Support Openstack Swift APIs via the radosgw
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Andrew
	Mar 9 2021, 4:51 PM

Description

The Trove docs assume the presence of an object store (Swift). It looks like this is only used for backups but I also haven't found any clear evidence that Trove can run in a setup without object stores.

This is a good excuse to get Swift up and running with Trove its initial user.

Details

Subject	Repo	Branch	Lines +/-
radosgw: Enforce header name and CSP	operations/puppet	production	+35 -1
ceph radosgw: don't allow the 'reader' role to create/delete objects	operations/puppet	production	+1 -1
Remove profile::cloudceph::client::rbd_glance	operations/puppet	production	+0 -70
radosgw: include a few missing pieces for eqiad1	operations/puppet	production	+2 -1
Add radosgw apis to eqiad1	operations/puppet	production	+16 -0
eqiad1: add caps for radosgw user	operations/puppet	production	+4 -0
Add fake radosgw eqiad1 key data	labs/private	master	+2 -0
Ceph: Try to re-centralize radosgw keyrings	operations/puppet	production	+11 -3
cloud-vps ceph: initial config for adding radosgw to control nodes	operations/puppet	production	+224 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	None	T128158 Tools web interface for tool authors (Brainstorming ticket)
Open	None	T136335 Allow self-serve database credential and permissions management for Toolforge projects
Open	None	T188406 Provide access to user created databases in PAWS
Resolved	• Bstorm	T267683 Move PAWS to it's own database (and away from ToolsDB)
Resolved	Andrew	T212595 [Feature request] Database as a Service (Trove) for Cloud VPS projects
Open	None	T178520 Find somewhere else (not NFS) to store Quarry's resultsets
Resolved	• taavi	T276961 Support Openstack Swift APIs via the radosgw
Resolved	Jhancock.wm	T289882 Q1:(Need By: TBD) rack/setup/install cloudswift100[12]
Resolved	Andrew	T347927 Better swift error messages for projects with invalid chars
Resolved	Andrew	T348885 Horizon Object Storage UI should not display for readers

Event Timeline

Andrew created this task.Mar 9 2021, 4:51 PM

Andrew moved this task from Inbox to Needs discussion on the cloud-services-team (Kanban) board.

Apparently we can continue to put all our eggs in the ceph basket in Swift as well https://keithtenzer.com/2017/03/30/openstack-swift-integration-with-ceph/

In T276961#6897360, @Bstorm wrote:

Apparently we can continue to put all our eggs in the ceph basket in Swift as well https://keithtenzer.com/2017/03/30/openstack-swift-integration-with-ceph/

That's what I was thinking, although it's a bit questionable to have the primary databases on ceph-hosted VMs and then 'back them up' to ceph-backed swift when it's the same ceph.

A separate pool is one level of separation, but it's not physical. It seems a second cluster for some uses would make sense for that, which would reduce our skill needs without sacrificing redundancy.

Andrew moved this task from Needs discussion to Soon! on the cloud-services-team (Kanban) board.Mar 17 2021, 3:25 PM

I don't think we need to actually run swift in wmcs; radosgw supports swift APIs.

https://docs.ceph.com/en/latest/radosgw/index.html

And it can consume Keystone for auth:

https://docs.ceph.com/en/latest/radosgw/keystone/

Of course VMs can't actually talk to ceph APIs, but maybe with haproxy that doesn't matter?

Change 682317 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] cloud-vps ceph: initial config for adding radosgw to control nodes

https://gerrit.wikimedia.org/r/682317

gerritbot added a project: Patch-For-Review.Apr 25 2021, 2:05 PM

Change 682317 merged by Andrew Bogott:

[operations/puppet@production] cloud-vps ceph: initial config for adding radosgw to control nodes

https://gerrit.wikimedia.org/r/682317

Maintenance_bot removed a project: Patch-For-Review.Apr 25 2021, 4:10 PM

Change 682729 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] Ceph: Try to re-centralize radosgw keyrings

https://gerrit.wikimedia.org/r/682729

gerritbot added a project: Patch-For-Review.Apr 26 2021, 6:45 PM

Change 682729 merged by Andrew Bogott:

[operations/puppet@production] Ceph: Try to re-centralize radosgw keyrings

https://gerrit.wikimedia.org/r/682729

Maintenance_bot removed a project: Patch-For-Review.Apr 26 2021, 7:10 PM

We discussed this in our weekly meeting today. Issues to sort out before radosgw goes in eqiad1 are:

Ceph pg audit to make sure we can support the new pools that radosgw needs

Moving haproxy (and possibly radosgw) onto separate hardware so that the Swift bandwidth doesn't overwhelm the other openstack APIs.

I recommend we look at erasure coding the pools for Swift, since I don't know if I've said it directly related to this yet https://ceph.io/planet/erasure-coding-in-ceph/

That would give us more storage for the number of OSDs involved. Erasure coding for RBD was relatively new when we deployed ceph, so we avoided it for the safer replicated version, but it's quite mature and common in a radosgw config.

In T276961#7042719, @Bstorm wrote:

I recommend we look at erasure coding the pools for Swift, since I don't know if I've said it directly related to this yet https://ceph.io/planet/erasure-coding-in-ceph/

I think that's pretty simple -- radosgw creates the pools but you can convert them to erasure after the fact. Do you have an opinion about what ratio we should use?

Nope, I'd probably google around for what "seems good", unfortunately.

aborrero triaged this task as Medium priority.May 11 2021, 4:21 PM

aborrero moved this task from Soon! to Blocked on the cloud-services-team (Kanban) board.

• Bstorm added a subtask: T178520: Find somewhere else (not NFS) to store Quarry's resultsets.Aug 24 2021, 3:28 PM

[I was pointed at this task from IRC, I'm new in data persistence team, used to do quite a bit of Ceph at the Sanger]

I think 4+2 or 8+2 or 8+3 are relatively commonly-used. CERN were using 8+3 for their EC pools last time I heard, and report a 2xCPU 1.5xRAM overhead[0] compared to replicated storage. AIUI, our Ceph cluster is still quite small (in terms of # of hosts), so I'm not sure if we can do this sort of thing without compromising on host as a failure domain?

We kept meaning to move to EC for some of our pools at my last job, but it never quite made it to the top of the list, and we were using hdd + NVME for block.db, so disk capacity was "cheap".

There isn't really much QoS available yet to e.g. stop your RGW service using all the available IO (might be some coming in Quincy?); at Sanger we needed haproxy in front of our RGW service anyway, at which point that provides a mechanism for per-IP limits and suchlike. I talked a bit about this in a past Cephalocon presentation, so probably still have some slides on it somewhere...

[0] https://indico.cern.ch/event/941278/contributions/4104604/attachments/2147359/3619781/ErasureCoding20201120.pdf

• taavi removed a subtask: T178520: Find somewhere else (not NFS) to store Quarry's resultsets.Oct 26 2021, 11:20 AM

• taavi added a parent task: T178520: Find somewhere else (not NFS) to store Quarry's resultsets.

• taavi mentioned this in T318360: Recommended solution for Terraform state backend.Sep 22 2022, 4:38 PM

• taavi mentioned this in T318533: Offer S3-compatible storage.Sep 26 2022, 11:46 AM

• taavi merged a task: T318533: Offer S3-compatible storage.

• taavi added a subtask: T289882: Q1:(Need By: TBD) rack/setup/install cloudswift100[12].

• taavi added a subscriber: Sascha.

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 7:22 PM

fnegri moved this task from Kanban to Blocked on the cloud-services-team board.

Papaul closed subtask T289882: Q1:(Need By: TBD) rack/setup/install cloudswift100[12] as Resolved.Jun 9 2023, 2:22 AM

Change 962707 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):