From 07d21604213e265717bc063d0e33a28cc12d2f89 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Mon, 11 Jan 2021 11:48:53 -0500 Subject: [PATCH] dashboard: manage password backward compatibility The ceph dashboard changed the way the password are provided via the CLI. This breaks the backward compatibility when using a recent ceph-ansible version with ceph release without that feature. This patch adds tasks for legacy workflow (ceph release without that feature) in ceph-dashboard role. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506 Signed-off-by: Dimitri Savineau --- .../tasks/configure_dashboard.yml | 109 ++++++++++++++++-- 1 file changed, 98 insertions(+), 11 deletions(-) diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml index 2d34b59e2..2c316b910 100644 --- a/roles/ceph-dashboard/tasks/configure_dashboard.yml +++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml @@ -117,6 +117,19 @@ run_once: true changed_when: false +- name: check dashboard password in file option command + command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password" + delegate_to: "{{ groups[mon_group_name][0] }}" + run_once: true + changed_when: false + failed_when: false + register: dashboard_password_in_file_option + +- name: set_fact dashboard_password_from_stdin + set_fact: + dashboard_password_from_stdin: "{{ ' -i ' in dashboard_password_in_file_option.stderr }}" + run_once: true + - name: check if dashboard admin user exists command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }} register: dashboard_admin_user_exist @@ -129,7 +142,7 @@ until: dashboard_admin_user_exist.rc == 0 - name: update dashboard admin password - command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-set-password -i - {{ dashboard_admin_user | quote }} + command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-set-password -i - {{ dashboard_admin_user | quote }} # noqa 304 args: stdin: "{{ dashboard_admin_password }}" stdin_add_newline: no @@ -139,10 +152,24 @@ run_once: true delegate_to: "{{ groups[mon_group_name][0] }}" until: update_dashboard_admin_user.rc == 0 - when: dashboard_admin_user_exist.rc == 0 + when: + - dashboard_admin_user_exist.rc == 0 + - dashboard_password_from_stdin | bool + +- name: update dashboard admin password (legacy) + command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} # noqa 304 + register: update_dashboard_admin_user + retries: 6 + delay: 5 + run_once: true + delegate_to: "{{ groups[mon_group_name][0] }}" + until: update_dashboard_admin_user.rc == 0 + when: + - dashboard_admin_user_exist.rc == 0 + - not dashboard_password_from_stdin | bool - name: create dashboard admin user - command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-create -i - {{ dashboard_admin_user | quote }} + command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-create -i - {{ dashboard_admin_user | quote }} # noqa 304 args: stdin: "{{ dashboard_admin_password }}" stdin_add_newline: no @@ -152,7 +179,21 @@ run_once: true delegate_to: "{{ groups[mon_group_name][0] }}" until: create_dashboard_admin_user.rc == 0 - when: dashboard_admin_user_exist.rc != 0 + when: + - dashboard_admin_user_exist.rc != 0 + - dashboard_password_from_stdin | bool + +- name: create dashboard admin user (legacy) + command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} + register: create_dashboard_admin_user + retries: 6 + delay: 5 + run_once: true + delegate_to: "{{ groups[mon_group_name][0] }}" + until: create_dashboard_admin_user.rc == 0 + when: + - dashboard_admin_user_exist.rc != 0 + - not dashboard_password_from_stdin | bool - name: set dashboard admin user role command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-roles {{ dashboard_admin_user | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }} @@ -171,13 +212,21 @@ changed_when: false - name: set grafana api password - command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-grafana-api-password -i -" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-grafana-api-password -i -" # noqa 304 args: stdin: "{{ grafana_admin_password }}" stdin_add_newline: no delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false + when: dashboard_password_from_stdin | bool + +- name: set grafana api password (legacy) + command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-password {{ grafana_admin_password }}" + delegate_to: "{{ groups[mon_group_name][0] }}" + run_once: true + changed_when: false + when: not dashboard_password_from_stdin | bool - name: disable ssl verification for grafana command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False" @@ -249,22 +298,36 @@ changed_when: false - name: set the rgw access key - command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-access-key -i -" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-access-key -i -" # noqa 304 args: stdin: "{{ rgw_access_key }}" stdin_add_newline: no delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false + when: dashboard_password_from_stdin | bool + + - name: set the rgw access key (legacy) + command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-access-key {{ rgw_access_key }}" + delegate_to: "{{ groups[mon_group_name][0] }}" + changed_when: false + when: not dashboard_password_from_stdin | bool - name: set the rgw secret key - command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-secret-key -i -" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-secret-key -i -" # noqa 304 args: stdin: "{{ rgw_secret_key }}" stdin_add_newline: no delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false + when: dashboard_password_from_stdin | bool + + - name: set the rgw secret key (legacy) + command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-secret-key {{ rgw_secret_key }}" + delegate_to: "{{ groups[mon_group_name][0] }}" + changed_when: false + when: not dashboard_password_from_stdin | bool - name: set the rgw host command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-host {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_address'] }}" @@ -313,7 +376,7 @@ - generate_crt | default(false) | bool - name: add iscsi gateways - ipv4 - command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" # noqa 304 args: stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}" stdin_add_newline: no @@ -321,10 +384,22 @@ delegate_to: "{{ groups[mon_group_name][0] }}" with_items: "{{ groups[iscsi_gw_group_name] }}" run_once: true - when: ip_version == 'ipv4' + when: + - ip_version == 'ipv4' + - dashboard_password_from_stdin | bool + + - name: add iscsi gateways - ipv4 (legacy) + command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}" + changed_when: false + delegate_to: "{{ groups[mon_group_name][0] }}" + with_items: "{{ groups[iscsi_gw_group_name] }}" + run_once: true + when: + - ip_version == 'ipv4' + - not dashboard_password_from_stdin | bool - name: add iscsi gateways - ipv6 - command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" # noqa 304 args: stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}" stdin_add_newline: no @@ -332,7 +407,19 @@ delegate_to: "{{ groups[mon_group_name][0] }}" with_items: "{{ groups[iscsi_gw_group_name] }}" run_once: true - when: ip_version == 'ipv6' + when: + - ip_version == 'ipv6' + - dashboard_password_from_stdin | bool + + - name: add iscsi gateways - ipv6 (legacy) + command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}" + changed_when: false + delegate_to: "{{ groups[mon_group_name][0] }}" + with_items: "{{ groups[iscsi_gw_group_name] }}" + run_once: true + when: + - ip_version == 'ipv6' + - not dashboard_password_from_stdin | bool - name: disable mgr dashboard module (restart) command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard"