Page MenuHomePhabricator
Create Task
Maniphest T275555

[toolforge,storage] Support Cinder volumes
Open, MediumPublic
Actions

Description

Could the Toolforge Kubernetes cluster allow attaching Cinder volumes? Then, tools would have a more modern storage option that’s (probably) faster and more reliable than NFS. It would also help to remove load from Wikimedia’s NFS servers.

Here’s some instructions that a Kubernetes admin could try. As an unprivileged toolforge user, I don’t think I can do this myself.
https://kubernetes.io/blog/2020/02/07/deploying-external-openstack-cloud-provider-with-kubeadm/

When I asked on the wikimedia-cloud IRC channel, @Andrew replied:

I wouldn't expect that to work, although I'm interested in hearing about what you find if you try.

Related Objects
Search...

Event Timeline

Sascha created this task.Feb 23 2021, 8:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 23 2021, 8:22 PM
bd808 subscribed.Feb 23 2021, 8:28 PM

I don't think we have any historical tickets about this idea, mostly because they were fanciful until we actually had Cinder support in Cloud VPS's OpenStack deployment. I see this as a very likely component of T194332: [Epic,builds-api,components-api,webservice,jobs-api] Make Toolforge a proper platform as a service with push-to-deploy and build packs and related Toolforge platform modernization efforts.

Chicocvenancio awarded a token.Feb 23 2021, 8:29 PM
RhinosF1 subscribed.Feb 23 2021, 8:38 PM
Sascha added a comment.Feb 24 2021, 11:15 AM

Note that Kubernetes can also directly mount volumes from Ceph RBD, so this wouldn’t necessarily have to be done via Cinder. If Kubernetes was directly mounting Ceph RBD, there would be one less layer to maintain. But I don’t know how well this would fit into Wikimedia’s production setup in terms of quota enforcement, key management, monitoring, etc. Here’s some pointers, in case you want to explore this. The example setup looks actually quite simple.

Bstorm subscribed.Feb 24 2021, 6:08 PM

Ceph RBD to Kubernetes isn't something we'd want to support in the existing security model. By integrating the Openstack provider in Kubernetes, we can get cinder volumes "for free" as an available volume type, so it's not actually terribly hard except that it requires changes k8s a lot. To add RBD directly would require restructuring the authentication model of ceph to allow direct connections from Kubernetes (something we currently only allow from Openstack services, basically. Keeping the cinder layer on top is therefore both potentially convenient despite the abstraction and preserves the authentication model of Openstack that we use (which is rooted in LDAP, and is therefore compatible with the source of our Kubernetes credentials, which is also, ultimately, LDAP). Ceph is not managed by LDAP.

Bstorm added a comment.Feb 24 2021, 6:12 PM

@Sascha, honestly, the idea might fit better with Wikimedia production's model than with Toolforge's. :)

Bstorm added a project: cloud-services-team (Kanban).Feb 24 2021, 6:13 PM
Bstorm added a comment.Feb 24 2021, 6:19 PM

I should also mention that we had considered the openstack provider back in T214513, but at the time we decided not to use it because we lacked Cinder, Barbican and LBaaS. Now we have Cinder, so that might suggest there's reason to do some testing.

Phamhi triaged this task as Medium priority.Mar 9 2021, 5:32 PM
taavi mentioned this in T282087: Support cinder or expanded ephemeral disk worker nodes on Toolforge Kubernetes.May 6 2021, 7:35 AM
taavi moved this task from Backlog to Feature requests on the Toolforge board.May 16 2021, 5:18 PM
dcaro subscribed.Dec 22 2021, 11:02 PM
dcaro added a comment.Oct 28 2022, 9:46 AM

This might be related to T293670, as in both might have the same solution

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:53 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
Slst2020 subscribed.May 7 2023, 9:22 AM
taavi mentioned this in T337192: Toolforge: consider introducing some semantics for persistent storage.May 21 2023, 11:47 AM
taavi moved this task from Feature requests to Backlog on the Toolforge board.Sep 26 2023, 1:47 PM
dcaro added a parent task: T293670: [toolforge,storage] Add storage capabilities for tools.Mar 5 2024, 10:50 AM
dcaro renamed this task from [toolforge k8s] Support Cinder volumes to [toolforge,storage] Support Cinder volumes.Mar 5 2024, 10:57 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits