From a02133f4b75898db6f32d8a2faef2658f241251c Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Fri, 16 Feb 2024 14:58:02 +0100 Subject: [PATCH 1/4] [ceph][luks] Fix ceph cephvolumescan for cephadm For cephadm the containers are named ceph--osd... while ceph-ansible still uses the ceph-osd-... Other issue is that OSDs can have multiple volumes in them so filtering just for the first one is wrong and we need to check each volume for the encryption. Resolves: rhbz#2264543 Fixes: https://issues.redhat.com/browse/RHEL-25838 --- .../libraries/cephvolumescan.py | 5 +- .../tests/test_cephvolumescan.py | 52 +++++++++++++++++-- 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/repos/system_upgrade/common/actors/cephvolumescan/libraries/cephvolumescan.py b/repos/system_upgrade/common/actors/cephvolumescan/libraries/cephvolumescan.py index b2364104ba..a9bff005aa 100644 --- a/repos/system_upgrade/common/actors/cephvolumescan/libraries/cephvolumescan.py +++ b/repos/system_upgrade/common/actors/cephvolumescan/libraries/cephvolumescan.py @@ -8,7 +8,7 @@ from leapp.models import InstalledRPM CEPH_CONF = "/etc/ceph/ceph.conf" -CONTAINER = "ceph-osd" +CONTAINER = "ceph-.*osd" def select_osd_container(engine): @@ -63,7 +63,8 @@ def encrypted_osds_list(): output = get_ceph_lvm_list() if output is not None: try: - result = [output[key][0]['lv_uuid'] for key in output if output[key][0]['tags']['ceph.encrypted']] + for key in output: + result.extend([element['lv_uuid'] for element in output[key] if element['tags']['ceph.encrypted']]) except KeyError: # TODO: possibly raise a report item with a medium risk factor # TODO: possibly create list of problematic osds, extend the cephinfo diff --git a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py index f3811c45af..3def45203c 100644 --- a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py +++ b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py @@ -8,6 +8,8 @@ CONT_PS_COMMAND_OUTPUT = { "stdout": """CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b5a3d8ef25b9 undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhceph:5 "-n osd.8 -f --set..." \ + 2 hours ago Up 2 hours ago ceph-bea1a933-0846-4aaa-8223-62cb8cb2873c-osd-8 50d96fe72019 registry.redhat.io/rhceph/rhceph-4-rhel8:latest "/opt/ceph-contain..." \ 2 weeks ago Up 2 weeks ceph-osd-0 f93c17b49c40 registry.redhat.io/rhceph/rhceph-4-rhel8:latest "/opt/ceph-contain..." \ @@ -41,7 +43,33 @@ "type":"block", "vg_name":"ceph-a696c40d-6b1d-448d-a40e-fadca22b64bc" } - ] + ], + "8":[ + { + "devices": [ + "/dev/nvme0n1" + ], + "lv_name": "osd-db-b04857a0-a2a2-40c3-a490-cbe1f892a76c", + "lv_uuid": "zcvGix-drzz-JwzP-6ktU-Od6W-N5jL-kxRFa3", + "tags":{ + "ceph.encrypted":"1" + }, + "type": "db", + "vg_name": "ceph-b78309b3-bd80-4399-87a3-ac647b216b63" + }, + { + "devices": [ + "/dev/sdb" + ], + "lv_name": "osd-block-477c303f-5eaf-4be8-b5cc-f6073eb345bf", + "lv_uuid": "Mz1dep-D715-Wxh1-zUuS-0cOA-mKXE-UxaEM3", + "tags":{ + "ceph.encrypted":"1" + }, + "type": "block", + "vg_name": "ceph-e3e0345b-8be1-40a7-955a-378ba967f954" + } + ], }""" } @@ -51,7 +79,19 @@ 'lv_uuid': 'Tyc0TH-RDxr-ebAF-9mWF-Kh5R-YnvJ-cEcGVn', 'tags': {'ceph.encrypted': '1'}, 'type': 'block', - 'vg_name': 'ceph-a696c40d-6b1d-448d-a40e-fadca22b64bc'}] + 'vg_name': 'ceph-a696c40d-6b1d-448d-a40e-fadca22b64bc'}], + '1': [{'devices': ['/dev/nvme0n1'], + 'lv_name': 'osd-db-b04857a0-a2a2-40c3-a490-cbe1f892a76c', + 'lv_uuid': 'zcvGix-drzz-JwzP-6ktU-Od6W-N5jL-kxRFa3', + 'tags': {'ceph.encrypted': '1'}, + 'type': 'block', + 'vg_name': 'ceph-b78309b3-bd80-4399-87a3-ac647b216b63'}, + {'devices': ['/dev/sdb'], + 'lv_name': 'osd-block-477c303f-5eaf-4be8-b5cc-f6073eb345bf', + 'lv_uuid': 'Mz1dep-D715-Wxh1-zUuS-0cOA-mKXE-UxaEM3', + 'tags': {'ceph.encrypted': '1'}, + 'type': 'block', + 'vg_name': 'ceph-e3e0345b-8be1-40a7-955a-378ba967f954'}] } @@ -60,7 +100,7 @@ def test_select_osd_container(m_run): m_run.return_value = CONT_PS_COMMAND_OUTPUT - assert cephvolumescan.select_osd_container('docker') == "ceph-osd-0" + assert cephvolumescan.select_osd_container('docker') == "ceph-bea1a933-0846-4aaa-8223-62cb8cb2873c-osd-8" @patch('leapp.libraries.actor.cephvolumescan.has_package') @@ -82,4 +122,8 @@ def test_encrypted_osds_list(m_get_ceph_lvm_list, m_isfile): m_get_ceph_lvm_list.return_value = CEPH_LVM_LIST m_isfile.return_value = True - assert cephvolumescan.encrypted_osds_list() == ['Tyc0TH-RDxr-ebAF-9mWF-Kh5R-YnvJ-cEcGVn'] + assert cephvolumescan.encrypted_osds_list() == [ + 'Tyc0TH-RDxr-ebAF-9mWF-Kh5R-YnvJ-cEcGVn', + 'zcvGix-drzz-JwzP-6ktU-Od6W-N5jL-kxRFa3', + 'Mz1dep-D715-Wxh1-zUuS-0cOA-mKXE-UxaEM3' + ] From 9b68fad772f6402695dbe1fd50af577c1a1de74d Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Mon, 13 May 2024 19:25:15 +0200 Subject: [PATCH 2/4] fixup! [ceph][luks] Fix ceph cephvolumescan for cephadm --- .../common/actors/cephvolumescan/tests/test_cephvolumescan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py index 3def45203c..64303a9599 100644 --- a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py +++ b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py @@ -69,7 +69,7 @@ "type": "block", "vg_name": "ceph-e3e0345b-8be1-40a7-955a-378ba967f954" } - ], + ] }""" } From 0d50e8ecf495fca6ad9092d9d592290c543f6d02 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Mon, 13 May 2024 19:50:02 +0200 Subject: [PATCH 3/4] fixup! fixup! [ceph][luks] Fix ceph cephvolumescan for cephadm --- .../common/actors/cephvolumescan/tests/test_cephvolumescan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py index 64303a9599..0c57b7f731 100644 --- a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py +++ b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py @@ -80,7 +80,7 @@ 'tags': {'ceph.encrypted': '1'}, 'type': 'block', 'vg_name': 'ceph-a696c40d-6b1d-448d-a40e-fadca22b64bc'}], - '1': [{'devices': ['/dev/nvme0n1'], + '8': [{'devices': ['/dev/nvme0n1'], 'lv_name': 'osd-db-b04857a0-a2a2-40c3-a490-cbe1f892a76c', 'lv_uuid': 'zcvGix-drzz-JwzP-6ktU-Od6W-N5jL-kxRFa3', 'tags': {'ceph.encrypted': '1'}, From db38fbec3be8ae9f32db398ceedcff3bc4070c40 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Mon, 13 May 2024 19:50:42 +0200 Subject: [PATCH 4/4] squash! fixup! fixup! [ceph][luks] Fix ceph cephvolumescan for cephadm to be dropped commit: adding debug output to stdout --- .../actors/cephvolumescan/tests/test_cephvolumescan.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py index 0c57b7f731..7f78dc1008 100644 --- a/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py +++ b/repos/system_upgrade/common/actors/cephvolumescan/tests/test_cephvolumescan.py @@ -111,8 +111,11 @@ def test_get_ceph_lvm_list(m_run, m_osd_container, m_has_package): m_has_package.return_value = True m_osd_container.return_value = 'podman' m_run.return_value = CEPH_VOLUME_OUTPUT + from pprint import pprint as pp + result = cephvolumescan.get_ceph_lvm_list() + pp(result) - assert cephvolumescan.get_ceph_lvm_list() == CEPH_LVM_LIST + assert result == CEPH_LVM_LIST @patch('leapp.libraries.actor.cephvolumescan.os.path.isfile')