Page MenuHomePhabricator
Create Task
Maniphest T263461

Openstack Glance: add ceph backend
Closed, ResolvedPublic
Actions

Description

It's not clear that there's a straightforward path for moving existing base images from the filesystem backend to ceph, but we should at least start using ceph for new images.

It may be possible to migrate existing images via direct DB hacking; I'll experiment with that once we have Ceph set up as an alternate backend.

Details

Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.Sep 21 2020, 2:06 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 21 2020, 2:06 PM
gerritbot added a comment.Sep 21 2020, 3:23 PM

Change 628858 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[labs/private@master] Added snakeoil keydata for ceph glance client

https://gerrit.wikimedia.org/r/628858

gerritbot added a project: Patch-For-Review.Sep 21 2020, 3:23 PM
gerritbot added a comment.Sep 21 2020, 3:25 PM

Change 628861 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] cloudcontrol eqiad1: add ceph access for Glance

https://gerrit.wikimedia.org/r/628861

gerritbot added a comment.Sep 21 2020, 3:25 PM

Change 628858 merged by Andrew Bogott:
[labs/private@master] Added snakeoil keydata for ceph glance client

https://gerrit.wikimedia.org/r/628858

gerritbot added a comment.Sep 21 2020, 3:38 PM

Change 628865 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[labs/private@master] Renamed profile::ceph::client::rbd::glance_client_keydata

https://gerrit.wikimedia.org/r/628865

gerritbot added a comment.Sep 21 2020, 3:38 PM

Change 628865 merged by Andrew Bogott:
[labs/private@master] Renamed profile::ceph::client::rbd::glance_client_keydata

https://gerrit.wikimedia.org/r/628865

gerritbot added a comment.Sep 21 2020, 3:42 PM

Change 628869 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[labs/private@master] Further attempts to get this key in the right place

https://gerrit.wikimedia.org/r/628869

gerritbot added a comment.Sep 21 2020, 3:42 PM

Change 628869 merged by Andrew Bogott:
[labs/private@master] Further attempts to get this key in the right place

https://gerrit.wikimedia.org/r/628869

gerritbot added a comment.Sep 21 2020, 3:57 PM

Change 628872 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] OpenStack glance: set the default backend to rbd

https://gerrit.wikimedia.org/r/628872

gerritbot added a comment.Sep 21 2020, 4:16 PM

Change 628861 merged by Andrew Bogott:
[operations/puppet@production] cloudcontrol eqiad1: add ceph client for Glance

https://gerrit.wikimedia.org/r/628861

Andrew mentioned this in rLPRI3ea18a272ab2: Added snakeoil keydata for ceph glance client.Sep 21 2020, 5:32 PM
Andrew mentioned this in rLPRIccd2409edaa4: Renamed profile::ceph::client::rbd::glance_client_keydata.
Andrew mentioned this in rLPRIbc070b363431: Further attempts to get this key in the right place.
gerritbot added a comment.Sep 21 2020, 6:00 PM

Change 628872 merged by Andrew Bogott:
[operations/puppet@production] OpenStack glance: set the default backend to rbd

https://gerrit.wikimedia.org/r/628872

Maintenance_bot removed a project: Patch-For-Review.Sep 21 2020, 6:10 PM
gerritbot added a comment.Sep 21 2020, 9:12 PM

Change 628946 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] ceph: add firewall rules for cloudcontroller nodes

https://gerrit.wikimedia.org/r/628946

gerritbot added a project: Patch-For-Review.Sep 21 2020, 9:12 PM

Change 628946 merged by Andrew Bogott:
[operations/puppet@production] ceph: add firewall rules for cloudcontroller nodes

https://gerrit.wikimedia.org/r/628946

gerritbot added a comment.Sep 21 2020, 9:58 PM

Change 628953 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] OpenStack Glance: fixes to glance-api.conf

https://gerrit.wikimedia.org/r/628953

gerritbot added a comment.Sep 21 2020, 9:59 PM

Change 628953 merged by Andrew Bogott:
[operations/puppet@production] OpenStack Glance: fixes to glance-api.conf

https://gerrit.wikimedia.org/r/628953

Maintenance_bot removed a project: Patch-For-Review.Sep 21 2020, 10:10 PM
Andrew added a comment.Sep 22 2020, 3:55 PM

New images uploaded to Glance will now be stored using Ceph. Our current version of Glance doesn't handle sparse files very well so the images uploaded wind up being pretty big; the VMs based on those images are properly sparse though.

I'm pretty sure we should leave this here and phase out the locally-stored images over time. I have a system in mind for converting them to rbd (which I will document below) but it seems quite risky to do this, mostly because our existing images are qcow2 and all the glance/ceph docs say to only use raw images. I'm concerned that if we convert existing images from qcow2 to raw we'll break copy-on-write in some interesting way, and if we don't we'll break glance in an interesting way.

Andrew added a comment.EditedSep 22 2020, 4:03 PM

Should we want to convert existing images to glance, the steps are:

  1. download the existing image from glance with 'openstack image save <id> > <id>.qcow2
  2. convert downloaded file to raw with qemu-img convert -f qcow2 -O raw ./<id>.qcow2 ./<id>.raw.notsparse
  3. convert to sparse with cp --sparse=always ./<id>.raw.notsparse ./<id>.raw
  4. upload the image to rbd with 'rbd import --name client.eqiad1-glance-images --pool eqiad1-glance-images <id>'
  5. take a snapshot: 'rbd snap create eqiad1-glance-images/<id>@snap'
  6. Modify the glance database to change the location: [glance]> update image_locations set value="rbd://5917e6d9-06a0-4928-827a-f489384975b1/eqiad1-glance-images/<id>/snap" where image_id='<id>'; [glance]> update image_locations set meta_data='{"backend": "rbd"}' where image_id='<id>';

Notes:

  • I don't exactly know what the 5917e6d9-06a0-4928-827a-f489384975b1 is there, I assume it refers to a particular rbd backend
  • note that @snap doesn't work, it must be /snap. This is a hint garnered from https://ceph.io/planet/importing-an-existing-ceph-rbd-image-into-glance/
  • I have no idea if glance will properly clean up these rbd files when the image is deleted; probably not.
Andrew added a comment.EditedSep 23 2020, 5:11 PM

I now have a script to move glance images from local storage to Ceph which is in

cloudcontrol1003.wikimedia.org:~andrew/wmcs-image-migrate

I'm still nervous about this breaking copy-on-write. For VMs already on ceph this is largely moot since the c-o-w base comes from only one place. In the case of cold-migrating between cephless hypervisors, c-o-w has always been a bit dicey since our cold-migrate script doesn't ensure that the base image is present on the target.

I was able to break at least one VM during cold-migration (by moving to a hypervisor that had never seen the image before). This is probably unrelated to the image on ceph but since completing the VM migrations to ceph will limit the different scenarios it seems best to just wait on this.

This seems to break cold-migration between VMs, so best to wait and reinvestigate this option after everything has moved to Ceph.

bd808 added a parent task: T194334: [Epic] Modern Cloud VPS storage layer.Oct 5 2020, 12:17 AM
gerritbot added a comment.Oct 16 2020, 7:54 PM

Change 634595 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Glance: make rbd the default store in eqiad1

https://gerrit.wikimedia.org/r/634595

gerritbot added a project: Patch-For-Review.Oct 16 2020, 7:54 PM
gerritbot added a comment.Oct 16 2020, 8:20 PM

Change 634595 merged by Andrew Bogott:
[operations/puppet@production] Glance: make rbd the default store in eqiad1

https://gerrit.wikimedia.org/r/634595

gerritbot added a comment.Oct 17 2020, 9:41 PM

Change 634754 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] wmcs admin scripts: added wmcs-imageusage

https://gerrit.wikimedia.org/r/634754

gerritbot added a comment.Oct 17 2020, 9:44 PM

Change 634754 merged by Andrew Bogott:
[operations/puppet@production] wmcs admin scripts: added wmcs-imageusage

https://gerrit.wikimedia.org/r/634754

gerritbot added a comment.Oct 19 2020, 2:04 AM

Change 634837 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] glance-api: replace 'default_store' with the more flexible 'glance_backends'

https://gerrit.wikimedia.org/r/634837

gerritbot added a comment.Oct 19 2020, 3:31 AM

Change 634837 merged by Andrew Bogott:
[operations/puppet@production] glance-api: replace 'default_store' with the more flexible 'glance_backends'

https://gerrit.wikimedia.org/r/634837

gerritbot added a comment.Oct 19 2020, 3:33 AM

Change 634839 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] glance: disable the file backend for glance in eqiad1

https://gerrit.wikimedia.org/r/634839

gerritbot added a comment.Oct 19 2020, 3:38 AM

Change 634839 merged by Andrew Bogott:
[operations/puppet@production] glance: disable the file backend for glance in eqiad1

https://gerrit.wikimedia.org/r/634839

gerritbot added a comment.Oct 19 2020, 4:07 AM

Change 634840 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] glance-api: make active/active in eqiad1

https://gerrit.wikimedia.org/r/634840

Andrew added a comment.Oct 19 2020, 4:29 AM

Glance on eqiad1 is now running exclusively with Ceph. All used images (and a few unused ones) have been migrated to rbd.

The remaining task here is to add some kind of off-Ceph backup for base images (T265843). We can't delete all the filesystem/imagesync code though because codfw1dev still uses local files for images.

gerritbot added a comment.Oct 19 2020, 2:21 PM

Change 634840 merged by Andrew Bogott:
[operations/puppet@production] glance-api: make active/active in eqiad1

https://gerrit.wikimedia.org/r/634840

Andrew moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.Oct 20 2020, 4:34 PM
Andrew closed this task as Resolved.Oct 21 2020, 2:34 AM
Andrew closed subtask T265843: Create backup service for glance images as Resolved.
gerritbot added a comment.Dec 6 2020, 5:19 AM

Change 645746 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Glance: add a hiera setting for the glance ceph pool

https://gerrit.wikimedia.org/r/645746

gerritbot added a comment.Dec 6 2020, 5:26 AM

Change 645746 merged by Andrew Bogott:
[operations/puppet@production] Glance: add a hiera setting for the glance ceph pool

https://gerrit.wikimedia.org/r/645746

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL