Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ sb test --list # List available tests
sb rebuild <service> # Rebuild service after code changes
sb db-init <service> # Initialize database (keystone, all)
sb tempest-init # Regenerate Tempest configuration
sb setup cinder # One-time setup for Cinder volume (requires sudo)
sb setup status # Check prerequisites status
sb status # Show environment status
sb logs <service> # View service logs
sb down # Stop and remove environment
Expand Down Expand Up @@ -142,10 +144,33 @@ sb db-init keystone
- Run `sb db-init keystone` to register Ironic service
- Check `podman ps` - ensure `stackbox-keystone` is healthy

## Optional Setup

### Cinder Volume Service

Some services require one-time host setup:

```bash
# Setup Cinder volume (requires sudo, one-time)
sb setup cinder
```

**What this does:**
- Creates loop device for LVM testing
- Same pattern as Kolla-Ansible (production OpenStack)
- Only needed if deploying `cinder-volume`

**Skip it if:**
- You only need Cinder API/scheduler
- Your manifest doesn't include `cinder-volume`

See [docs/cinder-setup.md](docs/cinder-setup.md) for details.

## Requirements
- Python 3.10+
- Docker or Podman
- 8GB RAM, 20GB disk
- Optional: `lvm2` for Cinder volume (install on demand)

## License
Licensed under Apache 2.0. See [LICENSE](LICENSE).
Expand Down
244 changes: 244 additions & 0 deletions docs/cinder-setup.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
# Cinder Volume Setup Guide

StackBox follows the same pattern as **Kolla-Ansible** (production OpenStack) for Cinder volume setup.

## Quick Start

```bash
sb setup cinder
```

That's it! You'll be prompted for your sudo password once.

## What This Does

Creates a loop device-backed LVM volume group for Cinder volume service:

- Creates 20GB file at `/var/tmp/cinder-volumes-backing-file`
- Attaches it as a loop device (e.g., /dev/loop0)
- Creates LVM volume group `cinder-volumes`

**This is a ONE-TIME setup per machine.**

## Why Is This Needed?

Some OpenStack services require host-level configuration that can't be done from containers:

- **Loop devices** require kernel-level privileges
- **LVM operations** need access to `/dev`
- **Containers can't modify** host kernel state

This is **not a StackBox limitation** - even production tools like Kolla-Ansible require the same manual host setup.

## Commands

### Check Status

```bash
# Check all prerequisites
sb setup status

# Check Cinder only
sb setup cinder --check-only
```

### Run Setup

```bash
# Default (20GB)
sb setup cinder

# Custom size
sb setup cinder --size 50G
```

### Verify

```bash
# Check volume group
vgs cinder-volumes

# Check loop device
losetup -l | grep cinder
```

## Persistence

### After Reboot

Loop devices **don't persist** across reboots by default.

**Option A: Re-run setup (simple)**

```bash
sudo sb setup cinder
```

The script detects existing setup and recreates if needed.

**Option B: Systemd service (permanent)**

```bash
# Create systemd service
sudo tee /etc/systemd/system/cinder-loop.service <<EOF
[Unit]
Description=Cinder Loop Device Setup
After=local-fs.target

[Service]
Type=oneshot
ExecStart=$(which sb) setup cinder --size 20G
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

# Enable and start
sudo systemctl enable --now cinder-loop.service
```

## Troubleshooting

### "loop device: Permission denied"

Run with sudo:
```bash
sudo sb setup cinder
```

### "Volume group already exists"

Already set up! Verify:
```bash
vgs cinder-volumes
```

### "Not enough space"

Default requires 20GB free in `/var/tmp`. Options:

1. Free up space
2. Use smaller size: `sb setup cinder --size 10G`
3. Edit script to use different location

### SELinux Errors

Temporary:
```bash
sudo setenforce 0
sb setup cinder
sudo setenforce 1
```

Permanent: Add SELinux policy (advanced).

## Alternatives

### Skip Cinder Volume

If you don't need volume operations, skip it:

```yaml
# manifest.yaml
services:
- cinder-api # ✅ Keep - API testing works
- cinder-scheduler # ✅ Keep - Scheduler testing works
# - cinder-volume # ❌ Remove - Skip volume testing
```

**What still works:**
- Cinder API testing
- Volume type management
- Quota operations
- Scheduler logic

**What won't work:**
- Creating actual volumes
- Attaching volumes to instances
- Snapshots/backups

### Use External Cinder

Point to existing Cinder deployment (advanced, not documented yet).

## Architecture

### Host Setup

```
┌─────────────────────────────────────────────────────────┐
│ Host System │
│ │
│ /var/tmp/cinder-volumes-backing-file (20GB) │
│ │ │
│ ▼ │
│ /dev/loop0 (loop device) │
│ │ │
│ ▼ │
│ cinder-volumes (LVM volume group) ← Created once │
│ │
└─────────────────────────────────────────────────────────┘
```

### Container Usage

```
┌─────────────────────────────────────────────────────────┐
│ Container: stackbox-cinder-volume │
│ │
│ Mounts: │
│ - /dev:/dev ← Sees host's loop device │
│ │
│ Operations: │
│ lvcreate -L 1G -n vol1 cinder-volumes │
│ ↓ │
│ Uses existing VG (no privileges needed!) │
│ │
└─────────────────────────────────────────────────────────┘
```

## Comparison: Kolla-Ansible

| Aspect | Kolla-Ansible | StackBox |
|--------|---------------|----------|
| **Loop device setup** | Manual | `sb setup cinder` |
| **Automation** | None | Scripted + detected |
| **Documentation** | "Do it yourself" | This guide |
| **Error handling** | Silent failure | Helpful messages |
| **Prerequisites check** | No | Yes |

StackBox **improves** on Kolla-Ansible's approach!

## References

- [Kolla-Ansible Cinder Guide](https://docs.openstack.org/kolla-ansible/latest/reference/storage/cinder-guide.html) - Official production deployment docs
- [DevStack LVM Backend](https://github.com/openstack/devstack/blob/master/lib/cinder_backends/lvm) - CI testing approach

## FAQ

**Q: Why can't this be fully automated?**
A: Loop device creation requires kernel privileges that containers can't get. This is a fundamental Linux security boundary.

**Q: Is this safe?**
A: Yes! This is the standard approach used by:
- Kolla-Ansible (production OpenStack)
- DevStack (CI testing)
- All containerized OpenStack deployments

**Q: Does this persist across StackBox deployments?**
A: Yes! Once set up, all future deployments use the same VG.

**Q: Do I need to re-run for different OpenStack releases?**
A: No! Same VG works for all releases (Rocky, Wallaby, Master, etc.).

**Q: What if I want to use real hardware?**
A: For production, use real disks:

```bash
# Instead of loop device
sudo pvcreate /dev/sdb
sudo vgcreate cinder-volumes /dev/sdb
```

Then deploy normally - StackBox will use the real VG.
5 changes: 5 additions & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,8 @@ ignore = [
"cli/*.py" = ["T201"]
# Allow uppercase property names in service constants (they are constants)
"stackbox/config/service_constants.py" = ["N802"]
# Allow uppercase constant C in CLI commands (convention for constants object)
"stackbox/cli/zuul_commands.py" = ["N806"]
# WSGI wrappers need imports after config loading
"stackbox/templates/*/wsgi-wrapper.py" = ["E402"]
# Test files can use simpler patterns
Expand Down Expand Up @@ -285,6 +287,9 @@ module = [
"stackbox.orchestrator.service_registry",
"stackbox.orchestrator.compose_generator",
"stackbox.cli.zuul_commands",
"stackbox.cli.commands.*",
"stackbox.cli.setup_commands",
"stackbox.validation.*",
]
warn_return_any = false
disallow_untyped_defs = false
Expand Down
Loading
Loading