ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/roles/ceph-client/tasks/create_users_keys.yml

103 lines
3.2 KiB
YAML
Raw Normal View History

ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com>
2016-05-11 00:29:27 +08:00
---
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
- name: set docker_exec_client_cmd_binary to ceph-authtool
set_fact:
docker_exec_client_cmd_binary: ceph-authtool
when: containerized_deployment
- name: set docker_exec_client_cmd for containers
set_fact:
osd: enhance backward compatibility During the initial implementation of this 'old' thing we were falling into this issue without noticing https://github.com/moby/moby/issues/30341 and where blindly using --rm, now this is fixed the prepare container disappears and thus activation fail. I'm fixing this for old jewel images. Also this fixes the machine reboot case where the docker logs are purgend. In the old scenario, we now store the log locally in the same directory as the ceph-osd-run.sh script. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-11-02 23:17:38 +08:00
docker_exec_client_cmd: docker run --rm -v /etc/ceph:/etc/ceph --entrypoint /usr/bin/{{ docker_exec_client_cmd_binary }} {{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
when: containerized_deployment
- name: set docker_exec_client_cmd for non-containers
set_fact:
docker_exec_client_cmd: ceph-authtool
when: not containerized_deployment
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com>
2016-05-11 00:29:27 +08:00
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
- name: create key(s)
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
shell: "{{ docker_exec_client_cmd }} -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com>
2016-05-11 00:29:27 +08:00
args:
creates: /etc/ceph/{{ cluster }}.{{ item.name }}.keyring
moving to ansible v2.2 compatibility Signed-off-by: Sébastien Han <seb@redhat.com> Co-Authored-By: Julien Francoz julien@francoz.net
2016-11-03 17:16:33 +08:00
with_items: "{{ keys }}"
ceph-client: introduce new client role By default, this roles will create a ceph config file and get the admin key. You can optionnally add other users, keys and pools for your tests. Closes: #769 Signed-off-by: Sébastien Han <seb@redhat.com>
2016-05-11 00:29:27 +08:00
changed_when: false
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
when:
- cephx
- keys | length > 0
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
- name: set docker_exec_client_cmd_binary to ceph
set_fact:
docker_exec_client_cmd_binary: ceph
when: containerized_deployment
- name: replace docker_exec_client_cmd by ceph
set_fact:
docker_exec_client_cmd: ceph
when:
- not containerized_deployment
- docker_exec_client_cmd == 'ceph-authtool'
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
- name: check if key(s) already exist(s)
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth get {{ item.name }}"
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
changed_when: false
failed_when: false
with_items: "{{ keys }}"
register: keys_exist
Add option to create client keyring file but not import it Add new boolean parameter for client config create_key_file_only with a default of false. When create_key_file_only is true, the client tasks to connect to the external ceph cluster to verify the key `ceph auth import` the key are skipped. Fixes: #1848
2017-09-02 09:30:04 +08:00
when:
- copy_admin_key
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
client: implement proper pools creation Just like we did for the monitor and openstack_config we now have the ability to precisely create pools. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-07 21:50:27 +08:00
- name: create pool(s)
command: >
{{ docker_exec_client_cmd }} --cluster {{ cluster }}
osd pool create {{ item.name }}
{{ item.get('pg_num', hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num']) }}
{{ item.pgp_num | default(item.pg_num) }}
{{ item.rule_name | default("replicated_rule") }}
{{ item.type | default("replicated") }}
{%- if item.type | default("replicated") == 'erasure' and item.erasure_profile != '' %}
{{ item.erasure_profile }}
{%- endif %}
{{ item.size | default('') }}
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
with_items: "{{ pools }}"
changed_when: false
when:
- pools | length > 0
- copy_admin_key
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
- name: add key(s) to ceph
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
Client: keep consistency between `openstack_key` and `keys` To keep consistency between `{{ openstack_keys }}` and `{{ keys }}` respectively in `ceph-mon` and `ceph-client` roles. This commit also add the possibility to set mds caps. Fixes: #1680 Co-Authored-by: John Fulton <johfulto@redhat.com> Co-Authored-by: Giulio Fidente <gfidente@redhat.com> Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-07-13 23:39:35 +08:00
changed_when: false
with_together:
- "{{ keys }}"
Add option to create client keyring file but not import it Add new boolean parameter for client config create_key_file_only with a default of false. When create_key_file_only is true, the client tasks to connect to the external ceph cluster to verify the key `ceph auth import` the key are skipped. Fixes: #1848
2017-09-02 09:30:04 +08:00
- "{{ keys_exist.results | default([]) }}"
when:
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
- not item.1.get("skipped")
Add option to create client keyring file but not import it Add new boolean parameter for client config create_key_file_only with a default of false. When create_key_file_only is true, the client tasks to connect to the external ceph cluster to verify the key `ceph auth import` the key are skipped. Fixes: #1848
2017-09-02 09:30:04 +08:00
- copy_admin_key
- item.1.rc != 0
Allow user to define ACLs for OpenStack keys The keys and openstack_keys structure now supports an optional key called acls whose value is a list of strings one could pass to setfacl. The ansible ACL module applies the ACLs to all openstack keys with this property. Fixes: #1688
2017-07-20 06:20:18 +08:00
client: ability to create keys and pool with no cpeh binaries On a container env, machines don't have any ceph binaries so we need to use a container to run the commands. Signed-off-by: Sébastien Han <seb@redhat.com>
2017-09-14 04:13:53 +08:00
- name: put docker_exec_client_cmd back to normal with a none value
set_fact:
docker_exec_client_cmd:
when: docker_exec_client_cmd == 'ceph'
Make acls and mode parameters of opentack_keys optional Only chmod or setfacl the requested keyring(s) in the opentack_keys data structure when the mode or acls keys of that data structure exist. User may specify four permission combinations for the keyring file(s): 1. only set ACL, 2. only set mode, 3. set neither mode nor ACL, 4. set mode and then ACL. Fixes: #2092
2017-10-26 07:46:02 +08:00
- name: chmod key(s)
file:
path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
with_items: "{{ keys }}"
when:
- cephx
- keys | length > 0
Allow user to define ACLs for OpenStack keys The keys and openstack_keys structure now supports an optional key called acls whose value is a list of strings one could pass to setfacl. The ansible ACL module applies the ACLs to all openstack keys with this property. Fixes: #1688
2017-07-20 06:20:18 +08:00
- name: setfacl for key(s)
acl:
path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
entry: "{{ item.1 }}"
state: present
with_subelements:
- "{{ keys }}"
- acls
- skip_missing: true
when:
- cephx
- keys | length > 0