ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/roles/ceph-dashboard/tasks/configure_dashboard.yml

470 lines
21 KiB
YAML
Raw Normal View History

Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
---
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
- name: set_fact container_exec_cmd
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
set_fact:
Use ansible_facts It has come to our attention that using ansible_* vars that are populated with INJECT_FACTS_AS_VARS=True is not very performant. In order to be able to support setting that to off, we need to update the references to use ansible_facts[<thing>] instead of ansible_<thing>. Related: ansible#73654 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1935406 Signed-off-by: Alex Schultz <aschultz@redhat.com> (cherry picked from commit a7f2fa73e63e69dba2e41aaac9732397eec437c9)
2021-03-03 22:43:50 +08:00
container_exec_cmd: "{{ container_binary }} exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_facts']['hostname'] }}"
ansible: use 'bool' filter on boolean conditionals By running ceph-ansible there are a lot ``[DEPRECATION WARNING]`` like these: ``` [DEPRECATION WARNING]: evaluating containerized_deployment as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ``` Now appended ``| bool`` on a lot of the affected variables. Sometimes the coding style from ``variable|bool`` changed to ``variable | bool`` *(with spaces at the pipe)*. Closes: #4022 Signed-off-by: L3D <l3d@c3woc.de> (cherry picked from commit ab54fe20ec2e3bf16e4544c39548d1e21dacf0d5)
2019-05-22 16:02:42 +08:00
when: containerized_deployment | bool
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
- name: set_fact container_run_cmd
set_fact:
dashboard: add missing parameter in `ceph_cmd` the `ceph_cmd` fact is missing the `--net=host` parameter. Some tasks consuming this fact can fail like following: ``` Error: error configuring network namespace for container b8ec913db1fb694ae683faf202680de7a59c714a004e533aba87e8503d29261f: Missing CNI default network ``` Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1931365 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit f143b1a6478bffe0e7ff1c23810d0a5368cf3592)
2021-03-01 22:22:22 +08:00
ceph_cmd: "{{ hostvars[groups[mon_group_name][0]]['container_binary'] + ' run --interactive --net=host --rm -v /etc/ceph:/etc/ceph:z --entrypoint=ceph ' + ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else 'ceph' }}"
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
- name: get current mgr backend - ipv4
set_fact:
dashboard: support dedicated network for the dashboard This introduces a new variable `dashboard_network` in order to support deploying the dashboard on a different subnet. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit f4f73b61972f416db9fe6ec305de282094581e07)
2021-07-05 23:49:26 +08:00
dashboard_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(dashboard_network.split(',')) | first }}"
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
when: ip_version == 'ipv4'
- name: get current mgr backend - ipv6
set_fact:
dashboard: support dedicated network for the dashboard This introduces a new variable `dashboard_network` in order to support deploying the dashboard on a different subnet. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit f4f73b61972f416db9fe6ec305de282094581e07)
2021-07-05 23:49:26 +08:00
dashboard_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(dashboard_network.split(',')) | last }}"
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
when: ip_version == 'ipv6'
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
- name: disable SSL for dashboard
Revert "Make 'disable ssl for dashboard task' idempotent." This reverts commit f607857f2a58b2ed14faf49f2b10d056a7f96b30. > That commit [1] introduced a regression in the dashboard configuration > because the ceph config get mgr xxxx command doesn't work with > nautilus. > In that release the get operation needs an entity. > [1] f607857 Signed-off-by: Dimitri Savineau dsavinea@redhat.com
2020-09-11 16:23:08 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl false"
Make 'disable ssl for dashboard task' idempotent. This should reduce number of 'changed' tasks during convergence test. Signed-off-by: George Shuklin <george.shuklin@gmail.com> (cherry picked from commit 73d4bb6bd6b560de7f2b3042bdc7d17c901e815a)
2020-07-13 18:40:17 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
Revert "Make 'disable ssl for dashboard task' idempotent." This reverts commit f607857f2a58b2ed14faf49f2b10d056a7f96b30. > That commit [1] introduced a regression in the dashboard configuration > because the ceph config get mgr xxxx command doesn't work with > nautilus. > In that release the get operation needs an entity. > [1] f607857 Signed-off-by: Dimitri Savineau dsavinea@redhat.com
2020-09-11 16:23:08 +08:00
run_once: true
when: dashboard_protocol == "http"
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
- name: with SSL for dashboard
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
when: dashboard_protocol == "https"
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
block:
- name: enable SSL for dashboard
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl true"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
- name: copy dashboard SSL certificate file
copy:
src: "{{ dashboard_crt }}"
dest: "/etc/ceph/ceph-dashboard.crt"
owner: root
group: root
mode: 0440
dashboard: allow remote TLS cert/key copy When using TLS on the ceph dashboard or grafana services, we can provide the TLS certificate and key. Those files should be present on the ansible controller and they will be copyied to the right node(s). In some situation, the TLS certificate and key could be already present on the target node and not on the ansible controller. For this scenario, we just need to copy the files locally (on each remote host). This patch adds the dashboard_tls_external variable (with default to false) to allow users to achieve this scenario when configuring this variable to true. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1860815 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 0d0f1e71df33484d6619aeaa97eb21d7dfc0ea48)
2020-07-31 00:04:18 +08:00
remote_src: "{{ dashboard_tls_external | bool }}"
ceph-dashboard: copy TLS cert/key on monitor The ceph-dashboard role is executed on the mgr nodes so the TLS cert/key files are copied to those nodes. But we are running importing the cert/key files into the ceph configuration on the monitor. Closes: #5557 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 2b8ebf14574e927bfabd939cc6263eb27a65afb3)
2020-07-17 22:38:02 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
when: dashboard_crt | length > 0
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
- name: copy dashboard SSL certificate key
copy:
src: "{{ dashboard_key }}"
dest: "/etc/ceph/ceph-dashboard.key"
owner: root
group: root
mode: 0440
dashboard: allow remote TLS cert/key copy When using TLS on the ceph dashboard or grafana services, we can provide the TLS certificate and key. Those files should be present on the ansible controller and they will be copyied to the right node(s). In some situation, the TLS certificate and key could be already present on the target node and not on the ansible controller. For this scenario, we just need to copy the files locally (on each remote host). This patch adds the dashboard_tls_external variable (with default to false) to allow users to achieve this scenario when configuring this variable to true. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1860815 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 0d0f1e71df33484d6619aeaa97eb21d7dfc0ea48)
2020-07-31 00:04:18 +08:00
remote_src: "{{ dashboard_tls_external | bool }}"
ceph-dashboard: copy TLS cert/key on monitor The ceph-dashboard role is executed on the mgr nodes so the TLS cert/key files are copied to those nodes. But we are running importing the cert/key files into the ceph configuration on the monitor. Closes: #5557 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 2b8ebf14574e927bfabd939cc6263eb27a65afb3)
2020-07-17 22:38:02 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
when: dashboard_key | length > 0
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
dashboard: copy self-signed generated crt to mons This commit makes the playbook copying self-signed generated certificate to monitors. When mons and mgrs are deployed on dedicated nodes the playbook will fail when trying to import certificate and key files since they are generated on mgrs whereas we try to import them from a monitor. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1846995 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit b7539eb275ccf947cd6122cdbfa062d20ad2472a)
2020-06-23 17:11:06 +08:00
- name: generate and copy self-signed certificate
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
when: dashboard_key | length == 0 or dashboard_crt | length == 0
dashboard: copy self-signed generated crt to mons This commit makes the playbook copying self-signed generated certificate to monitors. When mons and mgrs are deployed on dedicated nodes the playbook will fail when trying to import certificate and key files since they are generated on mgrs whereas we try to import them from a monitor. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1846995 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit b7539eb275ccf947cd6122cdbfa062d20ad2472a)
2020-06-23 17:11:06 +08:00
block:
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
- name: set_fact subj_alt_names
set_fact:
subj_alt_names: >
{% for host in groups[mgr_group_name] | default(groups[mon_group_name]) -%}
dashboard: support dedicated network for the dashboard This introduces a new variable `dashboard_network` in order to support deploying the dashboard on a different subnet. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit f4f73b61972f416db9fe6ec305de282094581e07)
2021-07-05 23:49:26 +08:00
subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['dashboard_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
{%- if loop.last %}/{% endif %}
{%- endfor -%}
run_once: true
dashboard: copy self-signed generated crt to mons This commit makes the playbook copying self-signed generated certificate to monitors. When mons and mgrs are deployed on dedicated nodes the playbook will fail when trying to import certificate and key files since they are generated on mgrs whereas we try to import them from a monitor. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1846995 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit b7539eb275ccf947cd6122cdbfa062d20ad2472a)
2020-06-23 17:11:06 +08:00
- name: generate a Self Signed OpenSSL certificate for dashboard
shell: |
test -f /etc/ceph/ceph-dashboard.key -a -f /etc/ceph/ceph-dashboard.crt || \
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
openssl req -new -nodes -x509 -subj '/O=IT/CN={{ dashboard_certificate_cn }}/{{ subj_alt_names | trim }}' -days 3650 -keyout /etc/ceph/ceph-dashboard.key -out /etc/ceph/ceph-dashboard.crt -extensions v3_ca
dashboard: copy self-signed generated crt to mons This commit makes the playbook copying self-signed generated certificate to monitors. When mons and mgrs are deployed on dedicated nodes the playbook will fail when trying to import certificate and key files since they are generated on mgrs whereas we try to import them from a monitor. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1846995 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit b7539eb275ccf947cd6122cdbfa062d20ad2472a)
2020-06-23 17:11:06 +08:00
run_once: True
- name: slurp self-signed generated certificate for dashboard
slurp:
src: "/etc/ceph/{{ item }}"
run_once: True
with_items:
- 'ceph-dashboard.key'
- 'ceph-dashboard.crt'
register: slurp_self_signed_crt
- name: copy self-signed generated certificate on mons
copy:
dest: "{{ item.0.source }}"
content: "{{ item.0.content | b64decode }}"
owner: "{{ ceph_uid }}"
group: "{{ ceph_uid }}"
mode: "{{ '0600' if item.0.source.split('.')[-1] == 'key' else '0664' }}"
delegate_to: "{{ item.1 }}"
run_once: True
with_nested:
- "{{ slurp_self_signed_crt.results }}"
- "{{ groups[mon_group_name] }}"
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
- name: import dashboard certificate file
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/crt -i /etc/ceph/ceph-dashboard.crt"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
ceph-dashboard: Improve https configuration This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b9e85d3a858949872c1a1790b426044)
2019-10-03 03:24:38 +08:00
- name: import dashboard certificate key
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/key -i /etc/ceph/ceph-dashboard.key"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
- name: "set the dashboard port ({{ dashboard_port }})"
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/server_port {{ dashboard_port }}"
lint: fix error [301], add `changed_when: false` when needed This commit fixes the error [301]: `[301] Commands should not change things if nothing needs doing` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 327d5641063e5a435e53ecb95148dca3c099b930)
2019-07-31 15:51:12 +08:00
changed_when: false
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
dashboard: Set ssl_server_port if it is supported We cannot use the old fashioned config-key way, here. It was not supported when the option was introduced (post 14.2.0). Since the option is not always supported we can simply ignore the potential failure on ceph clusters that do not support it. Signed-off-by: Boris Ranto <branto@redhat.com> (cherry picked from commit e737a1f83edbdda09663f18c55841befb21ffdfd)
2019-04-05 01:51:16 +08:00
- name: "set the dashboard SSL port ({{ dashboard_port }})"
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl_server_port {{ dashboard_port }}"
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
lint: fix error [301], add `changed_when: false` when needed This commit fixes the error [301]: `[301] Commands should not change things if nothing needs doing` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 327d5641063e5a435e53ecb95148dca3c099b930)
2019-07-31 15:51:12 +08:00
changed_when: false
failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0
dashboard: Set ssl_server_port if it is supported We cannot use the old fashioned config-key way, here. It was not supported when the option was introduced (post 14.2.0). Since the option is not always supported we can simply ignore the potential failure on ceph clusters that do not support it. Signed-off-by: Boris Ranto <branto@redhat.com> (cherry picked from commit e737a1f83edbdda09663f18c55841befb21ffdfd)
2019-04-05 01:51:16 +08:00
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
- name: config the current dashboard backend
dashboard: support dedicated network for the dashboard This introduces a new variable `dashboard_network` in order to support deploying the dashboard on a different subnet. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit f4f73b61972f416db9fe6ec305de282094581e07)
2021-07-05 23:49:26 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['dashboard_server_addr'] }}"
dashboard: remove "certificate is valid for" error When deploying dashboard with ssl certificates generated by ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes application such alertmanager complain like following: `err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"` The idea here is to add alternative names matching all mgr/mon instances in the certificate so this error won't appear in logs. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)
2021-07-06 20:18:51 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
run_once: true
dashboard: configure mgr backend before restart We need to set the mgr dashboard server ip address before restarting the dashboard module otherwise we can try to bind the dashboard module on an already used address. We already do this configuration for the dashboard port value and ssl setup so we should do the same for server address too. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1851455 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 03cd75845fee4d7d51bf5ce999e489d6f943e283)
2020-06-27 01:28:04 +08:00
with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}'
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
- name: disable mgr dashboard module (restart)
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard"
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
changed_when: false
- name: enable mgr dashboard module (restart)
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module enable dashboard"
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
changed_when: false
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
- name: check dashboard password in file option command
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
failed_when: false
register: dashboard_password_in_file_option
- name: set_fact dashboard_password_from_stdin
set_fact:
dashboard_password_from_stdin: "{{ ' -i ' in dashboard_password_in_file_option.stderr }}"
run_once: true
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
- name: check if dashboard admin user exists
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}
register: dashboard_admin_user_exist
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
retries: 6
delay: 5
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
run_once: true
failed_when: false
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
until: dashboard_admin_user_exist.rc == 0
- name: update dashboard admin password
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-set-password -i - {{ dashboard_admin_user | quote }} # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
stdin: "{{ dashboard_admin_password }}"
stdin_add_newline: no
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
register: update_dashboard_admin_user
retries: 6
delay: 5
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
until: update_dashboard_admin_user.rc == 0
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when:
- dashboard_admin_user_exist.rc == 0
- dashboard_password_from_stdin | bool
- name: update dashboard admin password (legacy)
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} # noqa 304
register: update_dashboard_admin_user
retries: 6
delay: 5
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
until: update_dashboard_admin_user.rc == 0
when:
- dashboard_admin_user_exist.rc == 0
- not dashboard_password_from_stdin | bool
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
- name: create dashboard admin user
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-create -i - {{ dashboard_admin_user | quote }} # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
stdin: "{{ dashboard_admin_password }}"
stdin_add_newline: no
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
register: create_dashboard_admin_user
retries: 6
delay: 5
run_once: true
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
until: create_dashboard_admin_user.rc == 0
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when:
- dashboard_admin_user_exist.rc != 0
- dashboard_password_from_stdin | bool
- name: create dashboard admin user (legacy)
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }}
register: create_dashboard_admin_user
retries: 6
delay: 5
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
until: create_dashboard_admin_user.rc == 0
when:
- dashboard_admin_user_exist.rc != 0
- not dashboard_password_from_stdin | bool
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
- name: set dashboard admin user role
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-roles {{ dashboard_admin_user | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }}
register: dashboard_admin_user_role
retries: 6
delay: 5
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
lint: fix error [301], add `changed_when: false` when needed This commit fixes the error [301]: `[301] Commands should not change things if nothing needs doing` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 327d5641063e5a435e53ecb95148dca3c099b930)
2019-07-31 15:51:12 +08:00
changed_when: false
dashboard: refact admin user creation task this commit splits this task in order to avoid using a `shell` module. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 54d3e9650f77466ae4207502e0a2da638d82954d)
2020-08-20 05:33:51 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
until: dashboard_admin_user_role.rc == 0
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
Set grafana-server user and password in ceph-dashboard role This change adds two tasks to set grafana-api user and password that are required to inject dashboard layouts to the external grafana instance. Without these two parameters the ceph-ansible playbook fails showing an authorization error (HTTPError: 401 Client Error: Unauthorized"). Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1767365 Signed-off-by: fmount <fpantano@redhat.com> (cherry picked from commit 41b8c17356fa1273761c3d864f959fbcb11813e7)
2019-10-31 17:49:22 +08:00
- name: set grafana api user
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-username {{ grafana_admin_user }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set grafana api password
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-grafana-api-password -i -" # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
stdin: "{{ grafana_admin_password }}"
stdin_add_newline: no
Set grafana-server user and password in ceph-dashboard role This change adds two tasks to set grafana-api user and password that are required to inject dashboard layouts to the external grafana instance. Without these two parameters the ceph-ansible playbook fails showing an authorization error (HTTPError: 401 Client Error: Unauthorized"). Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1767365 Signed-off-by: fmount <fpantano@redhat.com> (cherry picked from commit 41b8c17356fa1273761c3d864f959fbcb11813e7)
2019-10-31 17:49:22 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when: dashboard_password_from_stdin | bool
- name: set grafana api password (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-password {{ grafana_admin_password }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
when: not dashboard_password_from_stdin | bool
Set grafana-server user and password in ceph-dashboard role This change adds two tasks to set grafana-api user and password that are required to inject dashboard layouts to the external grafana instance. Without these two parameters the ceph-ansible playbook fails showing an authorization error (HTTPError: 401 Client Error: Unauthorized"). Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1767365 Signed-off-by: fmount <fpantano@redhat.com> (cherry picked from commit 41b8c17356fa1273761c3d864f959fbcb11813e7)
2019-10-31 17:49:22 +08:00
dashboard: allow disabling grafana api ssl verify When using an untrusted TLS certificate (like self-signed) on grafana then the grafana dashboards update subcommand will fail. One solution could be to trust the TLS certificate. The other one is to disable the TLS verification on the grafana API. Closes: #5324 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit b20519efd0b9af4f2467daa311b9dca6086d4f87)
2020-04-29 01:31:01 +08:00
- name: disable ssl verification for grafana
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
when:
- dashboard_protocol == "https"
- dashboard_grafana_api_no_ssl_verify | bool
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
- name: set alertmanager host
Prometheus APIs are only available through plain http Trying to access these APIs through TLS produces "Could not reach external API" errors in Ceph dashboard. Signed-off-by: Paulo Matias <matias@ufscar.br> (cherry picked from commit dac8e1d0a965125b9fa19616ded89254744581fc)
2020-03-17 10:39:58 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-alertmanager-api-host http://{{ grafana_server_addrs | first }}:{{ alertmanager_port }}"
ceph-dashboard: Add prometheus api host The set-prometheus-api-host ceph dashboard subcommand was missing in ceph-dashboard role. Only grafana and alermanager were present. This commit also remove the trailing slash at the end of the host/url values. Closes: #4453 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 74ab59c4f33d534cfbca4055c1f494a670be40e2)
2019-09-27 00:56:10 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set prometheus host
Prometheus APIs are only available through plain http Trying to access these APIs through TLS produces "Could not reach external API" errors in Ceph dashboard. Signed-off-by: Paulo Matias <matias@ufscar.br> (cherry picked from commit dac8e1d0a965125b9fa19616ded89254744581fc)
2020-03-17 10:39:58 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-prometheus-api-host http://{{ grafana_server_addrs | first }}:{{ prometheus_port }}"
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
changed_when: false
dashboard: allow configuring multiple grafana host When using multiple grafana hosts then we push set the grafana and prometheus URL and push the dashboard layout to a single node. grafana_server_addrs is the list of all grafana nodes and used during the ceph-dashboard role (on mgr/mon nodes). grafana_server_addr is the current grafana node used during the ceph-grafana and ceph-prometheus role (on grafana-server nodes). We don't have the grafana_server_addr fact duplication code between external vs collocated nodes. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1784011 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit c6e96699f71c634b3028d819bdc29aedd8b64ce9)
2020-01-28 03:47:00 +08:00
- include_tasks: configure_grafana_layouts.yml
with_items: '{{ grafana_server_addrs }}'
vars:
grafana_server_addr: '{{ item }}'
Config the monitoring stack components api urls using a VIP When dashboard_frontend_vip is provided, all the services should be configured using the related VIP. A new VIP variable is added for both prometheus and alertmanager: we're already able to properly config the grafana vip using dashboard_frontend_vip variable. This change adds the same variable for both prometheus and alertmanager. Signed-off-by: Francesco Pantano <fpantano@redhat.com> (cherry picked from commit 441651638d883b73c960363becae54096c8cee85)
2021-04-09 23:16:03 +08:00
- name: config monitoring api url vip
Configure ceph dashboard backend and dashboard_frontend_vip This change introduces a new set of tasks to configure the ceph dashboard backend and listen just on the mgr related subnet (and not on '*'). For the same reason the proper server address is added in both prometheus and alertmanger systemd units. This patch also adds the "dashboard_frontend_vip" parameter to make sure we're able to support the HA model when multiple grafana instances are deployed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1792230 Signed-off-by: Francesco Pantano <fpantano@redhat.com> (cherry picked from commit 15ed9eebf15c631b33c9de54f361e3d8ae993b3d)
2020-02-12 20:58:59 +08:00
run_once: true
Config the monitoring stack components api urls using a VIP When dashboard_frontend_vip is provided, all the services should be configured using the related VIP. A new VIP variable is added for both prometheus and alertmanager: we're already able to properly config the grafana vip using dashboard_frontend_vip variable. This change adds the same variable for both prometheus and alertmanager. Signed-off-by: Francesco Pantano <fpantano@redhat.com> (cherry picked from commit 441651638d883b73c960363becae54096c8cee85)
2021-04-09 23:16:03 +08:00
block:
- name: config grafana api url vip
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-url {{ dashboard_protocol }}://{{ dashboard_frontend_vip }}:{{ grafana_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: dashboard_frontend_vip is defined and dashboard_frontend_vip | length > 0
- name: config alertmanager api url
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-alertmanager-api-host {{ dashboard_protocol }}://{{ alertmanager_frontend_vip }}:{{ alertmanager_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: alertmanager_frontend_vip is defined and alertmanager_frontend_vip | length > 0
- name: config prometheus api url
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-prometheus-api-host {{ dashboard_protocol }}://{{ prometheus_frontend_vip }}:{{ prometheus_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: prometheus_frontend_vip is defined and prometheus_frontend_vip | length > 0
Configure ceph dashboard backend and dashboard_frontend_vip This change introduces a new set of tasks to configure the ceph dashboard backend and listen just on the mgr related subnet (and not on '*'). For the same reason the proper server address is added in both prometheus and alertmanger systemd units. This patch also adds the "dashboard_frontend_vip" parameter to make sure we're able to support the HA model when multiple grafana instances are deployed. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1792230 Signed-off-by: Francesco Pantano <fpantano@redhat.com> (cherry picked from commit 15ed9eebf15c631b33c9de54f361e3d8ae993b3d)
2020-02-12 20:58:59 +08:00
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: dashboard object gateway management frontend
when: groups.get(rgw_group_name, []) | length > 0
block:
ceph-dashboard: update create/get rgw user tasks Since [1] if a rgw user already exists then the radosgw-admin user create command will return an error instead of modifying the current user. We were already doing separated tasks for create and get operation but only for multisite configuration but it's not enough. Instead we should do the get task first and depending on the result execute the create. This commit also adds missing run_once and delegate_to statement. [1] https://github.com/ceph/ceph/commit/269e9b9 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit ac0f68ccf06dafe3c5b1321b81d80e2dc9d29015)
2020-02-18 04:46:54 +08:00
- name: get radosgw system user
command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin --cluster {{ cluster }} user info --uid={{ dashboard_rgw_api_user_id }}"
register: get_rgw_user
until: get_rgw_user.rc == 0
retries: 3
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
failed_when: false
changed_when: false
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: create radosgw system user
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin --cluster {{ cluster }} user create --uid={{ dashboard_rgw_api_user_id }} --display-name='Ceph dashboard' --system"
rgw: don't create user on secondary zones The rgw user creation for the Ceph dashboard integration shouldn't be created on secondary rgw zones. Closes: #4707 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1794351 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 16e12bf2bbf645d78063ba7d0b7a89b2348e56d1)
2019-11-06 00:32:06 +08:00
register: create_rgw_user
until: create_rgw_user.rc == 0
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
retries: 3
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
rgw: don't create user on secondary zones The rgw user creation for the Ceph dashboard integration shouldn't be created on secondary rgw zones. Closes: #4707 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1794351 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 16e12bf2bbf645d78063ba7d0b7a89b2348e56d1)
2019-11-06 00:32:06 +08:00
when:
dashboard: fix rgw user creation When deploying dashboard in a cluster with rgw multisite deployed. Due to the last rgw multisite refactor, we now expect the variable `rgw_zonemaster` to be defined in the dict `rgw_instances`. The idea here is to create that user on the cluster as soon as we have 1 `rgw_zonemaster` set to `true` in `rgw_instances`. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1964995 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-06-03 16:11:30 +08:00
- not rgw_multisite | bool or (true in (rgw_instances | selectattr('rgw_zonemaster', 'defined') | map(attribute='rgw_zonemaster') | list) if rgw_instances is defined else rgw_zonemaster | default(false))
ceph-dashboard: update create/get rgw user tasks Since [1] if a rgw user already exists then the radosgw-admin user create command will return an error instead of modifying the current user. We were already doing separated tasks for create and get operation but only for multisite configuration but it's not enough. Instead we should do the get task first and depending on the result execute the create. This commit also adds missing run_once and delegate_to statement. [1] https://github.com/ceph/ceph/commit/269e9b9 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit ac0f68ccf06dafe3c5b1321b81d80e2dc9d29015)
2020-02-18 04:46:54 +08:00
- get_rgw_user.rc == 22
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: get the rgw access and secret keys
set_fact:
rgw: don't create user on secondary zones The rgw user creation for the Ceph dashboard integration shouldn't be created on secondary rgw zones. Closes: #4707 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1794351 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 16e12bf2bbf645d78063ba7d0b7a89b2348e56d1)
2019-11-06 00:32:06 +08:00
rgw_access_key: "{{ (create_rgw_user.stdout | default(get_rgw_user.stdout) | from_json)['keys'][0]['access_key'] }}"
rgw_secret_key: "{{ (create_rgw_user.stdout | default(get_rgw_user.stdout) | from_json)['keys'][0]['secret_key'] }}"
ceph-dashboard: update create/get rgw user tasks Since [1] if a rgw user already exists then the radosgw-admin user create command will return an error instead of modifying the current user. We were already doing separated tasks for create and get operation but only for multisite configuration but it's not enough. Instead we should do the get task first and depending on the result execute the create. This commit also adds missing run_once and delegate_to statement. [1] https://github.com/ceph/ceph/commit/269e9b9 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit ac0f68ccf06dafe3c5b1321b81d80e2dc9d29015)
2020-02-18 04:46:54 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: set the rgw user
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-user-id {{ dashboard_rgw_api_user_id }}"
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
- name: set the rgw access key
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-access-key -i -" # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
stdin: "{{ rgw_access_key }}"
stdin_add_newline: no
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when: dashboard_password_from_stdin | bool
- name: set the rgw access key (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-access-key {{ rgw_access_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: not dashboard_password_from_stdin | bool
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: set the rgw secret key
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-secret-key -i -" # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
stdin: "{{ rgw_secret_key }}"
stdin_add_newline: no
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when: dashboard_password_from_stdin | bool
- name: set the rgw secret key (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-secret-key {{ rgw_secret_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: not dashboard_password_from_stdin | bool
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: set the rgw host
ceph-dashboard: remove rgw api host,port,scheme We don't need to have dedicated variables for the RGW integration into the Ceph Dashboard and need to be manually filled. Instead we can use the current values from the RGW nodes by using the IP and port from the first RGW instance of the first RGW node via the radosgw_address and radosgw_frontend_port variables. We don't need to specify all RGW nodes, this will be done automatically with one node. The RGW api scheme is using the radosgw_frontend_ssl_certificate variable to determine if the value is http or https. This variable is also reuse as a condition for the ssl verify task. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit b9e93ad7a60772e953c3d88346bf94db4131dcf6)
2019-10-03 02:15:45 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-host {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_address'] }}"
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: set the rgw port
ceph-dashboard: remove rgw api host,port,scheme We don't need to have dedicated variables for the RGW integration into the Ceph Dashboard and need to be manually filled. Instead we can use the current values from the RGW nodes by using the IP and port from the first RGW instance of the first RGW node via the radosgw_address and radosgw_frontend_port variables. We don't need to specify all RGW nodes, this will be done automatically with one node. The RGW api scheme is using the radosgw_frontend_ssl_certificate variable to determine if the value is http or https. This variable is also reuse as a condition for the ssl verify task. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit b9e93ad7a60772e953c3d88346bf94db4131dcf6)
2019-10-03 02:15:45 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-port {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_frontend_port'] }}"
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: set the rgw scheme
ceph-dashboard: remove rgw api host,port,scheme We don't need to have dedicated variables for the RGW integration into the Ceph Dashboard and need to be manually filled. Instead we can use the current values from the RGW nodes by using the IP and port from the first RGW instance of the first RGW node via the radosgw_address and radosgw_frontend_port variables. We don't need to specify all RGW nodes, this will be done automatically with one node. The RGW api scheme is using the radosgw_frontend_ssl_certificate variable to determine if the value is http or https. This variable is also reuse as a condition for the ssl verify task. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit b9e93ad7a60772e953c3d88346bf94db4131dcf6)
2019-10-03 02:15:45 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-scheme {{ 'https' if radosgw_frontend_ssl_certificate else 'http' }}"
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: set the rgw admin resource
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-admin-resource {{ dashboard_rgw_api_admin_resource }}"
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
lint: fix error [303,602,701,702] [303] mktemp used in place of tempfile module [602] Don't compare to empty string [701] No 'galaxy_info' found [702] Use 'galaxy_tags' rather than 'categories' This patch also changes the ansible log_path value via the ANSIBLE_LOG_PATH environment variable in the travis configuration to avoid warnings. [WARNING]: log file at /home/travis/ansible/ansible.log is not writeable and we cannot create it, aborting Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f7fd0b6d4f57f642698608974e9d5121b1d41c9c)
2019-10-10 03:39:04 +08:00
when: dashboard_rgw_api_admin_resource | length > 0
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
- name: disable ssl verification for rgw
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-ssl-verify False"
ceph-dashboard: enable rgw options conditionally The dashboard rgw frontend options only need to be applied when there's some nodes present in the rgw ansible group. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 5383c2f7f357ce6c8adb88422d757874d2f53c05)
2019-07-11 22:38:44 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
ceph-dashboard: remove rgw api host,port,scheme We don't need to have dedicated variables for the RGW integration into the Ceph Dashboard and need to be manually filled. Instead we can use the current values from the RGW nodes by using the IP and port from the first RGW instance of the first RGW node via the radosgw_address and radosgw_frontend_port variables. We don't need to specify all RGW nodes, this will be done automatically with one node. The RGW api scheme is using the radosgw_frontend_ssl_certificate variable to determine if the value is http or https. This variable is also reuse as a condition for the ssl verify task. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit b9e93ad7a60772e953c3d88346bf94db4131dcf6)
2019-10-03 02:15:45 +08:00
when:
- dashboard_rgw_api_no_ssl_verify | bool
- radosgw_frontend_ssl_certificate | length > 0
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
dashboard: add ceph iscsi management When deploying with ceph-iscsi nodes and dashboard enabled, we need to add the ceph iscsi gateway endpoints to the dashboard configuration and add the mgr ip address in the trusted list in the iscsi gateway configuration file. Closes: #4638 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1764173 https://docs.ceph.com/docs/master/mgr/dashboard/#enabling-iscsi-management Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit d050391cbbe8a56d1cf44e744a02e4aa3f0583e5)
2019-10-22 03:45:19 +08:00
- name: dashboard iscsi management
when: groups.get(iscsi_gw_group_name, []) | length > 0
block:
- name: disable iscsi api ssl verification
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-iscsi-api-ssl-verification false"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
when:
- api_secure | default(false) | bool
- generate_crt | default(false) | bool
ceph-iscsi: manage ipv6 in trusted_ip_list Only the ipv4 addresses from the nodes running the dashboard mgr module were added to the trusted_ip_list configuration file on the iscsigws nodes. This also add the iscsi gateways with ipv6 configuration to the ceph dashboard. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1787531 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 70eba66182aebfcb7056521eb9da7c6c13f574da)
2020-01-08 04:01:48 +08:00
- name: add iscsi gateways - ipv4
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
dashboard: support igw nodes with dedicated subnet This adds the possibility to deploy the dashboard with igw nodes using a dedicated subnet. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1926170 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit c33de174f1d8ec2d4b94a4322cdcdcf25262f1f6)
2021-03-02 16:51:26 +08:00
stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_facts']['all_ipv4_addresses'] | ips_in_ranges(igw_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}"
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
stdin_add_newline: no
dashboard: add ceph iscsi management When deploying with ceph-iscsi nodes and dashboard enabled, we need to add the ceph iscsi gateway endpoints to the dashboard configuration and add the mgr ip address in the trusted list in the iscsi gateway configuration file. Closes: #4638 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1764173 https://docs.ceph.com/docs/master/mgr/dashboard/#enabling-iscsi-management Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit d050391cbbe8a56d1cf44e744a02e4aa3f0583e5)
2019-10-22 03:45:19 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when:
- ip_version == 'ipv4'
- dashboard_password_from_stdin | bool
- name: add iscsi gateways - ipv4 (legacy)
Use ansible_facts It has come to our attention that using ansible_* vars that are populated with INJECT_FACTS_AS_VARS=True is not very performant. In order to be able to support setting that to off, we need to update the references to use ansible_facts[<thing>] instead of ansible_<thing>. Related: ansible#73654 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1935406 Signed-off-by: Alex Schultz <aschultz@redhat.com> (cherry picked from commit a7f2fa73e63e69dba2e41aaac9732397eec437c9)
2021-03-03 22:43:50 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_facts']['all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}"
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true
when:
- ip_version == 'ipv4'
- not dashboard_password_from_stdin | bool
ceph-iscsi: manage ipv6 in trusted_ip_list Only the ipv4 addresses from the nodes running the dashboard mgr module were added to the trusted_ip_list configuration file on the iscsigws nodes. This also add the iscsi gateways with ipv6 configuration to the ceph dashboard. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1787531 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 70eba66182aebfcb7056521eb9da7c6c13f574da)
2020-01-08 04:01:48 +08:00
- name: add iscsi gateways - ipv6
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" # noqa 304
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
args:
dashboard: support igw nodes with dedicated subnet This adds the possibility to deploy the dashboard with igw nodes using a dedicated subnet. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1926170 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit c33de174f1d8ec2d4b94a4322cdcdcf25262f1f6)
2021-03-02 16:51:26 +08:00
stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_facts']['all_ipv6_addresses'] | ips_in_ranges(igw_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}"
dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4)
2021-01-07 19:40:18 +08:00
stdin_add_newline: no
ceph-iscsi: manage ipv6 in trusted_ip_list Only the ipv4 addresses from the nodes running the dashboard mgr module were added to the trusted_ip_list configuration file on the iscsigws nodes. This also add the iscsi gateways with ipv6 configuration to the ceph dashboard. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1787531 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 70eba66182aebfcb7056521eb9da7c6c13f574da)
2020-01-08 04:01:48 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
when:
- ip_version == 'ipv6'
- dashboard_password_from_stdin | bool
- name: add iscsi gateways - ipv6 (legacy)
Use ansible_facts It has come to our attention that using ansible_* vars that are populated with INJECT_FACTS_AS_VARS=True is not very performant. In order to be able to support setting that to off, we need to update the references to use ansible_facts[<thing>] instead of ansible_<thing>. Related: ansible#73654 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1935406 Signed-off-by: Alex Schultz <aschultz@redhat.com> (cherry picked from commit a7f2fa73e63e69dba2e41aaac9732397eec437c9)
2021-03-03 22:43:50 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_facts']['all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}"
dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-01-12 00:48:53 +08:00
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true
when:
- ip_version == 'ipv6'
- not dashboard_password_from_stdin | bool
dashboard: add ceph iscsi management When deploying with ceph-iscsi nodes and dashboard enabled, we need to add the ceph iscsi gateway endpoints to the dashboard configuration and add the mgr ip address in the trusted list in the iscsi gateway configuration file. Closes: #4638 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1764173 https://docs.ceph.com/docs/master/mgr/dashboard/#enabling-iscsi-management Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit d050391cbbe8a56d1cf44e744a02e4aa3f0583e5)
2019-10-22 03:45:19 +08:00
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
- name: disable mgr dashboard module (restart)
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard"
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
changed_when: false
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
- name: enable mgr dashboard module (restart)
ceph-dashboard: add cluster parameter to ceph cmd The ceph dashboard tasks didn't use the cluster option if the cluster name isn't the default value. Closes: #4529 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit dd526cfe4ecceffcdce13b29b2c09ff19a8bd1b0)
2019-10-04 03:47:39 +08:00
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module enable dashboard"
Merge cephmetrics/dashboard-ansible repo This commit will merge dashboard-ansible installation scripts with ceph-ansible. This includes several new roles to setup ceph-dashboard and the underlying technologies like prometheus and grafana server. Signed-off-by: Boris Ranto & Zack Cerza <team-gmeno@redhat.com> Co-authored-by: Zack Cerza <zcerza@redhat.com> Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 2f141a6e808766bb6cd406ccc67ba0353b46e780)
2018-12-06 02:59:47 +08:00
changed_when: false
dashboard: use existing variable to detect containerized deployment there is no need to add more complexity for this, let's use `containerized_deployment` in order to detect if we are running a containerized deployment. The idea is to use `container_exec_cmd` the same way we do in the rest of the playbook to run the different ceph commands needed to deploy the ceph-dashboard role. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 742bb6214c806cb7db1f1ea54276aecf0bf22049)
2019-05-14 20:46:25 +08:00
delegate_to: "{{ groups[mon_group_name][0] }}"
ceph-dashboard: Add run_once on delegate tasks Because we need to execute commands from a monitor node (the first one in the mons list) we are using delegate_to option. If there's multiple nodes running the ceph-dashboard role then the delegated task will be executed multiple times. Also remove a mgr config-key option not present for nautilus+ releases. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit f545b5be0d5d5433692a889b0425c164d7c9f812)
2019-08-02 22:58:11 +08:00
run_once: true