From 39cd9fe16229355e42d67cee5a03563f3dca0a2b Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 1 May 2024 11:00:13 +0100 Subject: [PATCH 01/22] Add playbook for deploying radosgw usage exporter --- .../ansible/deploy-radosgw-usage-exporter.yml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml new file mode 100644 index 0000000000..b6c99d1d67 --- /dev/null +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -0,0 +1,88 @@ +--- +- name: Deploy RADOS gateway usage exporter + hosts: monitoring + gather_facts: false + vars: + venv: "{{ virtualenv_path }}/openstack" + tasks: + - name: Check ec2 credential for admin + command: > + {{ venv }}/bin/openstack + ec2 credentials list --user admin + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: localhost + register: credential_check + + - name: Create ec2 credential if there's none + command: > + {{ venv }}/bin/openstack + ec2 credentials create --user admin + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: localhost + when: "{{ credential_check.stdout == [] }}" + + - name: Query ec2 credential for admin + command: > + {{ venv }}/bin/openstack + ec2 credentials list --user admin + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: localhost + register: credential + + - name: Get object storage endpoint + command: > + {{ venv }}/bin/openstack + endpoint list --service object-store --interface internal + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: localhost + register: endpoint + + - name: Ensure radosgw_usage_exporter container is running + community.docker.docker_container: + name: radosgw_usage_exporter + image: ghcr.io/stackhpc/radosgw_usage_exporter:0.1.0 + network_mode: host + env: + RADOSGW_SERVER: "{{ radosgw_server }}" + ADMIN_ENTRY: admin + ACCESS_KEY: "{{ ec2.Access }}" + SECRET_KEY: "{{ ec2.Secret }}" + vars: + ec2: "{{ credential.stdout | from_json | first }}" + host: "{{ endpoint.stdout | from_json | first }}" + radosgw_server: "{{ host.URL | regex_replace('(https?://)([0-9.]+):([0-9]+)/.*', '\\1\\2:\\3') }}" + become: true + + - name: Get target ip addresses + set_fact: + prometheus_targets: "{{ prometheus_targets | default([]) +[( internal_net_name | net_ip( item ) + ':9242' )] }}" + loop: "{{ groups['monitoring'] }}" + + - name: Ensure radosgw_usage_exporter is targeted by prometheus-server + blockinfile: + path: /etc/kolla/prometheus-server/prometheus.yml + block: | + - honor_labels: true + job_name: ceph_radosgw_usage_exporter + scrape_interval: 15s + static_configs: + - targets: + {% for item in prometheus_targets %} + - {{ item }} + {% endfor %} + metric_relabel_configs: + - source_labels: [owner,user] + target_label: tenant_id + separator: "" + regex: (.+) + replacement: ${1} + become: true + + - name: Restart prometheus-server + ansible.builtin.command: + cmd: systemctl restart kolla-prometheus_server-container + become: true From d72fdec35850365c376cd719b6eb257a14c0b505 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 1 May 2024 11:32:51 +0100 Subject: [PATCH 02/22] Fix regex to include FQDN --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index b6c99d1d67..74ded1e3cc 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -54,7 +54,7 @@ vars: ec2: "{{ credential.stdout | from_json | first }}" host: "{{ endpoint.stdout | from_json | first }}" - radosgw_server: "{{ host.URL | regex_replace('(https?://)([0-9.]+):([0-9]+)/.*', '\\1\\2:\\3') }}" + radosgw_server: "{{ host.URL | regex_replace('(https?://)([^:/]+):([0-9]+)/.*', '\\1\\2:\\3') }}" # Drop Swift api address become: true - name: Get target ip addresses From 0451289312fa6bf241e736ef9b496fd6c276a857 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 3 May 2024 16:05:56 +0100 Subject: [PATCH 03/22] Improve playbook with run_once --- .../ansible/deploy-radosgw-usage-exporter.yml | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 74ded1e3cc..47ca9e7352 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -13,6 +13,7 @@ environment: "{{ openstack_auth_env }}" delegate_to: localhost register: credential_check + run_once: true - name: Create ec2 credential if there's none command: > @@ -21,6 +22,7 @@ --format json environment: "{{ openstack_auth_env }}" delegate_to: localhost + run_once: true when: "{{ credential_check.stdout == [] }}" - name: Query ec2 credential for admin @@ -31,6 +33,7 @@ environment: "{{ openstack_auth_env }}" delegate_to: localhost register: credential + run_once: true - name: Get object storage endpoint command: > @@ -40,6 +43,7 @@ environment: "{{ openstack_auth_env }}" delegate_to: localhost register: endpoint + run_once: true - name: Ensure radosgw_usage_exporter container is running community.docker.docker_container: @@ -57,17 +61,21 @@ radosgw_server: "{{ host.URL | regex_replace('(https?://)([^:/]+):([0-9]+)/.*', '\\1\\2:\\3') }}" # Drop Swift api address become: true - - name: Get target ip addresses + - name: Get Prometheus target ip addresses of RADOS gateway usage exporters set_fact: prometheus_targets: "{{ prometheus_targets | default([]) +[( internal_net_name | net_ip( item ) + ':9242' )] }}" loop: "{{ groups['monitoring'] }}" + run_once: true - - name: Ensure radosgw_usage_exporter is targeted by prometheus-server - blockinfile: - path: /etc/kolla/prometheus-server/prometheus.yml - block: | - - honor_labels: true - job_name: ceph_radosgw_usage_exporter + - name: Print config to append on prometheus.yml + debug: + msg: | + Add Prometheus target for RADOS gateway usage exporter below at prometheus.yml then reconfigure prometheus_server. + You can find a template to prometheus.yml at ``ansible/roles/prometheus/templates/prometheus.yml.j2`` under kolla-ansible directory. + Make sure to use {% raw %} and {% endraw %} tags appropriately on prometheus.yml if you're overriding it for the first time. + + - job_name: ceph_radosgw_usage_exporter + honor_labels: true scrape_interval: 15s static_configs: - targets: @@ -80,9 +88,5 @@ separator: "" regex: (.+) replacement: ${1} - become: true + run_once: true - - name: Restart prometheus-server - ansible.builtin.command: - cmd: systemctl restart kolla-prometheus_server-container - become: true From 38e1daa56290289c1da9ec8cf698231e7e4ce40a Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 22 May 2024 09:32:10 +0100 Subject: [PATCH 04/22] Add general condition variable to enable rgw exporter --- .../ansible/deploy-radosgw-usage-exporter.yml | 38 ++++--------------- etc/kayobe/stackhpc-monitoring.yml | 5 +++ 2 files changed, 12 insertions(+), 31 deletions(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 47ca9e7352..8a5a1d2f30 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -14,6 +14,7 @@ delegate_to: localhost register: credential_check run_once: true + when: stackhpc_enable_radosgw_usage_exporter - name: Create ec2 credential if there's none command: > @@ -23,7 +24,9 @@ environment: "{{ openstack_auth_env }}" delegate_to: localhost run_once: true - when: "{{ credential_check.stdout == [] }}" + when: + - "{{ credential_check.stdout == [] }}" + - stackhpc_enable_radosgw_usage_exporter - name: Query ec2 credential for admin command: > @@ -34,6 +37,7 @@ delegate_to: localhost register: credential run_once: true + when: stackhpc_enable_radosgw_usage_exporter - name: Get object storage endpoint command: > @@ -44,6 +48,7 @@ delegate_to: localhost register: endpoint run_once: true + when: stackhpc_enable_radosgw_usage_exporter - name: Ensure radosgw_usage_exporter container is running community.docker.docker_container: @@ -60,33 +65,4 @@ host: "{{ endpoint.stdout | from_json | first }}" radosgw_server: "{{ host.URL | regex_replace('(https?://)([^:/]+):([0-9]+)/.*', '\\1\\2:\\3') }}" # Drop Swift api address become: true - - - name: Get Prometheus target ip addresses of RADOS gateway usage exporters - set_fact: - prometheus_targets: "{{ prometheus_targets | default([]) +[( internal_net_name | net_ip( item ) + ':9242' )] }}" - loop: "{{ groups['monitoring'] }}" - run_once: true - - - name: Print config to append on prometheus.yml - debug: - msg: | - Add Prometheus target for RADOS gateway usage exporter below at prometheus.yml then reconfigure prometheus_server. - You can find a template to prometheus.yml at ``ansible/roles/prometheus/templates/prometheus.yml.j2`` under kolla-ansible directory. - Make sure to use {% raw %} and {% endraw %} tags appropriately on prometheus.yml if you're overriding it for the first time. - - - job_name: ceph_radosgw_usage_exporter - honor_labels: true - scrape_interval: 15s - static_configs: - - targets: - {% for item in prometheus_targets %} - - {{ item }} - {% endfor %} - metric_relabel_configs: - - source_labels: [owner,user] - target_label: tenant_id - separator: "" - regex: (.+) - replacement: ${1} - run_once: true - + when: stackhpc_enable_radosgw_usage_exporter diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index e2377a13e8..4766f813fe 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -53,3 +53,8 @@ redfish_exporter_default_password: "{{ ipmi_password }}" redfish_exporter_target_address: "{{ ipmi_address }}" ############################################################################### + +# Whether the RADOS gateway usage exporter is enabled. +# Enabling this will result in templating radosge_usage_exporter endpoint as +# Prometheus scrape targets during deployment. +stackhpc_enable_radosgw_usage_exporter: false From 4a6b814c13f4fe0af3a9b80873e6251d9620ef71 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 22 May 2024 09:38:23 +0100 Subject: [PATCH 05/22] Add prometheus target template for rgw exporter --- .../prometheus.yml.d/80-radosgw-exporter.yml | 21 +++++++++++++++++++ etc/kayobe/stackhpc-monitoring.yml | 1 + 2 files changed, 22 insertions(+) create mode 100644 etc/kayobe/kolla/config/prometheus/prometheus.yml.d/80-radosgw-exporter.yml diff --git a/etc/kayobe/kolla/config/prometheus/prometheus.yml.d/80-radosgw-exporter.yml b/etc/kayobe/kolla/config/prometheus/prometheus.yml.d/80-radosgw-exporter.yml new file mode 100644 index 0000000000..304736a80f --- /dev/null +++ b/etc/kayobe/kolla/config/prometheus/prometheus.yml.d/80-radosgw-exporter.yml @@ -0,0 +1,21 @@ +# yamllint disable-file +--- +{% if stackhpc_enable_radosgw_usage_exporter | bool %} +{% raw %} +scrape_configs: + - job_name: ceph_radosgw_usage_exporter + honor_labels: true + scrape_interval: 15s + metric_relabel_configs: + - replacement: ${1} + source_labels: [owner,user] + target_label: tenant_id + separator: "" + regex: (.+) + static_configs: + - targets: + {% for host in groups['monitoring'] %} + - "{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{% endraw %}{{ stackhpc_radosgw_usage_exporter_port }}{% raw %}" + {% endfor %} +{% endraw %} +{% endif %} diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index 4766f813fe..ac7a1032f3 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -58,3 +58,4 @@ redfish_exporter_target_address: "{{ ipmi_address }}" # Enabling this will result in templating radosge_usage_exporter endpoint as # Prometheus scrape targets during deployment. stackhpc_enable_radosgw_usage_exporter: false +stackhpc_radosgw_usage_exporter_port: 9242 From 7ab104892cb2a6b30808ec7478f403235a3cc680 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 22 May 2024 09:58:48 +0100 Subject: [PATCH 06/22] Add deploying rgw exporter at service deploy post hook This will not run by default as ``stackhpc_enable_radosgw_usage_exporter`` is initially set to false --- .../post.d/deploy-radosgw-usage-exporter.yml | 1 + 1 file changed, 1 insertion(+) create mode 120000 etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml diff --git a/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml b/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml new file mode 120000 index 0000000000..3d939329a3 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml @@ -0,0 +1 @@ +../../../ansible/deploy-radosgw-usage-exporter.yml \ No newline at end of file From a045da6ff9d29aac7c2f3b529161672772cd377f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 22 May 2024 11:02:27 +0100 Subject: [PATCH 07/22] Fix condition order --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 8a5a1d2f30..0b0e3cd4dd 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -25,8 +25,8 @@ delegate_to: localhost run_once: true when: - - "{{ credential_check.stdout == [] }}" - stackhpc_enable_radosgw_usage_exporter + - "{{ credential_check.stdout == [] }}" - name: Query ec2 credential for admin command: > From a2b804e7ea43bab2d49ddfeba42507d8b1e7d7d2 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 22 May 2024 17:01:43 +0100 Subject: [PATCH 08/22] Delegate to controller to ensure access to openstack --- .../ansible/deploy-radosgw-usage-exporter.yml | 30 ++++++++++++++++--- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 0b0e3cd4dd..75de6eed85 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -5,14 +5,30 @@ vars: venv: "{{ virtualenv_path }}/openstack" tasks: + - name: Set up openstack cli virtualenv + pip: + virtualenv: "{{ venv }}" + virtualenv_command: "/usr/bin/python3 -m venv" + name: + - python-openstackclient + state: latest + extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" + run_once: true + delegate_to: "{{ groups['controllers'][0] }}" + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" + when: stackhpc_enable_radosgw_usage_exporter + - name: Check ec2 credential for admin command: > {{ venv }}/bin/openstack ec2 credentials list --user admin --format json environment: "{{ openstack_auth_env }}" - delegate_to: localhost register: credential_check + delegate_to: "{{ groups['controllers'][0] }}" + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" run_once: true when: stackhpc_enable_radosgw_usage_exporter @@ -22,7 +38,9 @@ ec2 credentials create --user admin --format json environment: "{{ openstack_auth_env }}" - delegate_to: localhost + delegate_to: "{{ groups['controllers'][0] }}" + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" run_once: true when: - stackhpc_enable_radosgw_usage_exporter @@ -34,7 +52,9 @@ ec2 credentials list --user admin --format json environment: "{{ openstack_auth_env }}" - delegate_to: localhost + delegate_to: "{{ groups['controllers'][0] }}" + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" register: credential run_once: true when: stackhpc_enable_radosgw_usage_exporter @@ -45,7 +65,9 @@ endpoint list --service object-store --interface internal --format json environment: "{{ openstack_auth_env }}" - delegate_to: localhost + delegate_to: "{{ groups['controllers'][0] }}" + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" register: endpoint run_once: true when: stackhpc_enable_radosgw_usage_exporter From bf0edab72aeadc283e9aa0c004c7a87596f212f1 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 23 May 2024 10:51:58 +0100 Subject: [PATCH 09/22] Add option to enable/disable TLS verification --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 1 + etc/kayobe/stackhpc-monitoring.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 75de6eed85..8e483d6a50 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -82,6 +82,7 @@ ADMIN_ENTRY: admin ACCESS_KEY: "{{ ec2.Access }}" SECRET_KEY: "{{ ec2.Secret }}" + entrypoint: "{{ [ 'python', '-u', './radosgw_usage_exporter.py', '--insecure' ] if not stackhpc_radosgw_usage_exporter_verify else omit }}" vars: ec2: "{{ credential.stdout | from_json | first }}" host: "{{ endpoint.stdout | from_json | first }}" diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index ac7a1032f3..3c125fa9bd 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -58,4 +58,10 @@ redfish_exporter_target_address: "{{ ipmi_address }}" # Enabling this will result in templating radosge_usage_exporter endpoint as # Prometheus scrape targets during deployment. stackhpc_enable_radosgw_usage_exporter: false + +# Port to expose RADOS gateway usage exporter. Default is 9242 stackhpc_radosgw_usage_exporter_port: 9242 + +# Whether TLS certificate verification is enabled for the RADOS gateway usage +# exporter for querying Ceph RADOS gateway APIs. Default is true +stackhpc_radosgw_usage_exporter_verify: true From dc73026804e6da1aff011a3c19b74112b101aabf Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 23 May 2024 11:12:55 +0100 Subject: [PATCH 10/22] Add option to select port for rgw exporter --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 8e483d6a50..4fbba11942 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -82,6 +82,7 @@ ADMIN_ENTRY: admin ACCESS_KEY: "{{ ec2.Access }}" SECRET_KEY: "{{ ec2.Secret }}" + VIRTUAL_PORT: "{{ stackhpc_radosgw_usage_exporter_port | string }}" entrypoint: "{{ [ 'python', '-u', './radosgw_usage_exporter.py', '--insecure' ] if not stackhpc_radosgw_usage_exporter_verify else omit }}" vars: ec2: "{{ credential.stdout | from_json | first }}" From 3077f82ff69dd166a67c7e35219b9cdb1f52d2f2 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 23 May 2024 14:44:47 +0100 Subject: [PATCH 11/22] Add cert copying steps to rgw exporter container --- .../ansible/deploy-radosgw-usage-exporter.yml | 37 +++++++++++++++++++ etc/kayobe/stackhpc-monitoring.yml | 3 ++ 2 files changed, 40 insertions(+) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 4fbba11942..21271ed52c 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -90,3 +90,40 @@ radosgw_server: "{{ host.URL | regex_replace('(https?://)([^:/]+):([0-9]+)/.*', '\\1\\2:\\3') }}" # Drop Swift api address become: true when: stackhpc_enable_radosgw_usage_exporter + + - name: Create radosgw-usage-exporter directory + ansible.builtin.file: + path: /opt/kayobe/radosgw-usage-exporter/ + state: directory + when: + - stackhpc_enable_radosgw_usage_exporter + - stackhpc_radosgw_usage_exporter_cacert | length > 0 + + - name: Copy CA certificate to RADOS gateway usage exporter nodes + ansible.builtin.copy: + src: "{{ stackhpc_radosgw_usage_exporter_cacert }}" + dest: "/opt/kayobe/radosgw-usage-exporter/{{ stackhpc_radosgw_usage_exporter_cacert | basename }}" + register: copy_to_node_result + when: + - stackhpc_enable_radosgw_usage_exporter + - stackhpc_radosgw_usage_exporter_cacert | length > 0 + + - name: Copy CA certificate to RADOS gateway usage exporter container + community.docker.docker_container_copy_into: + container: radosgw_usage_exporter + path: "{{ copy_to_node_result.dest }}" + container_path: "/usr/local/share/ca-certificates/{{ copy_to_node_result.dest | basename }}" + become: true + when: + - stackhpc_enable_radosgw_usage_exporter + - stackhpc_radosgw_usage_exporter_cacert | length > 0 + + - name: Update CA certificate of RADOS gateway usage exporter container + community.docker.docker_container_exec: + container: radosgw_usage_exporter + command: update-ca-certificates + user: root + become: true + when: + - stackhpc_enable_radosgw_usage_exporter + - stackhpc_radosgw_usage_exporter_cacert | length > 0 diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index 3c125fa9bd..ebf8744029 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -62,6 +62,9 @@ stackhpc_enable_radosgw_usage_exporter: false # Port to expose RADOS gateway usage exporter. Default is 9242 stackhpc_radosgw_usage_exporter_port: 9242 +# Path to a certificate for internal TLS in the RADOS gateway usage exporter. +stackhpc_radosgw_usage_exporter_cacert: "" + # Whether TLS certificate verification is enabled for the RADOS gateway usage # exporter for querying Ceph RADOS gateway APIs. Default is true stackhpc_radosgw_usage_exporter_verify: true From 5460e2ced8e73a02f271a31e9e46530071df1022 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 23 May 2024 14:46:34 +0100 Subject: [PATCH 12/22] Fix typo --- etc/kayobe/stackhpc-monitoring.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index ebf8744029..f430b38e40 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -55,7 +55,7 @@ redfish_exporter_target_address: "{{ ipmi_address }}" ############################################################################### # Whether the RADOS gateway usage exporter is enabled. -# Enabling this will result in templating radosge_usage_exporter endpoint as +# Enabling this will result in templating radosgw_usage_exporter endpoint as # Prometheus scrape targets during deployment. stackhpc_enable_radosgw_usage_exporter: false From 288c317c69ef0f401266b83528b83057eb8e0b59 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Thu, 23 May 2024 15:43:13 +0100 Subject: [PATCH 13/22] Add tag to deploy playbook --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 21271ed52c..4e4316ee48 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -2,6 +2,7 @@ - name: Deploy RADOS gateway usage exporter hosts: monitoring gather_facts: false + tags: radosgw_usage_exporter vars: venv: "{{ virtualenv_path }}/openstack" tasks: From 892b6fc005986d354669e6a277f2d7a068211fd9 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Fri, 24 May 2024 10:31:30 +0100 Subject: [PATCH 14/22] Set openstack auth env automatically --- .../ansible/deploy-radosgw-usage-exporter.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 4e4316ee48..2b9cd0ccfb 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -20,6 +20,28 @@ ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" when: stackhpc_enable_radosgw_usage_exporter + - name: Read admin-openrc credential file + ansible.builtin.command: + cmd: "cat {{ lookup('ansible.builtin.env', 'KOLLA_CONFIG_PATH') }}/admin-openrc.sh" + delegate_to: localhost + register: credential + when: stackhpc_enable_radosgw_usage_exporter + changed_when: false + + - name: Set facts for admin credentials + ansible.builtin.set_fact: + openstack_auth_env: + OS_PROJECT_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_USER_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_USER_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_PROJECT_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_USERNAME: "{{ credential.stdout_lines | select('match', '.*OS_USERNAME*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_PASSWORD: "{{ credential.stdout_lines | select('match', '.*OS_PASSWORD*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_AUTH_URL: "{{ credential.stdout_lines | select('match', '.*OS_AUTH_URL*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_INTERFACE: "{{ credential.stdout_lines | select('match', '.*OS_INTERFACE*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_IDENTITY_API_VERSION: "{{ credential.stdout_lines | select('match', '.*OS_IDENTITY_API_VERSION*.') | first | split('=') | last | replace(\"'\",'') }}" + OS_CACERT: "{{ '/etc/ssl/certs/ca-certificates.crt' if os_distribution == 'ubuntu' else '/etc/pki/tls/certs/ca-bundle.crt' }}" + when: stackhpc_enable_radosgw_usage_exporter + - name: Check ec2 credential for admin command: > {{ venv }}/bin/openstack From 28a88f44c3389cde6217930d7b3ac89e4e91567f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 29 May 2024 16:58:10 +0100 Subject: [PATCH 15/22] Revert "Add deploying rgw exporter at service deploy post hook" This reverts commit 1607da4479bb1d49701a7b8adcd424557ca16f5c. --- .../post.d/deploy-radosgw-usage-exporter.yml | 1 - 1 file changed, 1 deletion(-) delete mode 120000 etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml diff --git a/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml b/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml deleted file mode 120000 index 3d939329a3..0000000000 --- a/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml +++ /dev/null @@ -1 +0,0 @@ -../../../ansible/deploy-radosgw-usage-exporter.yml \ No newline at end of file From 16e2d918b8fb0dbe82cc127533eb02d984bf5928 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Tue, 12 Nov 2024 13:39:49 +0000 Subject: [PATCH 16/22] Add radosgw usuage exporter support release note --- ...dd-radosgw-usage-exporter-support-93d55c544418b05a.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml diff --git a/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml b/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml new file mode 100644 index 0000000000..af9213afd2 --- /dev/null +++ b/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Adds RADOS Gateway usage exporter support. + + To deploy the exporter, set the variable ``stackhpc_enable_radosgw_usage_exporter`` + to true. Then run playbook ``deploy-radosgw-usage-exporter.yml``. From 355dd351897c0b29188981986fc10224f1cbf11d Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Tue, 12 Nov 2024 16:28:16 +0000 Subject: [PATCH 17/22] Replace ec2 credential owner to ceph_rgw --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 2b9cd0ccfb..d93a4d6db1 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -42,10 +42,10 @@ OS_CACERT: "{{ '/etc/ssl/certs/ca-certificates.crt' if os_distribution == 'ubuntu' else '/etc/pki/tls/certs/ca-bundle.crt' }}" when: stackhpc_enable_radosgw_usage_exporter - - name: Check ec2 credential for admin + - name: Check ec2 credential for ceph_rgw command: > {{ venv }}/bin/openstack - ec2 credentials list --user admin + ec2 credentials list --user ceph_rgw --format json environment: "{{ openstack_auth_env }}" register: credential_check @@ -58,7 +58,7 @@ - name: Create ec2 credential if there's none command: > {{ venv }}/bin/openstack - ec2 credentials create --user admin + ec2 credentials create --user ceph_rgw --project service --format json environment: "{{ openstack_auth_env }}" delegate_to: "{{ groups['controllers'][0] }}" @@ -69,10 +69,10 @@ - stackhpc_enable_radosgw_usage_exporter - "{{ credential_check.stdout == [] }}" - - name: Query ec2 credential for admin + - name: Query ec2 credential for ceph_rgw command: > {{ venv }}/bin/openstack - ec2 credentials list --user admin + ec2 credentials list --user ceph_rgw --format json environment: "{{ openstack_auth_env }}" delegate_to: "{{ groups['controllers'][0] }}" From a3c6168791cf645ce18beaaa44589a18c9790862 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 13 Nov 2024 11:21:18 +0000 Subject: [PATCH 18/22] Set verify to follow kolla_enable_tls_internal --- etc/kayobe/stackhpc-monitoring.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/etc/kayobe/stackhpc-monitoring.yml b/etc/kayobe/stackhpc-monitoring.yml index f430b38e40..3e9fb107e1 100644 --- a/etc/kayobe/stackhpc-monitoring.yml +++ b/etc/kayobe/stackhpc-monitoring.yml @@ -66,5 +66,6 @@ stackhpc_radosgw_usage_exporter_port: 9242 stackhpc_radosgw_usage_exporter_cacert: "" # Whether TLS certificate verification is enabled for the RADOS gateway usage -# exporter for querying Ceph RADOS gateway APIs. Default is true -stackhpc_radosgw_usage_exporter_verify: true +# exporter for querying Ceph RADOS gateway APIs. Default follows the condition +# of kolla_enable_tls_internal +stackhpc_radosgw_usage_exporter_verify: "{{ kolla_enable_tls_internal }}" From 442025ebb04899443fd685b7b62f82f093fd50c6 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 13 Nov 2024 11:23:15 +0000 Subject: [PATCH 19/22] Move condition to block and replace regex_replace with urlsplit --- .../ansible/deploy-radosgw-usage-exporter.yml | 263 +++++++++--------- 1 file changed, 131 insertions(+), 132 deletions(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index d93a4d6db1..13e7f53a4c 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -6,147 +6,146 @@ vars: venv: "{{ virtualenv_path }}/openstack" tasks: - - name: Set up openstack cli virtualenv - pip: - virtualenv: "{{ venv }}" - virtualenv_command: "/usr/bin/python3 -m venv" - name: - - python-openstackclient - state: latest - extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" - run_once: true - delegate_to: "{{ groups['controllers'][0] }}" - vars: - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" + - name: Deploy RADOS gateway usage exporter when: stackhpc_enable_radosgw_usage_exporter + block: + - name: Set up openstack cli virtualenv + ansible.builtin.pip: + virtualenv: "{{ venv }}" + virtualenv_command: "/usr/bin/python3 -m venv" + name: + - python-openstackclient + state: latest + extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" + run_once: true + delegate_to: "{{ groups['controllers'][0] }}" + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" - - name: Read admin-openrc credential file - ansible.builtin.command: - cmd: "cat {{ lookup('ansible.builtin.env', 'KOLLA_CONFIG_PATH') }}/admin-openrc.sh" - delegate_to: localhost - register: credential - when: stackhpc_enable_radosgw_usage_exporter - changed_when: false + - name: Read admin-openrc credential file + ansible.builtin.command: + cmd: "cat {{ lookup('ansible.builtin.env', 'KOLLA_CONFIG_PATH') }}/admin-openrc.sh" + delegate_to: localhost + register: credential + changed_when: false - - name: Set facts for admin credentials - ansible.builtin.set_fact: - openstack_auth_env: - OS_PROJECT_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_USER_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_USER_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_PROJECT_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_USERNAME: "{{ credential.stdout_lines | select('match', '.*OS_USERNAME*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_PASSWORD: "{{ credential.stdout_lines | select('match', '.*OS_PASSWORD*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_AUTH_URL: "{{ credential.stdout_lines | select('match', '.*OS_AUTH_URL*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_INTERFACE: "{{ credential.stdout_lines | select('match', '.*OS_INTERFACE*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_IDENTITY_API_VERSION: "{{ credential.stdout_lines | select('match', '.*OS_IDENTITY_API_VERSION*.') | first | split('=') | last | replace(\"'\",'') }}" - OS_CACERT: "{{ '/etc/ssl/certs/ca-certificates.crt' if os_distribution == 'ubuntu' else '/etc/pki/tls/certs/ca-bundle.crt' }}" - when: stackhpc_enable_radosgw_usage_exporter + - name: Set facts for admin credentials + ansible.builtin.set_fact: + openstack_auth_env: + OS_PROJECT_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_USER_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_USER_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_PROJECT_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_NAME*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_USERNAME: "{{ credential.stdout_lines | select('match', '.*OS_USERNAME*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_PASSWORD: "{{ credential.stdout_lines | select('match', '.*OS_PASSWORD*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_AUTH_URL: "{{ credential.stdout_lines | select('match', '.*OS_AUTH_URL*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_INTERFACE: "{{ credential.stdout_lines | select('match', '.*OS_INTERFACE*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_IDENTITY_API_VERSION: "{{ credential.stdout_lines | select('match', '.*OS_IDENTITY_API_VERSION*.') | first | split('=') | last | replace(\"'\", '') }}" + OS_CACERT: "{{ '/etc/ssl/certs/ca-certificates.crt' if os_distribution == 'ubuntu' else '/etc/pki/tls/certs/ca-bundle.crt' }}" - - name: Check ec2 credential for ceph_rgw - command: > - {{ venv }}/bin/openstack - ec2 credentials list --user ceph_rgw - --format json - environment: "{{ openstack_auth_env }}" - register: credential_check - delegate_to: "{{ groups['controllers'][0] }}" - vars: - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" - run_once: true - when: stackhpc_enable_radosgw_usage_exporter + - name: Check ec2 credential for ceph_rgw + ansible.builtin.command: > + {{ venv }}/bin/openstack + ec2 credentials list --user ceph_rgw + --format json + environment: "{{ openstack_auth_env }}" + register: credential_check + delegate_to: "{{ groups['controllers'][0] }}" + changed_when: false + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" + run_once: true - - name: Create ec2 credential if there's none - command: > - {{ venv }}/bin/openstack - ec2 credentials create --user ceph_rgw --project service - --format json - environment: "{{ openstack_auth_env }}" - delegate_to: "{{ groups['controllers'][0] }}" - vars: - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" - run_once: true - when: - - stackhpc_enable_radosgw_usage_exporter - - "{{ credential_check.stdout == [] }}" + - name: Create ec2 credential if there's none + ansible.builtin.command: > + {{ venv }}/bin/openstack + ec2 credentials create --user ceph_rgw --project service + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: "{{ groups['controllers'][0] }}" + changed_when: true + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" + run_once: true + when: credential_check.stdout == [] - - name: Query ec2 credential for ceph_rgw - command: > - {{ venv }}/bin/openstack - ec2 credentials list --user ceph_rgw - --format json - environment: "{{ openstack_auth_env }}" - delegate_to: "{{ groups['controllers'][0] }}" - vars: - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" - register: credential - run_once: true - when: stackhpc_enable_radosgw_usage_exporter + - name: Query ec2 credential for ceph_rgw + ansible.builtin.command: > + {{ venv }}/bin/openstack + ec2 credentials list --user ceph_rgw + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: "{{ groups['controllers'][0] }}" + changed_when: false + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" + register: credential + run_once: true - - name: Get object storage endpoint - command: > - {{ venv }}/bin/openstack - endpoint list --service object-store --interface internal - --format json - environment: "{{ openstack_auth_env }}" - delegate_to: "{{ groups['controllers'][0] }}" - vars: - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" - register: endpoint - run_once: true - when: stackhpc_enable_radosgw_usage_exporter + - name: Get object storage endpoint + ansible.builtin.command: > + {{ venv }}/bin/openstack + endpoint list --service object-store --interface internal + --format json + environment: "{{ openstack_auth_env }}" + delegate_to: "{{ groups['controllers'][0] }}" + changed_when: false + vars: + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" + register: endpoint + run_once: true - - name: Ensure radosgw_usage_exporter container is running - community.docker.docker_container: - name: radosgw_usage_exporter - image: ghcr.io/stackhpc/radosgw_usage_exporter:0.1.0 - network_mode: host - env: - RADOSGW_SERVER: "{{ radosgw_server }}" - ADMIN_ENTRY: admin - ACCESS_KEY: "{{ ec2.Access }}" - SECRET_KEY: "{{ ec2.Secret }}" - VIRTUAL_PORT: "{{ stackhpc_radosgw_usage_exporter_port | string }}" - entrypoint: "{{ [ 'python', '-u', './radosgw_usage_exporter.py', '--insecure' ] if not stackhpc_radosgw_usage_exporter_verify else omit }}" - vars: - ec2: "{{ credential.stdout | from_json | first }}" - host: "{{ endpoint.stdout | from_json | first }}" - radosgw_server: "{{ host.URL | regex_replace('(https?://)([^:/]+):([0-9]+)/.*', '\\1\\2:\\3') }}" # Drop Swift api address - become: true - when: stackhpc_enable_radosgw_usage_exporter + - name: Process object storage endpoint + ansible.builtin.set_fact: + radosgw_server: "{{ scheme + '://' + hostname + ':' + radosgw_port }}" + vars: + swift: "{{ endpoint.stdout | from_json | first }}" + hostname: "{{ swift.URL | urlsplit('hostname') }}" + scheme: "{{ swift.URL | urlsplit('scheme') }}" + radosgw_port: "{{ swift.URL | urlsplit('port') }}" + run_once: true + + - name: Ensure radosgw_usage_exporter container is running + community.docker.docker_container: + name: radosgw_usage_exporter + image: ghcr.io/stackhpc/radosgw_usage_exporter:0.1.0 + network_mode: host + env: + RADOSGW_SERVER: "{{ radosgw_server }}" + ADMIN_ENTRY: admin + ACCESS_KEY: "{{ ec2.Access }}" + SECRET_KEY: "{{ ec2.Secret }}" + VIRTUAL_PORT: "{{ stackhpc_radosgw_usage_exporter_port | string }}" + entrypoint: "{{ ['python', '-u', './radosgw_usage_exporter.py', '--insecure'] if not stackhpc_radosgw_usage_exporter_verify else omit }}" + vars: + ec2: "{{ credential.stdout | from_json | first }}" + become: true - - name: Create radosgw-usage-exporter directory - ansible.builtin.file: - path: /opt/kayobe/radosgw-usage-exporter/ - state: directory - when: - - stackhpc_enable_radosgw_usage_exporter - - stackhpc_radosgw_usage_exporter_cacert | length > 0 + - name: Ensure the exporter to use certificate + when: stackhpc_radosgw_usage_exporter_cacert | length > 0 + block: + - name: Create radosgw-usage-exporter directory + ansible.builtin.file: + path: /opt/kayobe/radosgw-usage-exporter/ + state: directory + mode: 0755 - - name: Copy CA certificate to RADOS gateway usage exporter nodes - ansible.builtin.copy: - src: "{{ stackhpc_radosgw_usage_exporter_cacert }}" - dest: "/opt/kayobe/radosgw-usage-exporter/{{ stackhpc_radosgw_usage_exporter_cacert | basename }}" - register: copy_to_node_result - when: - - stackhpc_enable_radosgw_usage_exporter - - stackhpc_radosgw_usage_exporter_cacert | length > 0 + - name: Copy CA certificate to RADOS gateway usage exporter nodes + ansible.builtin.copy: + src: "{{ stackhpc_radosgw_usage_exporter_cacert }}" + dest: "/opt/kayobe/radosgw-usage-exporter/{{ stackhpc_radosgw_usage_exporter_cacert | basename }}" + mode: 0644 + register: copy_to_node_result - - name: Copy CA certificate to RADOS gateway usage exporter container - community.docker.docker_container_copy_into: - container: radosgw_usage_exporter - path: "{{ copy_to_node_result.dest }}" - container_path: "/usr/local/share/ca-certificates/{{ copy_to_node_result.dest | basename }}" - become: true - when: - - stackhpc_enable_radosgw_usage_exporter - - stackhpc_radosgw_usage_exporter_cacert | length > 0 + - name: Copy CA certificate to RADOS gateway usage exporter container + community.docker.docker_container_copy_into: + container: radosgw_usage_exporter + path: "{{ copy_to_node_result.dest }}" + container_path: "/usr/local/share/ca-certificates/{{ copy_to_node_result.dest | basename }}" + become: true - - name: Update CA certificate of RADOS gateway usage exporter container - community.docker.docker_container_exec: - container: radosgw_usage_exporter - command: update-ca-certificates - user: root - become: true - when: - - stackhpc_enable_radosgw_usage_exporter - - stackhpc_radosgw_usage_exporter_cacert | length > 0 + - name: Update CA certificate of RADOS gateway usage exporter container + community.docker.docker_container_exec: + container: radosgw_usage_exporter + command: update-ca-certificates + user: root + become: true From d6db95af1cb84f9972d3feda140e0431abc7a74e Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 22 May 2024 09:58:48 +0100 Subject: [PATCH 20/22] Add deploying rgw exporter at service deploy post hook This will not run by default as ``stackhpc_enable_radosgw_usage_exporter`` is initially set to false --- .../post.d/deploy-radosgw-usage-exporter.yml | 1 + 1 file changed, 1 insertion(+) create mode 120000 etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml diff --git a/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml b/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml new file mode 120000 index 0000000000..3d939329a3 --- /dev/null +++ b/etc/kayobe/hooks/overcloud-service-deploy/post.d/deploy-radosgw-usage-exporter.yml @@ -0,0 +1 @@ +../../../ansible/deploy-radosgw-usage-exporter.yml \ No newline at end of file From bb6f27631556c042e487e25af82984ea777c970a Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 13 Nov 2024 13:57:36 +0000 Subject: [PATCH 21/22] Bump radosgw_usage_exporter to v0.1.1 This version includes image scan on build --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 13e7f53a4c..7998f676d3 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -107,7 +107,7 @@ - name: Ensure radosgw_usage_exporter container is running community.docker.docker_container: name: radosgw_usage_exporter - image: ghcr.io/stackhpc/radosgw_usage_exporter:0.1.0 + image: ghcr.io/stackhpc/radosgw_usage_exporter:v0.1.1 network_mode: host env: RADOSGW_SERVER: "{{ radosgw_server }}" From 59cba1e1021e7a7fd34525d781e935468f5e273f Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 13 Nov 2024 14:08:44 +0000 Subject: [PATCH 22/22] Better release note and grammar --- etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml | 2 +- .../add-radosgw-usage-exporter-support-93d55c544418b05a.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml index 7998f676d3..df83404192 100644 --- a/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml +++ b/etc/kayobe/ansible/deploy-radosgw-usage-exporter.yml @@ -120,7 +120,7 @@ ec2: "{{ credential.stdout | from_json | first }}" become: true - - name: Ensure the exporter to use certificate + - name: Ensure that the internal TLS certificate is trusted by the exporter when: stackhpc_radosgw_usage_exporter_cacert | length > 0 block: - name: Create radosgw-usage-exporter directory diff --git a/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml b/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml index af9213afd2..8b6e4d4e32 100644 --- a/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml +++ b/releasenotes/notes/add-radosgw-usage-exporter-support-93d55c544418b05a.yaml @@ -5,3 +5,5 @@ features: To deploy the exporter, set the variable ``stackhpc_enable_radosgw_usage_exporter`` to true. Then run playbook ``deploy-radosgw-usage-exporter.yml``. + A certificate path needs to be set to ``stackhpc_radosgw_usage_exporter_cacert`` + if internal TLS is enabled.