marceloneppel · marceloneppel · Aug 16, 2024 · May 24, 2024 · May 27, 2024 · Jun 5, 2024
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -265,6 +265,11 @@ jobs:
         done
         lxc exec node-wrk0 -- sh -c "microceph.ceph -s"
 
+    - name: Exercise microceph status
+      run: |
+        set -uex
+        lxc exec node-wrk0 -- sh -c "sudo microceph status"
+
     - name: Test failure domain scale up
       run: |
         set -uex
@@ -549,10 +554,63 @@ jobs:
       run: ~/actionutils.sh headexec testrgw
 
     - name: Install local build
-      run: ~/actionutils.sh install_multinode
+      run: ~/actionutils.sh upgrade_multinode
 
     - name: Wait until 3 OSDs are up
       run:  ~/actionutils.sh headexec wait_for_osds 3
 
     - name: Exercise RGW again
       run: ~/actionutils.sh headexec testrgw
+
+    - name: Exercise microceph status
+      run: |
+        set -uex
+        lxc exec node-wrk0 -- sh -c "sudo microceph status"
+
+
+  cluster-tests:
+    name: Test MicroCeph Cluster features.
+    runs-on: ubuntu-22.04
+    needs: build-microceph
+    steps:
+    - name: Download snap
+      uses: actions/download-artifact@v3
+      with:
+        name: snaps
+        path: /home/runner
+
+    - name: Checkout code
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Copy utils
+      run: cp tests/scripts/actionutils.sh $HOME
+
+    - name: Clear FORWARD firewall rules
+      run: ~/actionutils.sh cleaript
+
+    - name: Free disk
+      run: ~/actionutils.sh free_runner_disk
+
+    - name: Install and setup
+      run: ~/actionutils.sh install_microceph
+
+    - name: Add loopback file OSDs
+      run: |
+        set -uex
+        sudo microceph disk add loop,1G,3
+        ~/actionutils.sh wait_for_osds 3
+        sudo microceph.ceph -s
+
+    - name: Enable RGW
+      run: ~/actionutils.sh enable_rgw
+
+    - name: Exercise RGW
+      run: ~/actionutils.sh testrgw
+
+    - name: Bombard MicroCeph with cluster configs
+      run: ~/actionutils.sh bombard_rgw_configs
+
+    - name: Exercise RGW again
+      run: ~/actionutils.sh testrgw "newFile"
diff --git a/docs/.custom_wordlist.txt b/docs/.custom_wordlist.txt
@@ -14,6 +14,8 @@ microceph
 OSDs
 MSD
 Ceph
+CephFs
+CephX
 Alertmanager
 MDS
 hostname
@@ -22,6 +24,7 @@ loopback
 lsblk
 hostnames
 OSD
+keyring
 keyrings
 FDE
 snapd
@@ -31,6 +34,7 @@ LUKS
 cryptsetup
 dm
 modinfo
+newFs
 subcommands
 backend
 backfilling
@@ -63,7 +67,11 @@ noout
 Noout
 Unsetting
 cephfs
+fs
+filesystem
 filesystems
 sda
 ESM
 Livepatch
+
+MiB
diff --git a/docs/.sphinx/_templates/header.html b/docs/.sphinx/_templates/header.html
@@ -19,11 +19,11 @@
       <li>
         <a href="#" class="p-navigation__link nav-more-links">More resources</a>
         <ul class="more-links-dropdown">
-
+<!--
           <li>
             <a href="{{ discourse }}" class="p-navigation__sub-link p-dropdown__link">Forum</a>
           </li>
-
+-->
           <li>
             <a href="{{ github_url }}" class="p-navigation__sub-link p-dropdown__link">GitHub</a>
           </li>

diff --git a/docs/.wordlist.txt b/docs/.wordlist.txt
@@ -1,6 +1,9 @@
 addons
+api
 API
 APIs
+Auth
+auth
 balancer
 Charmhub
 CLI
@@ -38,10 +41,13 @@ reST
 reStructuredText
 RTD
 sdb
+ssl
+SSL
 subdirectories
 subfolders
 subtree
 UI
+url
 VM
 WAL
 YAML
diff --git a/docs/custom_conf.py b/docs/custom_conf.py
@@ -76,7 +76,7 @@
 
     # Change to the folder that contains the documentation
     # (usually "/" or "/docs/")
-    'github_folder': '/docs',
+    'github_folder': '/docs/',
 
     # Change to an empty value if your GitHub repo doesn't have issues enabled.
     # This will disable the feedback button and the issue link in the footer.

diff --git a/docs/explanation/taking-snapshots.rst b/docs/explanation/taking-snapshots.rst
@@ -0,0 +1,45 @@
+================================
+Taking Backups for your Workload
+================================
+
+The MicroCeph deployed Ceph cluster supports snapshot based backups
+for Block and File based workloads.
+
+This document is an index of upstream documentation available for snapshots
+along with some bridging commentary to help understand it better.
+
+RBD Snapshots:
+--------------
+
+Ceph supports creating point in time read-only logical copies. This allows
+an operator to create a checkpoint for their workload backup. The snapshots
+can be exported for external backup or kept in Ceph for rollback to older version.
+
+Pre-requisites
+++++++++++++++
+
+Refer to :doc:`How to mount MicroCeph Block Devices <../tutorial/mount-block-device>`
+for getting started with RBD.
+
+Once you have a the block device mounted and in use, you can jump to
+`Ceph RBD Snapshots`_
+
+CephFs Snapshots:
+-----------------
+
+Similar to RBD snapshots, CephFs snapshots are read-only logical copies of **any chosen sub-directory**
+of the corresponding filesystem.
+
+Pre-requisites
+++++++++++++++
+
+Refer to :doc:`How to mount MicroCeph CephFs shares <../tutorial/mount-cephfs-share>`
+for getting started with CephFs.
+
+Once you have a the filesystem mounted and in use, you can jump to
+`CephFs Snapshots`_
+
+.. LINKS
+
+.. _Ceph RBD Snapshots: https://docs.ceph.com/en/latest/rbd/rbd-snapshot/
+.. _CephFs Snapshots: https://docs.ceph.com/en/latest/dev/cephfs-snapshots/
diff --git a/docs/how-to/integrate-keystone.rst b/docs/how-to/integrate-keystone.rst
@@ -0,0 +1,108 @@
+==================================================
+Configure Openstack Keystone Auth in MicroCeph RGW
+==================================================
+
+Ceph Object Gateway (RGW) can be configured to use `Openstack Keystone`_ for
+providing user authentication service. A Keystone authorised user to the
+gateway will also be automatically created on the Ceph Object Gateway. A
+token that Keystone validates will be considered as valid by the gateway.
+
+MicroCeph supports setting the following Keystone config keys:
+
+.. list-table:: Supported Config Keys
+   :widths: 30 70
+   :header-rows: 1
+
+   * - Key
+     - Description
+   * - rgw_s3_auth_use_keystone
+     - Whether to use keystone auth for the S3 endpoints.
+   * - rgw_keystone_url
+     - Keystone server address in {url:port} format
+   * - rgw_keystone_admin_token
+     - Keystone admin token (not recommended in production)
+   * - rgw_keystone_admin_token_path
+     - Path to Keystone admin token (recommended for production)
+   * - rgw_keystone_admin_user
+     - Keystone service tenant user name
+   * - rgw_keystone_admin_password
+     - Keystone service tenant user password
+   * - rgw_keystone_admin_password_path
+     - Path to Keystone service tenant user password file
+   * - rgw_keystone_admin_project
+     - Keystone admin project name
+   * - rgw_keystone_admin_domain
+     - Keystone admin domain name
+   * - rgw_keystone_service_token_enabled
+     - Whether to allow expired tokens with service token in requests
+   * - rgw_keystone_service_token_accepted_roles
+     - Specify user roles accepted as service roles
+   * - rgw_keystone_expired_token_cache_expiration
+     - Cache expiration period for an expired token allowed with a service token
+   * - rgw_keystone_api_version
+     - Keystone API version
+   * - rgw_keystone_accepted_roles
+     - Accepted user roles for Keystone users
+   * - rgw_keystone_accepted_admin_roles
+     - List of roles allowing user to gain admin privileges
+   * - rgw_keystone_token_cache_size
+     - The maximum number of entries in each Keystone token cache
+   * - rgw_keystone_verify_ssl
+     - Whether to verify SSL certificates while making token requests to Keystone
+   * - rgw_keystone_implicit_tenants
+     - Whether to create new users in their own tenants of the same name
+   * - rgw_swift_account_in_url
+     - Whether the Swift account is encoded in the URL path
+   * - rgw_swift_versioning_enabled
+     - Enables object versioning
+   * - rgw_swift_enforce_content_length
+     - Whether content length header is needed when listing containers
+   * - rgw_swift_custom_header
+     - Enable swift custom header
+
+A user can set/get/list/reset the above mentioned config keys as follows:
+
+1. Supported config keys can be configured using the 'set' command:
+
+  .. code-block:: shell
+
+    $ sudo microceph cluster config set rgw_swift_account_in_url true
+
+2. Config value for a particular key could be queried using the 'get' command:
+
+  .. code-block:: shell
+
+    $ sudo microceph cluster config get rgw_swift_account_in_url
+    +---+--------------------------+-------+
+    | # |           KEY            | VALUE |
+    +---+--------------------------+-------+
+    | 0 | rgw_swift_account_in_url | true  |
+    +---+--------------------------+-------+
+
+3. A list of all the configured keys can be fetched using the 'list' command:
+
+  .. code-block:: shell
+
+    $ sudo microceph cluster config list
+    +---+--------------------------+-------+
+    | # |           KEY            | VALUE |
+    +---+--------------------------+-------+
+    | 0 | rgw_swift_account_in_url | true  |
+    +---+--------------------------+-------+
+
+4. Resetting a config key (i.e. setting the key to its default value) can performed using the 'reset' command:
+
+  .. code-block:: shell
+
+   $ sudo microceph cluster config reset rgw_swift_account_in_url
+   $ sudo microceph cluster config list
+   +---+-----+-------+
+   | # | KEY | VALUE |
+   +---+-----+-------+
+
+For detailed documentation of what keys should be configured, visit `Ceph Docs`_
+
+.. LINKS
+
+.. _Openstack Keystone: https://docs.openstack.org/keystone/latest/getting-started/architecture.html#identity
+.. _Ceph Docs: https://docs.ceph.com/en/latest/radosgw/keystone/
diff --git a/docs/how-to/remove-disk.rst b/docs/how-to/remove-disk.rst
@@ -12,7 +12,7 @@ the removal of a cluster node (machine).
 
 The following resources provide extra context to the disk removal operation:
 
-* the :doc:`../../explanation/cluster-scaling` page
+* the :doc:`../explanation/cluster-scaling` page
 * the :doc:`disk <../reference/commands/disk>` command reference
 
 .. note::

diff --git a/docs/reference/commands/cluster.rst b/docs/reference/commands/cluster.rst
@@ -128,7 +128,8 @@ Flags:
 
 .. code-block:: none
 
-   --wait   Wait for required ceph services to restart post config reset.
+   --wait           Wait for required ceph services to restart post config reset.
+   --skip-restart   Don't perform the daemon restart for current config.
 
 
 ``config set``
@@ -147,7 +148,8 @@ Flags:
 
 .. code-block:: none
 
-   --wait   Wait for required ceph services to restart post config set.
+   --wait           Wait for required ceph services to restart post config set.
+   --skip-restart   Don't perform the daemon restart for current config.
 
 
 ``join``

diff --git a/docs/reference/commands/enable.rst b/docs/reference/commands/enable.rst
@@ -99,7 +99,7 @@ Usage:
 
 .. code-block:: none
 
-   microceph enable rgw [--port <port>] [--ssl-port <port>] [--ssl-certificate <certificate path>] [--ssl-private-key <private key path>] [--target <server>] [--wait <bool>] [flags]
+   microceph enable rgw [--port <port>] [--ssl-port <port>] [--ssl-certificate <certificate material>] [--ssl-private-key <private key material>] [--target <server>] [--wait <bool>] [flags]
 
 
 Flags:
@@ -108,7 +108,7 @@ Flags:
 
    --port int                Service non-SSL port (default: 80) (default 80)
    --ssl-port int            Service SSL port (default: 443) (default 443)
-   --ssl-certificate string  Path to SSL certificate
-   --ssl-private-key string  Path to SSL private key
+   --ssl-certificate string  base64 encoded SSL certificate
+   --ssl-private-key string  base64 encoded SSL private key
    --target string           Server hostname (default: this server)
    --wait                    Wait for rgw service to be up. (default true)
diff --git a/docs/tutorial/index.rst b/docs/tutorial/index.rst
@@ -8,6 +8,6 @@ require any deep understanding of Ceph.
 
 .. toctree::
    :maxdepth: 1
+   :glob:
 
-   single-node
-   multi-node
+   *