ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/roles/ceph-mon/tasks/ceph_keys.yml

81 lines
3.2 KiB
YAML
Raw Normal View History

Refactor keys creation and fetching We isolated the key operations into a file and modified the fetch function to collect all the new keys. In the mean time fixed the pool creation since the command is not indempotent. Renamed the rgw key to work with the key collection. Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
2015-01-30 23:16:18 +08:00
---
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
- name: waiting for the monitor(s) to form the quorum...
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
command: >
{{ docker_exec_cmd }}
ceph
--cluster {{ cluster }}
-n mon.
-k /var/lib/ceph/mon/{{ cluster }}-{{ ansible_hostname }}/keyring
mon_status
--format json
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
register: ceph_health_raw
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
run_once: true
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
until: >
fix json data type Json is a type structure which is always typed as a string, where before this we were declaring a dict, which is not a json valid structure. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-12-04 16:59:47 +08:00
(ceph_health_raw.stdout | default('{}') | from_json)['state'] in ['leader', 'peon']
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
retries: "{{ handler_health_mon_check_retries }}"
delay: "{{ handler_health_mon_check_delay }}"
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
- name: fetch ceph initial keys
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
ceph_key:
state: fetch_initial_keys
cluster: "{{ cluster }}"
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "0400"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
when:
mon/ceph_keys: Add timeout flag to ceph-create-keys Specify the timeout flag to ceph-create-keys, which causes it to time out if a monitor quorum isn't achieved. This overrides the default timeout of 10 minutes, causing ceph-ansible to fail faster in the event of cluster network issues. Signed-off-by: Douglas Fuller <dfuller@redhat.com>
2017-07-01 02:04:51 +08:00
- cephx
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
- block:
- name: create ceph mgr keyring(s)
ceph_key:
name: "mgr.{{ hostvars[item]['ansible_hostname'] }}"
state: present
caps:
mon: allow profile mgr
osd: allow *
mds: allow *
cluster: "{{ cluster }}"
secret: "{{ (mgr_secret != 'mgr_secret') | ternary(mgr_secret, omit) }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "0400"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
with_items:
- "{{ groups.get(mgr_group_name, []) }}" # this honors the condition where mgrs run on separate machines
- "{{ groups.get(mon_group_name, []) }}" # this honors the new rule where mgrs are always collocated with mons
delegate key creation to first mon Otherwise keys get scattered over the mons and the mgr key is not copied properly. With ansible_inventory: [mdss] mds-000 ansible_ssh_host=192.168.129.110 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' [clients] client-000 ansible_ssh_host=192.168.143.94 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' [mgrs] mgr-000 ansible_ssh_host=192.168.222.195 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' [mons] mon-000 ansible_ssh_host=192.168.139.173 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' monitor_address=192.168.139.173 mon-002 ansible_ssh_host=192.168.212.114 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' monitor_address=192.168.212.114 mon-001 ansible_ssh_host=192.168.167.177 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' monitor_address=192.168.167.177 [osds] osd-001 ansible_ssh_host=192.168.178.128 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' osd-000 ansible_ssh_host=192.168.138.233 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' osd-002 ansible_ssh_host=192.168.197.23 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' We get this failure: TASK [ceph-mon : include_tasks ceph_keys.yml] ********************************************************************************************************************************************************************** included: /root/ceph-ansible/roles/ceph-mon/tasks/ceph_keys.yml for mon-000, mon-002, mon-001 TASK [ceph-mon : waiting for the monitor(s) to form the quorum...] ************************************************************************************************************************************************* changed: [mon-000] => { "attempts": 1, "changed": true, "cmd": [ "ceph", "--cluster", "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li1166-30/keyring", "mon_status", "--format", "json" ], "delta": "0:00:01.897397", "end": "2019-02-14 17:08:09.340534", "rc": 0, "start": "2019-02-14 17:08:07.443137" } STDOUT: {"name":"li1166-30","rank":0,"state":"leader","election_epoch":4,"quorum":[0,1,2],"quorum_age":0,"features":{"required_con":"2449958747315912708","required_mon":["kraken","luminous","mimic","osdmap-prune","nautilus"],"quorum_con":"4611087854031667199","quorum_mon":["kraken","luminous","mimic","osdmap-prune","nautilus"]},"outside_quorum":[],"extra_probe_peers":[{"addrvec":[{"type":"v2","addr":"192.168.167.177:3300","nonce":0},{"type":"v1","addr":"192.168.167.177:6789","nonce":0}]},{"addrvec":[{"type":"v2","addr":"192.168.212.114:3300","nonce":0},{"type":"v1","addr":"192.168.212.114:6789","nonce":0}]}],"sync_provider":[],"monmap":{"epoch":1,"fsid":"bb401e2a-c524-428e-bba9-8977bc96f04b","modified":"2019-02-14 17:08:05.012133","created":"2019-02-14 17:08:05.012133","features":{"persistent":["kraken","luminous","mimic","osdmap-prune","nautilus"],"optional":[]},"mons":[{"rank":0,"name":"li1166-30","public_addrs":{"addrvec":[{"type":"v2","addr":"192.168.139.173:3300","nonce":0},{"type":"v1","addr":"192.168.139.173:6789","nonce":0}]},"addr":"192.168.139.173:6789/0","public_addr":"192.168.139.173:6789/0"},{"rank":1,"name":"li985-128","public_addrs":{"addrvec":[{"type":"v2","addr":"192.168.167.177:3300","nonce":0},{"type":"v1","addr":"192.168.167.177:6789","nonce":0}]},"addr":"192.168.167.177:6789/0","public_addr":"192.168.167.177:6789/0"},{"rank":2,"name":"li895-17","public_addrs":{"addrvec":[{"type":"v2","addr":"192.168.212.114:3300","nonce":0},{"type":"v1","addr":"192.168.212.114:6789","nonce":0}]},"addr":"192.168.212.114:6789/0","public_addr":"192.168.212.114:6789/0"}]},"feature_map":{"mon":[{"features":"0x3ffddff8ffacffff","release":"luminous","num":1}],"client":[{"features":"0x3ffddff8ffacffff","release":"luminous","num":1}]}} TASK [ceph-mon : fetch ceph initial keys] ************************************************************************************************************************************************************************** changed: [mon-001] => { "changed": true, "cmd": [ "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li985-128/keyring", "--cluster", "ceph", "auth", "get", "client.bootstrap-rgw", "-f", "plain", "-o", "/var/lib/ceph/bootstrap-rgw/ceph.keyring" ], "delta": "0:00:03.179584", "end": "2019-02-14 17:08:14.305348", "rc": 0, "start": "2019-02-14 17:08:11.125764" } STDERR: exported keyring for client.bootstrap-rgw changed: [mon-002] => { "changed": true, "cmd": [ "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li895-17/keyring", "--cluster", "ceph", "auth", "get", "client.bootstrap-rgw", "-f", "plain", "-o", "/var/lib/ceph/bootstrap-rgw/ceph.keyring" ], "delta": "0:00:03.706169", "end": "2019-02-14 17:08:14.041698", "rc": 0, "start": "2019-02-14 17:08:10.335529" } STDERR: exported keyring for client.bootstrap-rgw changed: [mon-000] => { "changed": true, "cmd": [ "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li1166-30/keyring", "--cluster", "ceph", "auth", "get", "client.bootstrap-rgw", "-f", "plain", "-o", "/var/lib/ceph/bootstrap-rgw/ceph.keyring" ], "delta": "0:00:03.916467", "end": "2019-02-14 17:08:13.803999", "rc": 0, "start": "2019-02-14 17:08:09.887532" } STDERR: exported keyring for client.bootstrap-rgw TASK [ceph-mon : create ceph mgr keyring(s)] *********************************************************************************************************************************************************************** skipping: [mon-000] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=mon-000) => { "changed": false, "item": "mon-000", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=mon-002) => { "changed": false, "item": "mon-002", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=mon-001) => { "changed": false, "item": "mon-001", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mon-000) => { "changed": false, "item": "mon-000", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mon-002) => { "changed": false, "item": "mon-002", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mon-001) => { "changed": false, "item": "mon-001", "skip_reason": "Conditional result was False" } changed: [mon-001] => (item=mgr-000) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li547-145.keyring" ], "delta": "0:00:05.822460", "end": "2019-02-14 17:08:21.422810", "item": "mgr-000", "rc": 0, "start": "2019-02-14 17:08:15.600350" } STDERR: imported keyring changed: [mon-001] => (item=mon-000) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li1166-30.keyring" ], "delta": "0:00:05.814039", "end": "2019-02-14 17:08:27.663745", "item": "mon-000", "rc": 0, "start": "2019-02-14 17:08:21.849706" } STDERR: imported keyring changed: [mon-001] => (item=mon-002) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li895-17.keyring" ], "delta": "0:00:05.787291", "end": "2019-02-14 17:08:33.921243", "item": "mon-002", "rc": 0, "start": "2019-02-14 17:08:28.133952" } STDERR: imported keyring changed: [mon-001] => (item=mon-001) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li985-128.keyring" ], "delta": "0:00:05.782064", "end": "2019-02-14 17:08:40.138706", "item": "mon-001", "rc": 0, "start": "2019-02-14 17:08:34.356642" } STDERR: imported keyring TASK [ceph-mon : copy ceph mgr key(s) to the ansible server] ******************************************************************************************************************************************************* skipping: [mon-000] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } changed: [mon-001] => (item=mgr-000) => { "changed": true, "checksum": "aa0fa40225c9e09d67fe7700ce9d033f91d46474", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/etc/ceph/ceph.mgr.li547-145.keyring", "item": "mgr-000", "md5sum": "cd884fb9ddc9b8b4e3cd1ad6a98fb531", "remote_checksum": "aa0fa40225c9e09d67fe7700ce9d033f91d46474", "remote_md5sum": null } TASK [ceph-mon : copy keys to the ansible server] ****************************************************************************************************************************************************************** skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-osd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-osd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-rgw/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rgw/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-mds/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-mds/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-rbd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-osd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-osd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/etc/ceph/ceph.client.admin.keyring) => { "changed": false, "item": "/etc/ceph/ceph.client.admin.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-rgw/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rgw/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-mds/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-mds/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-rbd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/etc/ceph/ceph.client.admin.keyring) => { "changed": false, "item": "/etc/ceph/ceph.client.admin.keyring", "skip_reason": "Conditional result was False" } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-osd/ceph.keyring) => { "changed": true, "checksum": "095c7868a080b4c53494335d3a2223abbad12605", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-osd/ceph.keyring", "item": "/var/lib/ceph/bootstrap-osd/ceph.keyring", "md5sum": "d8f4c4fa564aade81b844e3d92c7cac6", "remote_checksum": "095c7868a080b4c53494335d3a2223abbad12605", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-rgw/ceph.keyring) => { "changed": true, "checksum": "ce7a2d4441626f22e995b37d5131b9e768f18494", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-rgw/ceph.keyring", "item": "/var/lib/ceph/bootstrap-rgw/ceph.keyring", "md5sum": "271e4f90c5853c74264b6b749650c3f2", "remote_checksum": "ce7a2d4441626f22e995b37d5131b9e768f18494", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-mds/ceph.keyring) => { "changed": true, "checksum": "e35e8613076382dd3c9d89b5bc2090e37871aab7", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-mds/ceph.keyring", "item": "/var/lib/ceph/bootstrap-mds/ceph.keyring", "md5sum": "ed7c32277914c8e34ad5c532d8293dd2", "remote_checksum": "e35e8613076382dd3c9d89b5bc2090e37871aab7", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-rbd/ceph.keyring) => { "changed": true, "checksum": "ac43101ad249f6b6bb07ceb3287a3693aeae7f6c", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-rbd/ceph.keyring", "item": "/var/lib/ceph/bootstrap-rbd/ceph.keyring", "md5sum": "1460e3c9532b0b7b3a5cb329d77342cd", "remote_checksum": "ac43101ad249f6b6bb07ceb3287a3693aeae7f6c", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring) => { "changed": true, "checksum": "01d74751810f5da621937b10c83d47fc7f1865c5", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "item": "/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "md5sum": "979987f10fd7da5cff67e665f54bfe4d", "remote_checksum": "01d74751810f5da621937b10c83d47fc7f1865c5", "remote_md5sum": null } changed: [mon-001] => (item=/etc/ceph/ceph.client.admin.keyring) => { "changed": true, "checksum": "482f702cf861b41021d76de655ecf996fe9a4a4a", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/etc/ceph/ceph.client.admin.keyring", "item": "/etc/ceph/ceph.client.admin.keyring", "md5sum": "7581c187044fd4e0f7a5440244a6b306", "remote_checksum": "482f702cf861b41021d76de655ecf996fe9a4a4a", "remote_md5sum": null } TASK [ceph-mon : include secure_cluster.yml] *********************************************************************************************************************************************************************** skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mon : crush_rules.yml] ********************************************************************************************************************************************************************************** skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-002] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-001] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mgr : set_fact docker_exec_cmd] ************************************************************************************************************************************************************************* skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-002] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-001] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mgr : include common.yml] ******************************************************************************************************************************************************************************* included: /root/ceph-ansible/roles/ceph-mgr/tasks/common.yml for mon-000, mon-002, mon-001 TASK [ceph-mgr : create mgr directory] ***************************************************************************************************************************************************************************** changed: [mon-000] => { "changed": true, "gid": 167, "group": "ceph", "mode": "0755", "owner": "ceph", "path": "/var/lib/ceph/mgr/ceph-li1166-30", "secontext": "unconfined_u:object_r:ceph_var_lib_t:s0", "size": 4096, "state": "directory", "uid": 167 } changed: [mon-002] => { "changed": true, "gid": 167, "group": "ceph", "mode": "0755", "owner": "ceph", "path": "/var/lib/ceph/mgr/ceph-li895-17", "secontext": "unconfined_u:object_r:ceph_var_lib_t:s0", "size": 4096, "state": "directory", "uid": 167 } changed: [mon-001] => { "changed": true, "gid": 167, "group": "ceph", "mode": "0755", "owner": "ceph", "path": "/var/lib/ceph/mgr/ceph-li985-128", "secontext": "unconfined_u:object_r:ceph_var_lib_t:s0", "size": 4096, "state": "directory", "uid": 167 } TASK [ceph-mgr : fetch ceph mgr keyring] *************************************************************************************************************************************************************************** skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-002] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-001] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mgr : copy ceph keyring(s) if needed] ******************************************************************************************************************************************************************* An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [mon-002] (item={'name': '/etc/ceph/ceph.mgr.li895-17.keyring', 'dest': '/var/lib/ceph/mgr/ceph-li895-17/keyring', 'copy_key': True}) => { "changed": false, "item": { "copy_key": true, "dest": "/var/lib/ceph/mgr/ceph-li895-17/keyring", "name": "/etc/ceph/ceph.mgr.li895-17.keyring" } } MSG: Could not find or access 'fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring' Searched in: /root/ceph-ansible/roles/ceph-mgr/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/roles/ceph-mgr/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option skipping: [mon-002] => (item={'name': '/etc/ceph/ceph.client.admin.keyring', 'dest': '/etc/ceph/ceph.client.admin.keyring', 'copy_key': False}) => { "changed": false, "item": { "copy_key": false, "dest": "/etc/ceph/ceph.client.admin.keyring", "name": "/etc/ceph/ceph.client.admin.keyring" }, "skip_reason": "Conditional result was False" } An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [mon-001] (item={'name': '/etc/ceph/ceph.mgr.li985-128.keyring', 'dest': '/var/lib/ceph/mgr/ceph-li985-128/keyring', 'copy_key': True}) => { "changed": false, "item": { "copy_key": true, "dest": "/var/lib/ceph/mgr/ceph-li985-128/keyring", "name": "/etc/ceph/ceph.mgr.li985-128.keyring" } } MSG: Could not find or access 'fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring' Searched in: /root/ceph-ansible/roles/ceph-mgr/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/roles/ceph-mgr/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option skipping: [mon-001] => (item={'name': '/etc/ceph/ceph.client.admin.keyring', 'dest': '/etc/ceph/ceph.client.admin.keyring', 'copy_key': False}) => { "changed": false, "item": { "copy_key": false, "dest": "/etc/ceph/ceph.client.admin.keyring", "name": "/etc/ceph/ceph.client.admin.keyring" }, "skip_reason": "Conditional result was False" } An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [mon-000] (item={'name': '/etc/ceph/ceph.mgr.li1166-30.keyring', 'dest': '/var/lib/ceph/mgr/ceph-li1166-30/keyring', 'copy_key': True}) => { "changed": false, "item": { "copy_key": true, "dest": "/var/lib/ceph/mgr/ceph-li1166-30/keyring", "name": "/etc/ceph/ceph.mgr.li1166-30.keyring" } } MSG: Could not find or access 'fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring' Searched in: /root/ceph-ansible/roles/ceph-mgr/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/roles/ceph-mgr/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option skipping: [mon-000] => (item={'name': '/etc/ceph/ceph.client.admin.keyring', 'dest': '/etc/ceph/ceph.client.admin.keyring', 'copy_key': False}) => { "changed": false, "item": { "copy_key": false, "dest": "/etc/ceph/ceph.client.admin.keyring", "name": "/etc/ceph/ceph.client.admin.keyring" }, "skip_reason": "Conditional result was False" } NO MORE HOSTS LEFT ************************************************************************************************************************************************************************************************* to retry, use: --limit @/root/ceph-linode/linode.retry PLAY RECAP ********************************************************************************************************************************************************************************************************* client-000 : ok=30 changed=2 unreachable=0 failed=0 mds-000 : ok=32 changed=4 unreachable=0 failed=0 mgr-000 : ok=32 changed=4 unreachable=0 failed=0 mon-000 : ok=89 changed=21 unreachable=0 failed=1 mon-001 : ok=84 changed=20 unreachable=0 failed=1 mon-002 : ok=81 changed=17 unreachable=0 failed=1 osd-000 : ok=32 changed=4 unreachable=0 failed=0 osd-001 : ok=32 changed=4 unreachable=0 failed=0 osd-002 : ok=32 changed=4 unreachable=0 failed=0 Also, create all keys on the first mon and copy those to the other mons to be consistent. Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
2019-01-27 06:55:37 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
Refactor keys creation and fetching We isolated the key operations into a file and modified the fetch function to collect all the new keys. In the mean time fixed the pool creation since the command is not indempotent. Renamed the rgw key to work with the key collection. Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
2015-01-30 23:16:18 +08:00
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
- name: copy ceph mgr key(s) to the ansible server
fetch:
src: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
flat: yes
with_items:
delegate key creation to first mon Otherwise keys get scattered over the mons and the mgr key is not copied properly. With ansible_inventory: [mdss] mds-000 ansible_ssh_host=192.168.129.110 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' [clients] client-000 ansible_ssh_host=192.168.143.94 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' [mgrs] mgr-000 ansible_ssh_host=192.168.222.195 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' [mons] mon-000 ansible_ssh_host=192.168.139.173 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' monitor_address=192.168.139.173 mon-002 ansible_ssh_host=192.168.212.114 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' monitor_address=192.168.212.114 mon-001 ansible_ssh_host=192.168.167.177 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' monitor_address=192.168.167.177 [osds] osd-001 ansible_ssh_host=192.168.178.128 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' osd-000 ansible_ssh_host=192.168.138.233 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' osd-002 ansible_ssh_host=192.168.197.23 ansible_ssh_port=22 ansible_ssh_user='root' ansible_ssh_private_key_file='/root/.ssh/id_rsa' We get this failure: TASK [ceph-mon : include_tasks ceph_keys.yml] ********************************************************************************************************************************************************************** included: /root/ceph-ansible/roles/ceph-mon/tasks/ceph_keys.yml for mon-000, mon-002, mon-001 TASK [ceph-mon : waiting for the monitor(s) to form the quorum...] ************************************************************************************************************************************************* changed: [mon-000] => { "attempts": 1, "changed": true, "cmd": [ "ceph", "--cluster", "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li1166-30/keyring", "mon_status", "--format", "json" ], "delta": "0:00:01.897397", "end": "2019-02-14 17:08:09.340534", "rc": 0, "start": "2019-02-14 17:08:07.443137" } STDOUT: {"name":"li1166-30","rank":0,"state":"leader","election_epoch":4,"quorum":[0,1,2],"quorum_age":0,"features":{"required_con":"2449958747315912708","required_mon":["kraken","luminous","mimic","osdmap-prune","nautilus"],"quorum_con":"4611087854031667199","quorum_mon":["kraken","luminous","mimic","osdmap-prune","nautilus"]},"outside_quorum":[],"extra_probe_peers":[{"addrvec":[{"type":"v2","addr":"192.168.167.177:3300","nonce":0},{"type":"v1","addr":"192.168.167.177:6789","nonce":0}]},{"addrvec":[{"type":"v2","addr":"192.168.212.114:3300","nonce":0},{"type":"v1","addr":"192.168.212.114:6789","nonce":0}]}],"sync_provider":[],"monmap":{"epoch":1,"fsid":"bb401e2a-c524-428e-bba9-8977bc96f04b","modified":"2019-02-14 17:08:05.012133","created":"2019-02-14 17:08:05.012133","features":{"persistent":["kraken","luminous","mimic","osdmap-prune","nautilus"],"optional":[]},"mons":[{"rank":0,"name":"li1166-30","public_addrs":{"addrvec":[{"type":"v2","addr":"192.168.139.173:3300","nonce":0},{"type":"v1","addr":"192.168.139.173:6789","nonce":0}]},"addr":"192.168.139.173:6789/0","public_addr":"192.168.139.173:6789/0"},{"rank":1,"name":"li985-128","public_addrs":{"addrvec":[{"type":"v2","addr":"192.168.167.177:3300","nonce":0},{"type":"v1","addr":"192.168.167.177:6789","nonce":0}]},"addr":"192.168.167.177:6789/0","public_addr":"192.168.167.177:6789/0"},{"rank":2,"name":"li895-17","public_addrs":{"addrvec":[{"type":"v2","addr":"192.168.212.114:3300","nonce":0},{"type":"v1","addr":"192.168.212.114:6789","nonce":0}]},"addr":"192.168.212.114:6789/0","public_addr":"192.168.212.114:6789/0"}]},"feature_map":{"mon":[{"features":"0x3ffddff8ffacffff","release":"luminous","num":1}],"client":[{"features":"0x3ffddff8ffacffff","release":"luminous","num":1}]}} TASK [ceph-mon : fetch ceph initial keys] ************************************************************************************************************************************************************************** changed: [mon-001] => { "changed": true, "cmd": [ "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li985-128/keyring", "--cluster", "ceph", "auth", "get", "client.bootstrap-rgw", "-f", "plain", "-o", "/var/lib/ceph/bootstrap-rgw/ceph.keyring" ], "delta": "0:00:03.179584", "end": "2019-02-14 17:08:14.305348", "rc": 0, "start": "2019-02-14 17:08:11.125764" } STDERR: exported keyring for client.bootstrap-rgw changed: [mon-002] => { "changed": true, "cmd": [ "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li895-17/keyring", "--cluster", "ceph", "auth", "get", "client.bootstrap-rgw", "-f", "plain", "-o", "/var/lib/ceph/bootstrap-rgw/ceph.keyring" ], "delta": "0:00:03.706169", "end": "2019-02-14 17:08:14.041698", "rc": 0, "start": "2019-02-14 17:08:10.335529" } STDERR: exported keyring for client.bootstrap-rgw changed: [mon-000] => { "changed": true, "cmd": [ "ceph", "-n", "mon.", "-k", "/var/lib/ceph/mon/ceph-li1166-30/keyring", "--cluster", "ceph", "auth", "get", "client.bootstrap-rgw", "-f", "plain", "-o", "/var/lib/ceph/bootstrap-rgw/ceph.keyring" ], "delta": "0:00:03.916467", "end": "2019-02-14 17:08:13.803999", "rc": 0, "start": "2019-02-14 17:08:09.887532" } STDERR: exported keyring for client.bootstrap-rgw TASK [ceph-mon : create ceph mgr keyring(s)] *********************************************************************************************************************************************************************** skipping: [mon-000] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=mon-000) => { "changed": false, "item": "mon-000", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=mon-002) => { "changed": false, "item": "mon-002", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=mon-001) => { "changed": false, "item": "mon-001", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mon-000) => { "changed": false, "item": "mon-000", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mon-002) => { "changed": false, "item": "mon-002", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mon-001) => { "changed": false, "item": "mon-001", "skip_reason": "Conditional result was False" } changed: [mon-001] => (item=mgr-000) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li547-145.keyring" ], "delta": "0:00:05.822460", "end": "2019-02-14 17:08:21.422810", "item": "mgr-000", "rc": 0, "start": "2019-02-14 17:08:15.600350" } STDERR: imported keyring changed: [mon-001] => (item=mon-000) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li1166-30.keyring" ], "delta": "0:00:05.814039", "end": "2019-02-14 17:08:27.663745", "item": "mon-000", "rc": 0, "start": "2019-02-14 17:08:21.849706" } STDERR: imported keyring changed: [mon-001] => (item=mon-002) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li895-17.keyring" ], "delta": "0:00:05.787291", "end": "2019-02-14 17:08:33.921243", "item": "mon-002", "rc": 0, "start": "2019-02-14 17:08:28.133952" } STDERR: imported keyring changed: [mon-001] => (item=mon-001) => { "changed": true, "cmd": [ "ceph", "-n", "client.admin", "-k", "/etc/ceph/ceph.client.admin.keyring", "--cluster", "ceph", "auth", "import", "-i", "/etc/ceph//ceph.mgr.li985-128.keyring" ], "delta": "0:00:05.782064", "end": "2019-02-14 17:08:40.138706", "item": "mon-001", "rc": 0, "start": "2019-02-14 17:08:34.356642" } STDERR: imported keyring TASK [ceph-mon : copy ceph mgr key(s) to the ansible server] ******************************************************************************************************************************************************* skipping: [mon-000] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=mgr-000) => { "changed": false, "item": "mgr-000", "skip_reason": "Conditional result was False" } changed: [mon-001] => (item=mgr-000) => { "changed": true, "checksum": "aa0fa40225c9e09d67fe7700ce9d033f91d46474", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/etc/ceph/ceph.mgr.li547-145.keyring", "item": "mgr-000", "md5sum": "cd884fb9ddc9b8b4e3cd1ad6a98fb531", "remote_checksum": "aa0fa40225c9e09d67fe7700ce9d033f91d46474", "remote_md5sum": null } TASK [ceph-mon : copy keys to the ansible server] ****************************************************************************************************************************************************************** skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-osd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-osd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-rgw/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rgw/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-mds/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-mds/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-rbd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-osd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-osd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-000] => (item=/etc/ceph/ceph.client.admin.keyring) => { "changed": false, "item": "/etc/ceph/ceph.client.admin.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-rgw/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rgw/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-mds/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-mds/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-rbd/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring) => { "changed": false, "item": "/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "skip_reason": "Conditional result was False" } skipping: [mon-002] => (item=/etc/ceph/ceph.client.admin.keyring) => { "changed": false, "item": "/etc/ceph/ceph.client.admin.keyring", "skip_reason": "Conditional result was False" } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-osd/ceph.keyring) => { "changed": true, "checksum": "095c7868a080b4c53494335d3a2223abbad12605", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-osd/ceph.keyring", "item": "/var/lib/ceph/bootstrap-osd/ceph.keyring", "md5sum": "d8f4c4fa564aade81b844e3d92c7cac6", "remote_checksum": "095c7868a080b4c53494335d3a2223abbad12605", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-rgw/ceph.keyring) => { "changed": true, "checksum": "ce7a2d4441626f22e995b37d5131b9e768f18494", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-rgw/ceph.keyring", "item": "/var/lib/ceph/bootstrap-rgw/ceph.keyring", "md5sum": "271e4f90c5853c74264b6b749650c3f2", "remote_checksum": "ce7a2d4441626f22e995b37d5131b9e768f18494", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-mds/ceph.keyring) => { "changed": true, "checksum": "e35e8613076382dd3c9d89b5bc2090e37871aab7", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-mds/ceph.keyring", "item": "/var/lib/ceph/bootstrap-mds/ceph.keyring", "md5sum": "ed7c32277914c8e34ad5c532d8293dd2", "remote_checksum": "e35e8613076382dd3c9d89b5bc2090e37871aab7", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-rbd/ceph.keyring) => { "changed": true, "checksum": "ac43101ad249f6b6bb07ceb3287a3693aeae7f6c", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-rbd/ceph.keyring", "item": "/var/lib/ceph/bootstrap-rbd/ceph.keyring", "md5sum": "1460e3c9532b0b7b3a5cb329d77342cd", "remote_checksum": "ac43101ad249f6b6bb07ceb3287a3693aeae7f6c", "remote_md5sum": null } changed: [mon-001] => (item=/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring) => { "changed": true, "checksum": "01d74751810f5da621937b10c83d47fc7f1865c5", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "item": "/var/lib/ceph/bootstrap-rbd-mirror/ceph.keyring", "md5sum": "979987f10fd7da5cff67e665f54bfe4d", "remote_checksum": "01d74751810f5da621937b10c83d47fc7f1865c5", "remote_md5sum": null } changed: [mon-001] => (item=/etc/ceph/ceph.client.admin.keyring) => { "changed": true, "checksum": "482f702cf861b41021d76de655ecf996fe9a4a4a", "dest": "/root/ceph-ansible/fetch/bb401e2a-c524-428e-bba9-8977bc96f04b/etc/ceph/ceph.client.admin.keyring", "item": "/etc/ceph/ceph.client.admin.keyring", "md5sum": "7581c187044fd4e0f7a5440244a6b306", "remote_checksum": "482f702cf861b41021d76de655ecf996fe9a4a4a", "remote_md5sum": null } TASK [ceph-mon : include secure_cluster.yml] *********************************************************************************************************************************************************************** skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mon : crush_rules.yml] ********************************************************************************************************************************************************************************** skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-002] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-001] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mgr : set_fact docker_exec_cmd] ************************************************************************************************************************************************************************* skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-002] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-001] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mgr : include common.yml] ******************************************************************************************************************************************************************************* included: /root/ceph-ansible/roles/ceph-mgr/tasks/common.yml for mon-000, mon-002, mon-001 TASK [ceph-mgr : create mgr directory] ***************************************************************************************************************************************************************************** changed: [mon-000] => { "changed": true, "gid": 167, "group": "ceph", "mode": "0755", "owner": "ceph", "path": "/var/lib/ceph/mgr/ceph-li1166-30", "secontext": "unconfined_u:object_r:ceph_var_lib_t:s0", "size": 4096, "state": "directory", "uid": 167 } changed: [mon-002] => { "changed": true, "gid": 167, "group": "ceph", "mode": "0755", "owner": "ceph", "path": "/var/lib/ceph/mgr/ceph-li895-17", "secontext": "unconfined_u:object_r:ceph_var_lib_t:s0", "size": 4096, "state": "directory", "uid": 167 } changed: [mon-001] => { "changed": true, "gid": 167, "group": "ceph", "mode": "0755", "owner": "ceph", "path": "/var/lib/ceph/mgr/ceph-li985-128", "secontext": "unconfined_u:object_r:ceph_var_lib_t:s0", "size": 4096, "state": "directory", "uid": 167 } TASK [ceph-mgr : fetch ceph mgr keyring] *************************************************************************************************************************************************************************** skipping: [mon-000] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-002] => { "changed": false, "skip_reason": "Conditional result was False" } skipping: [mon-001] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ceph-mgr : copy ceph keyring(s) if needed] ******************************************************************************************************************************************************************* An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [mon-002] (item={'name': '/etc/ceph/ceph.mgr.li895-17.keyring', 'dest': '/var/lib/ceph/mgr/ceph-li895-17/keyring', 'copy_key': True}) => { "changed": false, "item": { "copy_key": true, "dest": "/var/lib/ceph/mgr/ceph-li895-17/keyring", "name": "/etc/ceph/ceph.mgr.li895-17.keyring" } } MSG: Could not find or access 'fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring' Searched in: /root/ceph-ansible/roles/ceph-mgr/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/roles/ceph-mgr/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring /root/ceph-ansible/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li895-17.keyring on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option skipping: [mon-002] => (item={'name': '/etc/ceph/ceph.client.admin.keyring', 'dest': '/etc/ceph/ceph.client.admin.keyring', 'copy_key': False}) => { "changed": false, "item": { "copy_key": false, "dest": "/etc/ceph/ceph.client.admin.keyring", "name": "/etc/ceph/ceph.client.admin.keyring" }, "skip_reason": "Conditional result was False" } An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [mon-001] (item={'name': '/etc/ceph/ceph.mgr.li985-128.keyring', 'dest': '/var/lib/ceph/mgr/ceph-li985-128/keyring', 'copy_key': True}) => { "changed": false, "item": { "copy_key": true, "dest": "/var/lib/ceph/mgr/ceph-li985-128/keyring", "name": "/etc/ceph/ceph.mgr.li985-128.keyring" } } MSG: Could not find or access 'fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring' Searched in: /root/ceph-ansible/roles/ceph-mgr/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/roles/ceph-mgr/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring /root/ceph-ansible/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li985-128.keyring on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option skipping: [mon-001] => (item={'name': '/etc/ceph/ceph.client.admin.keyring', 'dest': '/etc/ceph/ceph.client.admin.keyring', 'copy_key': False}) => { "changed": false, "item": { "copy_key": false, "dest": "/etc/ceph/ceph.client.admin.keyring", "name": "/etc/ceph/ceph.client.admin.keyring" }, "skip_reason": "Conditional result was False" } An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [mon-000] (item={'name': '/etc/ceph/ceph.mgr.li1166-30.keyring', 'dest': '/var/lib/ceph/mgr/ceph-li1166-30/keyring', 'copy_key': True}) => { "changed": false, "item": { "copy_key": true, "dest": "/var/lib/ceph/mgr/ceph-li1166-30/keyring", "name": "/etc/ceph/ceph.mgr.li1166-30.keyring" } } MSG: Could not find or access 'fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring' Searched in: /root/ceph-ansible/roles/ceph-mgr/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/roles/ceph-mgr/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/roles/ceph-mgr/tasks/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/files/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring /root/ceph-ansible/fetch//bb401e2a-c524-428e-bba9-8977bc96f04b//etc/ceph/ceph.mgr.li1166-30.keyring on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option skipping: [mon-000] => (item={'name': '/etc/ceph/ceph.client.admin.keyring', 'dest': '/etc/ceph/ceph.client.admin.keyring', 'copy_key': False}) => { "changed": false, "item": { "copy_key": false, "dest": "/etc/ceph/ceph.client.admin.keyring", "name": "/etc/ceph/ceph.client.admin.keyring" }, "skip_reason": "Conditional result was False" } NO MORE HOSTS LEFT ************************************************************************************************************************************************************************************************* to retry, use: --limit @/root/ceph-linode/linode.retry PLAY RECAP ********************************************************************************************************************************************************************************************************* client-000 : ok=30 changed=2 unreachable=0 failed=0 mds-000 : ok=32 changed=4 unreachable=0 failed=0 mgr-000 : ok=32 changed=4 unreachable=0 failed=0 mon-000 : ok=89 changed=21 unreachable=0 failed=1 mon-001 : ok=84 changed=20 unreachable=0 failed=1 mon-002 : ok=81 changed=17 unreachable=0 failed=1 osd-000 : ok=32 changed=4 unreachable=0 failed=0 osd-001 : ok=32 changed=4 unreachable=0 failed=0 osd-002 : ok=32 changed=4 unreachable=0 failed=0 Also, create all keys on the first mon and copy those to the other mons to be consistent. Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
2019-01-27 06:55:37 +08:00
- "{{ groups.get(mgr_group_name, []) }}" # this honors the condition where mgrs run on separate machines
- "{{ groups.get(mon_group_name, []) }}" # this honors the new rule where mgrs are always collocated with mons
delegate_to: "{{ groups[mon_group_name][0] }}"
name includes and set_fact for clarity When Ansible is not run with verbose options it's difficult to see which include and/or set_fact does what. So adding a name for each clarifies. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-15 06:48:53 +08:00
when:
- cephx
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
- not rolling_update
Implement Ceph REST API Now the Ceph REST API can be deployed. Default implementation deploys it on the same nodes as the monitors which should be fine. Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
2015-03-23 22:08:58 +08:00
Consmetic changes This branch has been sitting on my local repo for a while. I guess I had time to spend on a plane :). Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
2015-05-16 00:27:41 +08:00
- name: copy keys to the ansible server
Refactor ceph monitor role
2015-10-17 07:55:31 +08:00
fetch:
src: "{{ item }}"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
flat: yes
Refactor keys creation and fetching We isolated the key operations into a file and modified the fetch function to collect all the new keys. In the mean time fixed the pool creation since the command is not indempotent. Renamed the rgw key to work with the key collection. Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
2015-01-30 23:16:18 +08:00
with_items:
ceph: implement cluster name support we now have the ability to enable the `cluster` variable with a specific value that will determine the name of the cluster. Signed-off-by: Sébastien Han <seb@redhat.com>
2016-03-29 21:37:31 +08:00
- /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
rbd-mirror: use the new rbd-mirror key Instead of using the old rbd key let's use the new rbr-mirror key to bootstrap the rbd -mirror daemon. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-06 00:14:31 +08:00
- /var/lib/ceph/bootstrap-rbd/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
mon: do not serialized container bootstrap This commit unifies the container and non-container code, which in the meantime gives use the ability to deploy N mon container at the same time without having to serialized the deployment. This will drastically reduces the time needed to bootstrap the cluster. Note, this is only possible since Nautilus because the monitors are bootstrap the initial keys on their own once they reach quorum. In the Nautilus version of the ceph-container mon, we stopped generating the keys 'manually' from inside the container, for more detail see: https://github.com/ceph/ceph-container/pull/1238 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:50:38 +08:00
- /etc/ceph/{{ cluster }}.client.admin.keyring
mgr: add new role for ceph-mgr The Ceph Manager daemon (ceph-mgr) runs alongside monitor daemons, to provide additional monitoring and interfaces to external monitoring and management systems. Only works as of the Kraken release. Co-Authored-By: Guillaume Abrioux <gabrioux@redhat.com> Signed-off-by: Sébastien Han <seb@redhat.com>
2017-03-16 17:17:08 +08:00
when:
- cephx
name includes and set_fact for clarity When Ansible is not run with verbose options it's difficult to see which include and/or set_fact does what. So adding a name for each clarifies. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-15 06:48:53 +08:00
- inventory_hostname == groups[mon_group_name] | last