ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dashboard: manage password backward compatibility 

The ceph dashboard changed the way the password are provided via the
CLI.
This breaks the backward compatibility when using a recent ceph-ansible
version with ceph release without that feature.
This patch adds tasks for legacy workflow (ceph release without that
feature) in ceph-dashboard role.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1915506

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
pull/6209/head
Dimitri Savineau 2021-01-11 11:48:53 -05:00 committed by Guillaume Abrioux
parent 623ca14682
commit 07d2160421
1 changed files with 98 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
roles/ceph-dashboard/tasks/configure_dashboard.yml
View File

@ -117,6 +117,19 @@
run_once: true run_once: true
changed_when: false changed_when: false
- name: check dashboard password in file option command
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
failed_when: false
register: dashboard_password_in_file_option
- name: set_fact dashboard_password_from_stdin
set_fact:
dashboard_password_from_stdin: "{{ ' -i ' in dashboard_password_in_file_option.stderr }}"
run_once: true
- name: check if dashboard admin user exists - name: check if dashboard admin user exists
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }} command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}
register: dashboard_admin_user_exist register: dashboard_admin_user_exist
@ -129,7 +142,7 @@
until: dashboard_admin_user_exist.rc == 0 until: dashboard_admin_user_exist.rc == 0
- name: update dashboard admin password - name: update dashboard admin password
command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-set-password -i - {{ dashboard_admin_user | quote }} command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-set-password -i - {{ dashboard_admin_user | quote }} # noqa 304
args: args:
stdin: "{{ dashboard_admin_password }}" stdin: "{{ dashboard_admin_password }}"
stdin_add_newline: no stdin_add_newline: no
@ -139,10 +152,24 @@
run_once: true run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
until: update_dashboard_admin_user.rc == 0 until: update_dashboard_admin_user.rc == 0
when: dashboard_admin_user_exist.rc == 0 when:
- dashboard_admin_user_exist.rc == 0
- dashboard_password_from_stdin | bool
- name: update dashboard admin password (legacy)
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} # noqa 304
register: update_dashboard_admin_user
retries: 6
delay: 5
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
until: update_dashboard_admin_user.rc == 0
when:
- dashboard_admin_user_exist.rc == 0
- not dashboard_password_from_stdin | bool
- name: create dashboard admin user - name: create dashboard admin user
command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-create -i - {{ dashboard_admin_user | quote }} command: timeout --foreground -s KILL 10 {{ ceph_cmd }} --cluster {{ cluster }} dashboard ac-user-create -i - {{ dashboard_admin_user | quote }} # noqa 304
args: args:
stdin: "{{ dashboard_admin_password }}" stdin: "{{ dashboard_admin_password }}"
stdin_add_newline: no stdin_add_newline: no
@ -152,7 +179,21 @@
run_once: true run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
until: create_dashboard_admin_user.rc == 0 until: create_dashboard_admin_user.rc == 0
when: dashboard_admin_user_exist.rc != 0 when:
- dashboard_admin_user_exist.rc != 0
- dashboard_password_from_stdin | bool
- name: create dashboard admin user (legacy)
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }}
register: create_dashboard_admin_user
retries: 6
delay: 5
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
until: create_dashboard_admin_user.rc == 0
when:
- dashboard_admin_user_exist.rc != 0
- not dashboard_password_from_stdin | bool
- name: set dashboard admin user role - name: set dashboard admin user role
command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-roles {{ dashboard_admin_user | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }} command: timeout --foreground -s KILL 10 {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-roles {{ dashboard_admin_user | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }}
@ -171,13 +212,21 @@
changed_when: false changed_when: false
- name: set grafana api password - name: set grafana api password
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-grafana-api-password -i -" command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-grafana-api-password -i -" # noqa 304
args: args:
stdin: "{{ grafana_admin_password }}" stdin: "{{ grafana_admin_password }}"
stdin_add_newline: no stdin_add_newline: no
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true run_once: true
changed_when: false changed_when: false
when: dashboard_password_from_stdin | bool
- name: set grafana api password (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-password {{ grafana_admin_password }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
when: not dashboard_password_from_stdin | bool
- name: disable ssl verification for grafana - name: disable ssl verification for grafana
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False" command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False"
@ -249,22 +298,36 @@
changed_when: false changed_when: false
- name: set the rgw access key - name: set the rgw access key
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-access-key -i -" command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-access-key -i -" # noqa 304
args: args:
stdin: "{{ rgw_access_key }}" stdin: "{{ rgw_access_key }}"
stdin_add_newline: no stdin_add_newline: no
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true run_once: true
changed_when: false changed_when: false
when: dashboard_password_from_stdin | bool
- name: set the rgw access key (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-access-key {{ rgw_access_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: not dashboard_password_from_stdin | bool
- name: set the rgw secret key - name: set the rgw secret key
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-secret-key -i -" command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-secret-key -i -" # noqa 304
args: args:
stdin: "{{ rgw_secret_key }}" stdin: "{{ rgw_secret_key }}"
stdin_add_newline: no stdin_add_newline: no
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true run_once: true
changed_when: false changed_when: false
when: dashboard_password_from_stdin | bool
- name: set the rgw secret key (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-secret-key {{ rgw_secret_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
when: not dashboard_password_from_stdin | bool
- name: set the rgw host - name: set the rgw host
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-host {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_address'] }}" command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-host {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_address'] }}"
@ -313,7 +376,7 @@
- generate_crt | default(false) | bool - generate_crt | default(false) | bool
- name: add iscsi gateways - ipv4 - name: add iscsi gateways - ipv4
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" # noqa 304
args: args:
stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}" stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}"
stdin_add_newline: no stdin_add_newline: no
@ -321,10 +384,22 @@
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}" with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true run_once: true
when: ip_version == 'ipv4' when:
- ip_version == 'ipv4'
- dashboard_password_from_stdin | bool
- name: add iscsi gateways - ipv4 (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true
when:
- ip_version == 'ipv4'
- not dashboard_password_from_stdin | bool
- name: add iscsi gateways - ipv6 - name: add iscsi gateways - ipv6
command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" # noqa 304
args: args:
stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}" stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}"
stdin_add_newline: no stdin_add_newline: no
@ -332,7 +407,19 @@
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}" with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true run_once: true
when: ip_version == 'ipv6' when:
- ip_version == 'ipv6'
- dashboard_password_from_stdin | bool
- name: add iscsi gateways - ipv6 (legacy)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
run_once: true
when:
- ip_version == 'ipv6'
- not dashboard_password_from_stdin | bool
- name: disable mgr dashboard module (restart) - name: disable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard" command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard"