config.pop('cache-pools', False))
20effc67	411	ctx.rgw.frontend = config.pop('frontend', 'beast')
31f18b77	412	ctx.rgw.compression_type = config.pop('compression type', None)
11fdf7f2 TL	413	ctx.rgw.storage_classes = config.pop('storage classes', None)
	414	default_cert = config.pop('ssl certificate', None)
	415	ctx.rgw.data_pool_pg_size = config.pop('data_pool_pg_size', 64)
	416	ctx.rgw.index_pool_pg_size = config.pop('index_pool_pg_size', 64)
20effc67 TL	417	ctx.rgw.datacache = bool(config.pop('datacache', False))
20effc67 TL	418	ctx.rgw.datacache_path = config.pop('datacache_path', None)
7c673cae	419	ctx.rgw.config = config
7c673cae	420
224ce89b WB	421	log.debug("config is {}".format(config))
224ce89b WB	422	log.debug("client list is {}".format(clients))
11fdf7f2 TL	423
	424	ctx.rgw.role_endpoints = assign_endpoints(ctx, config, default_cert)
	425
31f18b77	426	subtasks = [
224ce89b	427	lambda: create_pools(ctx=ctx, clients=clients),
31f18b77 FG	428	]
31f18b77 FG	429	if ctx.rgw.compression_type:
7c673cae	430	subtasks.extend([
224ce89b	431	lambda: configure_compression(ctx=ctx, clients=clients,
31f18b77	432	compression=ctx.rgw.compression_type),
7c673cae	433	])
20effc67 TL	434	if ctx.rgw.datacache:
	435	subtasks.extend([
	436	lambda: configure_datacache(ctx=ctx, clients=clients,
	437	datacache_path=ctx.rgw.datacache_path),
	438	])
11fdf7f2 TL	439	if ctx.rgw.storage_classes:
	440	subtasks.extend([
	441	lambda: configure_storage_classes(ctx=ctx, clients=clients,
	442	storage_classes=ctx.rgw.storage_classes),
	443	])
31f18b77	444	subtasks.extend([
224ce89b	445	lambda: start_rgw(ctx=ctx, config=config, clients=clients),
31f18b77	446	])
7c673cae	447
7c673cae FG	448	with contextutil.nested(*subtasks):
7c673cae FG	449	yield