Add group policy configuration

Allow configuration of a zone group default sync policy. This is useful in scenarios where we want to have selective buckets sync. Valuable especially with the new `cloud-sync` relation. This is based on Ceph multisite sync policy: https://docs.ceph.com/en/latest/radosgw/multisite-sync-policy/ Additionally, three more Juju actions are added to selectively enable, disable, or reset buckets sync: * `enable-buckets-sync` * `disable-buckets-sync` * `reset-buckets-sync` These new actions are meant to be used in conjunction with a default zone group sync policy that allows syncing, but it's disabled by default. Change-Id: I4a8076192269aaeaca50668ebcebc0a52c6d2c84 func-test-pr: openstack-charmers/zaza-openstack-tests#1193 Signed-off-by: Ionut Balutoiu <[email protected]> (cherry picked from commit 4e608c1) Signed-off-by: Utkarsh Bhatt <[email protected]>
openstack · Sep 18, 2024 · 12a2ebf · 12a2ebf
1 parent f66e074
commit 12a2ebf
Show file tree

Hide file tree

Showing 21 changed files with 1,474 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -221,6 +221,9 @@ not deployed then see file `actions.yaml`.
 * `readwrite`
 * `resume`
 * `tidydefaults`
+* `enable-buckets-sync`
+* `disable-buckets-sync`
+* `reset-buckets-sync`
 
 # Documentation
 

diff --git a/actions.yaml b/actions.yaml
@@ -19,3 +19,29 @@ force-enable-multisite:
     zonegroup:
       type: string
       description: Existing Zonegroup to be reconfigured as the 'zonegroup' config value.
+enable-buckets-sync:
+  description: |
+    Enable buckets sync in the multi-site replication. This is meant to be
+    used only when the default zonegroup sync policy is not "enabled", but it is
+    "allowed".
+  params:
+    buckets:
+      type: string
+      description: Comma-separated list of buckets' names to enable syncing.
+disable-buckets-sync:
+  description: |
+    Forbid buckets sync in the multi-site replication. This is useful when you
+    want to disable syncing for some buckets, but you want to sync all the
+    other buckets.
+  params:
+    buckets:
+      type: string
+      description: Comma-separated list of buckets' names to disable syncing.
+reset-buckets-sync:
+  description: |
+    Reset buckets sync policy. After this is executed, the buckets will be
+    synced according to the default zone group sync policy.
+  params:
+    buckets:
+      type: string
+      description: Comma-separated list of buckets' names to reset sync policy.
diff --git a/actions/actions.py b/actions/actions.py
@@ -49,6 +49,8 @@
     service_restart,
 )
 
+DEFAULT_SYNC_POLICY_ID = 'default'
+
 
 def pause(args):
     """Pause the Ceilometer services.
@@ -227,6 +229,179 @@ def force_enable_multisite(args):
         action_fail(message + " : {}".format(cpe.output))
 
 
+def is_multisite_sync_policy_action_allowed():
+    """Check if the current Juju unit is allowed to run sync policy actions.
+
+    This method checks if the current Juju unit is allowed to execute
+    the Juju actions to configure Multisite sync policies:
+        * enable-buckets-sync
+        * disable-buckets-sync
+        * reset-buckets-sync
+    These Juju actions are allowed to run only on the leader unit of the
+    primary RGW zone.
+
+    :return: Whether the current Juju unit is allowed to run the Multisite
+        sync policy Juju actions.
+    :rtype: Boolean
+    """
+    if not is_leader():
+        action_fail("This action can only be executed on leader unit.")
+        return False
+
+    realm = config('realm')
+    zone = config('zone')
+    zonegroup = config('zonegroup')
+
+    if not all((realm, zonegroup, zone)):
+        action_fail("Missing required charm configurations realm({}), "
+                    "zonegroup({}) and zone({}).".format(
+                        realm, zonegroup, zone
+                    ))
+        return False
+
+    if not multisite.is_multisite_configured(zone=zone, zonegroup=zonegroup):
+        action_fail("Multisite is not configured")
+        return False
+
+    zonegroup_info = multisite.get_zonegroup_info(zonegroup)
+    if zonegroup_info is None:
+        action_fail("Failed to fetch zonegroup ({}) info".format(zonegroup))
+        return False
+
+    zone_info = multisite.get_zone_info(zone)
+    if zone_info is None:
+        action_fail("Failed to fetch zone ({}) info".format(zone))
+        return False
+
+    if zonegroup_info['master_zone'] != zone_info['id']:
+        action_fail('This action can only be executed on primary RGW '
+                    'application units.')
+        return False
+
+    return True
+
+
+def update_buckets_sync_policy(buckets, sync_policy_state):
+    """Update the sync policy state for all the given buckets.
+
+    This method gets a list of bucket names and a sync policy state to set
+    for all of them. The sync policy state can be one of the following:
+    "allowed", "enabled", or "forbidden". Validation for the sync policy
+    state is done in the "multisite.create_sync_group" module method.
+
+    The sync policy state is set by creating a bucket-level sync group with
+    the given state, followed by a sync group pipe that match all the source
+    and destination buckets. If the bucket already has a sync group, it is
+    updated with the new state.
+
+    :param buckets: List of bucket names.
+    :type buckets: list
+    :param sync_policy_state: The sync policy state to set for the buckets.
+    :type sync_policy_state: str
+    """
+    zone = config('zone')
+    zonegroup = config('zonegroup')
+    existing_buckets = multisite.list_buckets(zonegroup=zonegroup, zone=zone)
+    messages = []
+    for bucket in buckets:
+        if bucket in existing_buckets:
+            multisite.create_sync_group(
+                bucket=bucket,
+                group_id=DEFAULT_SYNC_POLICY_ID,
+                status=sync_policy_state)
+            multisite.create_sync_group_pipe(
+                bucket=bucket,
+                group_id=DEFAULT_SYNC_POLICY_ID,
+                pipe_id=DEFAULT_SYNC_POLICY_ID,
+                source_zones=['*'],
+                dest_zones=['*'])
+            message = 'Updated "{}" bucket sync policy to "{}"'.format(
+                bucket, sync_policy_state)
+        else:
+            message = ('Bucket "{}" does not exist in the zonegroup "{}" and '
+                       'zone "{}"'.format(bucket, zonegroup, zone))
+        log(message)
+        messages.append(message)
+    action_set(
+        values={
+            'message': '\n'.join(messages)
+        }
+    )
+
+
+def reset_buckets_sync_policy(buckets):
+    """Reset the sync policy state for all the given buckets.
+
+    For every bucket in the given list, this method resets the sync policy
+    state. This is done by removing the bucket-level sync group.
+
+    :param buckets: List of bucket names.
+    :type buckets: list
+    """
+    zone = config('zone')
+    zonegroup = config('zonegroup')
+    existing_buckets = multisite.list_buckets(zonegroup=zonegroup, zone=zone)
+    messages = []
+    for bucket in buckets:
+        if bucket in existing_buckets:
+            multisite.remove_sync_group(
+                bucket=bucket,
+                group_id=DEFAULT_SYNC_POLICY_ID)
+            message = 'Reset "{}" bucket sync policy'.format(bucket)
+        else:
+            message = ('Bucket "{}" does not exist in the zonegroup "{}" and '
+                       'zone "{}"'.format(bucket, zonegroup, zone))
+        log(message)
+        messages.append(message)
+    action_set(
+        values={
+            'message': '\n'.join(messages)
+        }
+    )
+
+
+def enable_buckets_sync(args):
+    """Enable sync for the given buckets"""
+    if not is_multisite_sync_policy_action_allowed():
+        return
+    try:
+        update_buckets_sync_policy(
+            buckets=action_get('buckets').split(','),
+            sync_policy_state=multisite.SYNC_POLICY_ENABLED,
+        )
+    except subprocess.CalledProcessError as cpe:
+        message = "Failed to enable sync for the given buckets"
+        log(message, level=ERROR)
+        action_fail(message + " : {}".format(cpe.output))
+
+
+def disable_buckets_sync(args):
+    """Disable sync for the given buckets"""
+    if not is_multisite_sync_policy_action_allowed():
+        return
+    try:
+        update_buckets_sync_policy(
+            buckets=action_get('buckets').split(','),
+            sync_policy_state=multisite.SYNC_POLICY_FORBIDDEN,
+        )
+    except subprocess.CalledProcessError as cpe:
+        message = "Failed to disable sync for the given buckets"
+        log(message, level=ERROR)
+        action_fail(message + " : {}".format(cpe.output))
+
+
+def reset_buckets_sync(args):
+    """Reset sync policy for the given buckets"""
+    if not is_multisite_sync_policy_action_allowed():
+        return
+    try:
+        reset_buckets_sync_policy(buckets=action_get('buckets').split(','))
+    except subprocess.CalledProcessError as cpe:
+        message = "Failed to reset sync for the given buckets"
+        log(message, level=ERROR)
+        action_fail(message + " : {}".format(cpe.output))
+
+
 # A dictionary of all the defined actions to callables (which take
 # parsed arguments).
 ACTIONS = {
@@ -237,6 +412,9 @@ def force_enable_multisite(args):
     "readwrite": readwrite,
     "tidydefaults": tidydefaults,
     "force-enable-multisite": force_enable_multisite,
+    "enable-buckets-sync": enable_buckets_sync,
+    "disable-buckets-sync": disable_buckets_sync,
+    "reset-buckets-sync": reset_buckets_sync,
 }
 
 

diff --git a/actions/disable-buckets-sync b/actions/disable-buckets-sync
@@ -0,0 +1 @@
+actions.py
diff --git a/actions/enable-buckets-sync b/actions/enable-buckets-sync
@@ -0,0 +1 @@
+actions.py
diff --git a/actions/reset-buckets-sync b/actions/reset-buckets-sync
@@ -0,0 +1 @@
+actions.py
diff --git a/config.yaml b/config.yaml
@@ -429,6 +429,34 @@ options:
     description: |
       Name of RADOS Gateway Zone to create for multi-site replication. This
       option must be specific to the local site e.g. us-west or us-east.
+  sync-policy-state:
+    type: string
+    default: enabled
+    description: |
+      This setting is used by the primary ceph-radosgw in multi-site
+      replication.
+
+      By default, all the buckets are synced from a primary RGW zone to the
+      secondary zone. This config option allows us to have selective buckets
+      sync. If this is set, it will be used as the default policy state for
+      all the buckets in the zonegroup.
+
+      Valid values are:
+        * enabled - sync is allowed and enabled
+        * allowed - sync is allowed
+        * forbidden - sync is not allowed
+  sync-policy-flow-type:
+    type: string
+    default: symmetrical
+    description: |
+      This setting is used by the secondary ceph-radosgw in multi-site
+      replication, and it's effective only when 'sync-policy-state' config is
+      set on the primary ceph-radosgw.
+
+      Valid values are:
+        * directional - data is only synced in one direction, from primary to
+          secondary.
+        * symmetrical - data is synced in both directions.
   namespace-tenants:
     type: boolean
     default: False