ceph-ansible/roles/ceph-dashboard/tasks/configure_dashboard.yml

208 lines
7.9 KiB
YAML
Raw Normal View History

---
- name: set_fact container_exec_cmd
set_fact:
container_exec_cmd: "{{ container_binary }} exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_hostname'] }}"
when: containerized_deployment | bool
- name: disable SSL for dashboard
command: "{{ container_exec_cmd }} ceph config set mgr mgr/dashboard/ssl false"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_protocol == "http"
- name: enable SSL for dashboard
command: "{{ container_exec_cmd }} ceph config set mgr mgr/dashboard/ssl true"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_protocol == "https"
- name: copy dashboard SSL certificate file
copy:
src: "{{ dashboard_crt }}"
dest: "/etc/ceph/ceph-dashboard.crt"
owner: root
group: root
mode: 0440
when:
- dashboard_crt | bool
- dashboard_protocol == "https"
- name: copy dashboard SSL certificate key
copy:
src: "{{ dashboard_key }}"
dest: "/etc/ceph/ceph-dashboard.key"
owner: root
group: root
mode: 0440
when:
- dashboard_key | bool
- dashboard_protocol == "https"
- name: generate a Self Signed OpenSSL certificate for dashboard
shell: |
test -f /etc/ceph/ceph-dashboard.key -a -f /etc/ceph/ceph-dashboard.crt || \
openssl req -new -nodes -x509 -subj '/O=IT/CN=ceph-dashboard' -days 3650 -keyout /etc/ceph/ceph-dashboard.key -out /etc/ceph/ceph-dashboard.crt -extensions v3_ca
when:
- dashboard_protocol == "https"
- not dashboard_key | bool or not dashboard_crt | bool
- name: import dashboard certificate file
command: "{{ container_exec_cmd }} ceph config-key set mgr/dashboard/crt -i /etc/ceph/ceph-dashboard.crt"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_protocol == "https"
- name: import dashboard certificate key
command: "{{ container_exec_cmd }} ceph config-key set mgr/dashboard/key -i /etc/ceph/ceph-dashboard.key"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_protocol == "https"
- name: "set the dashboard port ({{ dashboard_port }})"
command: "{{ container_exec_cmd }} ceph config set mgr mgr/dashboard/server_port {{ dashboard_port }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: "set the dashboard SSL port ({{ dashboard_port }})"
command: "{{ container_exec_cmd }} ceph config set mgr mgr/dashboard/ssl_server_port {{ dashboard_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0
- name: disable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph mgr module disable dashboard"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: enable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph mgr module enable dashboard"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set or update dashboard admin username and password
shell: |
if {{ container_exec_cmd }} ceph dashboard ac-user-show {{ dashboard_admin_user }}; then
{{ container_exec_cmd }} ceph dashboard ac-user-set-password {{ dashboard_admin_user }} {{ dashboard_admin_password }}
else
{{ container_exec_cmd }} ceph dashboard ac-user-create {{ dashboard_admin_user }} {{ dashboard_admin_password }} administrator
fi
retries: 6
delay: 5
register: ac_result
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
until: ac_result.rc == 0
- name: set grafana url
command: "{{ container_exec_cmd }} ceph dashboard set-grafana-api-url {{ dashboard_protocol }}://{{ grafana_server_addr }}:{{ grafana_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set alertmanager host
command: "{{ container_exec_cmd }} ceph dashboard set-alertmanager-api-host {{ dashboard_protocol }}://{{ grafana_server_addr }}:{{ alertmanager_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set prometheus host
command: "{{ container_exec_cmd }} ceph dashboard set-prometheus-api-host {{ dashboard_protocol }}://{{ grafana_server_addr }}:{{ prometheus_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: dashboard object gateway management frontend
when: groups.get(rgw_group_name, []) | length > 0
block:
- name: create radosgw system user
dashboard: fix timeout usage on rgw user creation command For some reason, this is making the playbook failing like following: ``` TASK [ceph-dashboard : create radosgw system user] ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************ task path: /home/guits/ceph-ansible/roles/ceph-dashboard/tasks/configure_dashboard.yml:106 Tuesday 30 July 2019 10:04:54 +0200 (0:00:01.910) 0:11:22.319 ********** FAILED - RETRYING: create radosgw system user (3 retries left). FAILED - RETRYING: create radosgw system user (2 retries left). FAILED - RETRYING: create radosgw system user (1 retries left). fatal: [mgr0 -> mon0]: FAILED! => changed=true attempts: 3 cmd: timeout 20 podman exec ceph-mon-mon0 radosgw-admin user create --uid=ceph-dashboard --display-name='Ceph dashboard' --system delta: '0:00:20.021973' end: '2019-07-30 08:06:32.656066' msg: non-zero return code rc: 124 start: '2019-07-30 08:06:12.634093' stderr: 'exec failed: container_linux.go:336: starting container process caused "process_linux.go:82: copying bootstrap data to pipe caused \"write init-p: broken pipe\""' stderr_lines: <omitted> stdout: '' stdout_lines: <omitted> ``` using `timeout -f -s KILL` fixes this issue. Also, there is no need to use `shell` module here, let's switch to `command`. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit c9d80af4e0368a8e451223123184d4214afd75cb)
2019-07-30 16:16:23 +08:00
command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin user create --uid={{ dashboard_rgw_api_user_id }} --display-name='Ceph dashboard' --system"
register: rgw_user_output
until: rgw_user_output.rc == 0
retries: 3
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: get the rgw access and secret keys
set_fact:
rgw_access_key: "{{ (rgw_user_output.stdout | from_json)['keys'][0]['access_key'] }}"
rgw_secret_key: "{{ (rgw_user_output.stdout | from_json)['keys'][0]['secret_key'] }}"
- name: set the rgw user
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-user-id {{ dashboard_rgw_api_user_id }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set the rgw access key
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-access-key {{ rgw_access_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set the rgw secret key
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-secret-key {{ rgw_secret_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set the rgw host
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-host {{ dashboard_rgw_api_host }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_rgw_api_host != ''
- name: set the rgw port
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-port {{ dashboard_rgw_api_port }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_rgw_api_port != ''
- name: set the rgw scheme
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-scheme {{ dashboard_rgw_api_scheme }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_rgw_api_scheme != ''
- name: set the rgw admin resource
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-admin-resource {{ dashboard_rgw_api_admin_resource }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_rgw_api_admin_resource != ''
- name: disable ssl verification for rgw
command: "{{ container_exec_cmd }} ceph dashboard set-rgw-api-ssl-verify False"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when: dashboard_rgw_api_no_ssl_verify | bool
- name: disable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph mgr module disable dashboard"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: enable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph mgr module enable dashboard"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: inject grafana dashboard layouts
command: "{{ container_exec_cmd }} ceph dashboard grafana dashboards update"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
when: containerized_deployment | bool