ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

iscsi: drop old style iSCSI support 

this kind of deployment is no longer supported, let's drop it.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
drop_igw_modules
Guillaume Abrioux 2022-03-02 23:13:53 +01:00
parent 6c0c53fa2d
commit 11df835789
13 changed files with 6 additions and 968 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
group_vars/all.yml.sample
View File

@ -735,64 +735,6 @@ dummy:
#igw_network: "{{ public_network }}"
##################################
# DEPRECIATED iSCSI TARGET SETUP #
##################################
# WARNING #
# The following values are depreciated. To setup targets, gateways, LUNs, and
# clients you should use gwcli or dashboard. If the following values are set,
# the old ceph-iscsi-config/ceph-iscsi-cli packages will be used.
# Specify the iqn for ALL gateways. This iqn is shared across the gateways, so an iscsi
# client sees the gateway group as a single storage subsystem.
#gateway_iqn: ""
# gateway_ip_list provides a list of the IP Addrresses - one per gateway - that will be used
# as an iscsi target portal ip. The list must be comma separated - and the order determines
# the sequence of TPG's within the iscsi target across each gateway. Once set, additional
# gateways can be added, but the order must *not* be changed.
#gateway_ip_list: 0.0.0.0
# rbd_devices defines the images that should be created and exported from the iscsi gateways.
# If the rbd does not exist, it will be created for you. In addition you may increase the
# size of rbd's by changing the size parameter and rerunning the playbook. A size value lower
# than the current size of the rbd is ignored.
#
# the 'host' parameter defines which of the gateway nodes should handle the physical
# allocation/expansion or removal of the rbd
# to remove an image, simply use a state of 'absent'. This will first check the rbd is not allocated
# to any client, and the remove it from LIO and then delete the rbd image
#
# NB. this variable definition can be commented out to bypass LUN management
#
# Example:
#
#rbd_devices:
# - { pool: 'rbd', image: 'ansible1', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible2', size: '15G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible3', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible4', size: '50G', host: 'ceph-1', state: 'present' }
#rbd_devices: {}
# client_connections defines the client ACL's to restrict client access to specific LUNs
# The settings are as follows;
# - image_list is a comma separated list of rbd images of the form <pool name>.<rbd_image_name>
# - chap supplies the user and password the client will use for authentication of the
# form <user>/<password>
# - status shows the intended state of this client definition - 'present' or 'absent'
#
# NB. this definition can be commented out to skip client (nodeACL) management
#
# Example:
#
#client_connections:
# - { client: 'iqn.1994-05.com.redhat:rh7-iscsi-client', image_list: 'rbd.ansible1,rbd.ansible2', chap: 'rh7-iscsi-client/redhat', status: 'present' }
# - { client: 'iqn.1991-05.com.microsoft:w2k12r2', image_list: 'rbd.ansible4', chap: 'w2k12r2/microsoft_w2k12', status: 'absent' }
#client_connections: {}
#no_log_on_ceph_key_tasks: True
###############

58
group_vars/rhcs.yml.sample
View File

@ -735,64 +735,6 @@ alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alert
#igw_network: "{{ public_network }}"
##################################
# DEPRECIATED iSCSI TARGET SETUP #
##################################
# WARNING #
# The following values are depreciated. To setup targets, gateways, LUNs, and
# clients you should use gwcli or dashboard. If the following values are set,
# the old ceph-iscsi-config/ceph-iscsi-cli packages will be used.
# Specify the iqn for ALL gateways. This iqn is shared across the gateways, so an iscsi
# client sees the gateway group as a single storage subsystem.
#gateway_iqn: ""
# gateway_ip_list provides a list of the IP Addrresses - one per gateway - that will be used
# as an iscsi target portal ip. The list must be comma separated - and the order determines
# the sequence of TPG's within the iscsi target across each gateway. Once set, additional
# gateways can be added, but the order must *not* be changed.
#gateway_ip_list: 0.0.0.0
# rbd_devices defines the images that should be created and exported from the iscsi gateways.
# If the rbd does not exist, it will be created for you. In addition you may increase the
# size of rbd's by changing the size parameter and rerunning the playbook. A size value lower
# than the current size of the rbd is ignored.
#
# the 'host' parameter defines which of the gateway nodes should handle the physical
# allocation/expansion or removal of the rbd
# to remove an image, simply use a state of 'absent'. This will first check the rbd is not allocated
# to any client, and the remove it from LIO and then delete the rbd image
#
# NB. this variable definition can be commented out to bypass LUN management
#
# Example:
#
#rbd_devices:
# - { pool: 'rbd', image: 'ansible1', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible2', size: '15G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible3', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible4', size: '50G', host: 'ceph-1', state: 'present' }
#rbd_devices: {}
# client_connections defines the client ACL's to restrict client access to specific LUNs
# The settings are as follows;
# - image_list is a comma separated list of rbd images of the form <pool name>.<rbd_image_name>
# - chap supplies the user and password the client will use for authentication of the
# form <user>/<password>
# - status shows the intended state of this client definition - 'present' or 'absent'
#
# NB. this definition can be commented out to skip client (nodeACL) management
#
# Example:
#
#client_connections:
# - { client: 'iqn.1994-05.com.redhat:rh7-iscsi-client', image_list: 'rbd.ansible1,rbd.ansible2', chap: 'rh7-iscsi-client/redhat', status: 'present' }
# - { client: 'iqn.1991-05.com.microsoft:w2k12r2', image_list: 'rbd.ansible4', chap: 'w2k12r2/microsoft_w2k12', status: 'absent' }
#client_connections: {}
#no_log_on_ceph_key_tasks: True
###############

96
infrastructure-playbooks/purge-iscsi-gateways.yml
View File

@ -1,96 +0,0 @@
---
- name: Confirm removal of the iSCSI gateway configuration
hosts: localhost
vars_prompt:
- name: purge_config
prompt: Which configuration elements should be purged? (all, lio or abort)
default: 'abort'
private: no
tasks:
- name: Exit playbook if user aborted the purge
fail:
msg: >
"You have aborted the purge of the iSCSI gateway configuration"
when: purge_config == 'abort'
- name: set_fact igw_purge_type
set_fact:
igw_purge_type: "{{ purge_config }}"
- name: stopping the gateways
hosts:
- iscsigws
become: yes
vars:
- igw_purge_type: "{{ hostvars['localhost']['igw_purge_type'] }}"
tasks:
- name: stopping and disabling iscsi daemons
service:
name: "{{ item }}"
state: stopped
enabled: no
with_items:
- rbd-target-gw
- rbd-target-api
- tcmu-runner
- name: removing the gateway configuration
hosts:
- iscsigws
become: yes
vars:
- igw_purge_type: "{{ hostvars['localhost']['igw_purge_type'] }}"
tasks:
- name: igw_purge | deleting configured rbd devices
igw_purge: mode="disks"
when: igw_purge_type == 'all'
run_once: true
- name: igw_purge | purging the gateway configuration
igw_purge: mode="gateway"
run_once: true
- name: restart and enable iscsi daemons
when: igw_purge_type == 'lio'
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- tcmu-runner
- rbd-target-api
- rbd-target-gw
- name: remove the gateways from the ceph dashboard
hosts: mons
become: true
tasks:
- import_role:
name: ceph-defaults
- name: iscsi gateways with ceph dashboard
when: dashboard_enabled | bool
run_once: true
block:
- import_role:
name: ceph-facts
tasks_from: container_binary
- name: set_fact container_exec_cmd
set_fact:
container_exec_cmd: "{{ container_binary }} exec ceph-mon-{{ ansible_facts['hostname'] }}"
when: containerized_deployment | bool
- name: get iscsi gateway list
command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-list -f json"
changed_when: false
register: gateways
- name: remove iscsi gateways
command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-rm {{ item }}"
with_items: '{{ (gateways.stdout | from_json)["gateways"] }}'

135
library/igw_client.py
View File

@ -1,135 +0,0 @@
#!/usr/bin/env python
__author__ = 'pcuzner@redhat.com'
DOCUMENTATION = """
---
module: igw_client
short_description: Manage iscsi gateway client definitions
description:
- This module calls the 'client' configuration management module installed
on the iscsi gateway node to handle the definition of iscsi clients on the
gateway(s). This definition will setup iscsi authentication (e.g. chap),
and mask the required rbd images to the client.
The 'client' configuration module is provided by ceph-iscsi-config
rpm which is installed on the gateway nodes.
To support module debugging, this module logs to
/var/log/ansible-module-igw_config.log on the target machine(s).
option:
client_iqn:
description:
- iqn of the client machine which should be connected or removed from the
iscsi gateway environment
required: true
image_list:
description:
- comma separated string providing the rbd images that this
client definition should have. The rbd images provided must use the
following format <pool_name>.<rbd_image_name>
e.g. rbd.disk1,rbd.disk2
required: true
chap:
description:
- chap credentials for the client to authenticate to the gateways
to gain access to the exported rbds (LUNs). The credentials is a string
value of the form 'username/password'. The iscsi client must then use
these settings to gain access to any LUN resources.
required: true
state:
description:
- desired state for this client - absent or present
required: true
requirements: ['ceph-iscsi-config']
author:
- 'Paul Cuzner'
"""
import os # noqa: E402
import logging # noqa: E402
from logging.handlers import RotatingFileHandler # noqa: E402
from ansible.module_utils.basic import * # noqa: E402,F403
from ceph_iscsi_config.client import GWClient # noqa: E402
import ceph_iscsi_config.settings as settings # noqa: E402
# the main function is called ansible_main to allow the call stack
# to be checked to determine whether the call to the ceph_iscsi_config
# modules is from ansible or not
def ansible_main():
fields = {
"client_iqn": {"required": True, "type": "str"},
"image_list": {"required": True, "type": "str"},
"chap": {"required": True, "type": "str"},
"state": {
"required": True,
"choices": ['present', 'absent'],
"type": "str"
},
}
module = AnsibleModule(argument_spec=fields, # noqa: F405
supports_check_mode=False)
client_iqn = module.params['client_iqn']
if module.params['image_list']:
image_list = module.params['image_list'].split(',')
else:
image_list = []
chap = module.params['chap']
desired_state = module.params['state']
logger.info("START - Client configuration started : {}".format(client_iqn))
# The client is defined using the GWClient class. This class handles
# client attribute updates, rados configuration object updates and LIO
# settings. Since the logic is external to this custom module, clients
# can be created/deleted by other methods in the same manner.
client = GWClient(logger, client_iqn, image_list, chap)
if client.error:
module.fail_json(msg=client.error_msg)
client.manage(desired_state)
if client.error:
module.fail_json(msg=client.error_msg)
logger.info("END - Client configuration complete - {} "
"changes made".format(client.change_count))
changes_made = True if client.change_count > 0 else False
module.exit_json(changed=changes_made,
meta={"msg": "Client definition completed {} "
"changes made".format(client.change_count)})
if __name__ == '__main__':
module_name = os.path.basename(__file__).replace('ansible_module_', '')
logger = logging.getLogger(os.path.basename(module_name))
logger.setLevel(logging.DEBUG)
handler = RotatingFileHandler('/var/log/ansible-module-igw_config.log',
maxBytes=5242880,
backupCount=7)
log_fmt = logging.Formatter('%(asctime)s %(name)s %(levelname)-8s : '
'%(message)s')
handler.setFormatter(log_fmt)
logger.addHandler(handler)
# initialise global variables used by all called modules
# e.g. ceph conffile, keyring etc
settings.init()
ansible_main()

145
library/igw_gateway.py
View File

@ -1,145 +0,0 @@
#!/usr/bin/env python
__author__ = 'pcuzner@redhat.com'
DOCUMENTATION = """
---
module: igw_gateway
short_description: Manage the iscsi gateway definition
description:
- This module calls the 'gateway' configuration management module installed
on the iscsi gateway node(s) to handle the definition of iscsi gateways.
The module will configure;
* the iscsi target and target portal group (TPG)
* rbd maps to the gateway and registration of those rbds as LUNs to the
kernels LIO subsystem
The actual configuration modules are provided by ceph-iscsi-config rpm
which is installed on the gateway nodes.
To support module debugging, this module logs to
/var/log/ansible-module-igw_config.log on the target machine(s).
option:
gateway_iqn:
description:
- iqn that all gateway nodes will use to present a common system image
name to iscsi clients
required: true
gateway_ip_list:
description:
- comma separated string providing the IP addresses that will be used
as iSCSI portal IPs to accept iscsi client connections. Each IP address
should equate to an IP on a gateway node - typically dedicated to iscsi
traffic. The order of the IP addresses determines the TPG sequence
within the target definition - so once defined, new gateways can be
added but *must* be added to the end of this list to preserve the tpg
sequence
e.g. 192.168.122.101,192.168.122.103
required: true
mode:
description:
- mode in which to run the gateway module. Two modes are supported
target ... define the iscsi target iqn, tpg's and portals
map ...... map luns to the tpg's, and also define the ALUA path setting
for each LUN (activeOptimized/activenonoptimized)
required: true
requirements: ['ceph-iscsi-config']
author:
- 'Paul Cuzner'
"""
import os # noqa: E402
import logging # noqa: E402
from logging.handlers import RotatingFileHandler # noqa: E402
from ansible.module_utils.basic import * # noqa: E402,F403
import ceph_iscsi_config.settings as settings # noqa: E402
from ceph_iscsi_config.common import Config # noqa: E402
from ceph_iscsi_config.gateway import GWTarget # noqa: E402
from ceph_iscsi_config.utils import valid_ip # noqa: E402
# the main function is called ansible_main to allow the call stack
# to be checked to determine whether the call to the ceph_iscsi_config
# modules is from ansible or not
def ansible_main():
# Configures the gateway on the host. All images defined are added to
# the default tpg for later allocation to clients
fields = {"gateway_iqn": {"required": True, "type": "str"},
"gateway_ip_list": {"required": True}, # "type": "list"},
"mode": {
"required": True,
"choices": ['target', 'map']
}
}
module = AnsibleModule(argument_spec=fields, # noqa: F405
supports_check_mode=False)
cfg = Config(logger)
if cfg.config['version'] > 3:
module.fail_json(msg="Unsupported iscsigws.yml/iscsi-gws.yml setting "
"detected. Remove depreciated iSCSI target, LUN, "
"client, and gateway settings from "
"iscsigws.yml/iscsi-gws.yml. See "
"iscsigws.yml.sample for list of supported "
"settings")
gateway_iqn = module.params['gateway_iqn']
gateway_ip_list = module.params['gateway_ip_list'].split(',')
mode = module.params['mode']
if not valid_ip(gateway_ip_list):
module.fail_json(msg="Invalid gateway IP address(es) provided - port "
"22 check failed ({})".format(gateway_ip_list))
logger.info("START - GATEWAY configuration started - mode {}".format(mode))
gateway = GWTarget(logger, gateway_iqn, gateway_ip_list)
if gateway.error:
logger.critical("(ansible_main) Gateway init failed - "
"{}".format(gateway.error_msg))
module.fail_json(msg="iSCSI gateway initialisation failed "
"({})".format(gateway.error_msg))
gateway.manage(mode)
if gateway.error:
logger.critical("(main) Gateway creation or load failed, "
"unable to continue")
module.fail_json(msg="iSCSI gateway creation/load failure "
"({})".format(gateway.error_msg))
logger.info("END - GATEWAY configuration complete")
module.exit_json(changed=gateway.changes_made,
meta={"msg": "Gateway setup complete"})
if __name__ == '__main__':
module_name = os.path.basename(__file__).replace('ansible_module_', '')
logger = logging.getLogger(os.path.basename(module_name))
logger.setLevel(logging.DEBUG)
handler = RotatingFileHandler('/var/log/ansible-module-igw_config.log',
maxBytes=5242880,
backupCount=7)
log_fmt = logging.Formatter('%(asctime)s %(name)s %(levelname)-8s : '
'%(message)s')
handler.setFormatter(log_fmt)
logger.addHandler(handler)
# initialise global variables used by all called modules
# e.g. ceph conffile, keyring etc
settings.init()
ansible_main()

168
library/igw_lun.py
View File

@ -1,168 +0,0 @@
#!/usr/bin/env python
__author__ = 'pcuzner@redhat.com'
DOCUMENTATION = """
---
module: igw_lun
short_description: Manage ceph rbd images to present as iscsi LUNs to clients
description:
- This module calls the 'lun' configuration management module installed
on the iscsi gateway node(s). The lun module handles the creation and resize # noqa: E501
of rbd images, and then maps these rbd devices to the gateway node(s) to be
exposed through the kernel's LIO target.
To support module debugging, this module logs to /var/log/ansible-module-igw_config.log # noqa: E501
on the target machine(s).
option:
pool:
description:
- The ceph pool where the image should exist or be created in.
NOTE - The pool *must* exist prior to the Ansible run.
required: true
image:
description:
- this is the rbd image name to create/resize - if the rbd does not exist it
is created for you with the settings optimised for exporting over iscsi.
required: true
size:
description:
- The size of the rbd image to create/resize. The size is numeric suffixed by
G or T (GB or TB). Increasing the size of a LUN is supported, but if a size
is provided that is smaller that the current size, the request is simply ignored.
e.g. 100G
required: true
host:
description:
- the host variable defines the name of the gateway node that will be
the allocation host for this rbd image. RBD creation and resize can
only be performed by one gateway, the other gateways in the
configuration will wait for the operation to complete.
required: true
features:
description:
- placeholder to potentially allow different rbd features to be set at
allocation time by Ansible. NOT CURRENTLY USED
required: false
state:
description:
- desired state for this LUN - absent or present. For a state='absent'
request, the lun module will verify that the rbd image is not allocated to
a client. As long as the rbd image is not in use, the LUN definition will be
removed from LIO, unmapped from all gateways AND DELETED.
USE WITH CARE!
required: true
requirements: ['ceph-iscsi-config']
author:
- 'Paul Cuzner'
"""
import os # noqa: E402
import logging # noqa: E402
from logging.handlers import RotatingFileHandler # noqa: E402
from ansible.module_utils.basic import * # noqa: E402,F403
from ceph_iscsi_config.lun import LUN # noqa: E402
from ceph_iscsi_config.utils import valid_size # noqa: E402
import ceph_iscsi_config.settings as settings # noqa: E402
# the main function is called ansible_main to allow the call stack
# to be checked to determine whether the call to the ceph_iscsi_config
# modules is from ansible or not
def ansible_main():
# Define the fields needs to create/map rbd's the the host(s)
# NB. features and state are reserved/unused
fields = {
"pool": {"required": False, "default": "rbd", "type": "str"},
"image": {"required": True, "type": "str"},
"size": {"required": True, "type": "str"},
"host": {"required": True, "type": "str"},
"features": {"required": False, "type": "str"},
"state": {
"required": False,
"default": "present",
"choices": ['present', 'absent'],
"type": "str"
},
}
# not supporting check mode currently
module = AnsibleModule(argument_spec=fields, # noqa: F405
supports_check_mode=False)
pool = module.params["pool"]
image = module.params['image']
size = module.params['size']
allocating_host = module.params['host']
desired_state = module.params['state']
################################################
# Validate the parameters passed from Ansible #
################################################
if not valid_size(size):
logger.critical("image '{}' has an invalid size specification '{}' "
"in the ansible configuration".format(image,
size))
module.fail_json(msg="(main) Unable to use the size parameter '{}' "
"for image '{}' from the playbook - "
"must be a number suffixed by M,G "
"or T".format(size,
image))
# define a lun object and perform some initial parameter validation
lun = LUN(logger, pool, image, size, allocating_host)
if lun.error:
module.fail_json(msg=lun.error_msg)
logger.info("START - LUN configuration started for {}/{}".format(pool,
image))
# attempt to create/allocate the LUN for LIO
lun.manage(desired_state)
if lun.error:
module.fail_json(msg=lun.error_msg)
if lun.num_changes == 0:
logger.info("END - No changes needed")
else:
logger.info("END - {} configuration changes "
"made".format(lun.num_changes))
module.exit_json(changed=(lun.num_changes > 0),
meta={"msg": "Configuration updated"})
if __name__ == '__main__':
module_name = os.path.basename(__file__).replace('ansible_module_', '')
logger = logging.getLogger(os.path.basename(module_name))
logger.setLevel(logging.DEBUG)
handler = RotatingFileHandler('/var/log/ansible-module-igw_config.log',
maxBytes=5242880,
backupCount=7)
log_fmt = logging.Formatter('%(asctime)s %(name)s %(levelname)-8s : '
'%(message)s')
handler.setFormatter(log_fmt)
logger.addHandler(handler)
# initialise global variables used by all called modules
# e.g. ceph conffile, keyring etc
settings.init()
ansible_main()

161
library/igw_purge.py
View File

@ -1,161 +0,0 @@
#!/usr/bin/env python
DOCUMENTATION = """
---
module: igw_purge
short_description: Provide a purge capability to remove an iSCSI gateway
environment
description:
- This module handles the removal of a gateway configuration from a ceph
environment.
The playbook that calls this module prompts the user for the type of purge
to perform.
The purge options are;
all ... purge all LIO configuration *and* delete all defined rbd images
lio ... purge only the LIO configuration (rbd's are left intact)
USE WITH CAUTION
To support module debugging, this module logs to
/var/log/ansible-module-igw_config.log on each target machine(s).
option:
mode:
description:
- the mode defines the type of purge requested
gateway ... remove the LIO configuration only
disks ... remove the rbd disks defined to the gateway
required: true
requirements: ['ceph-iscsi-config', 'python-rtslib']
author:
- 'Paul Cuzner'
"""
import os # noqa: E402
import logging # noqa: E402
import socket # noqa: E402,F401
import rados # noqa: E402
import rbd # noqa: E402
from logging.handlers import RotatingFileHandler # noqa: E402
from ansible.module_utils.basic import * # noqa: E402,F403
import ceph_iscsi_config.settings as settings # noqa: E402
from ceph_iscsi_config.common import Config # noqa: E402
from ceph_iscsi_config.lun import RBDDev # noqa: E402
__author__ = 'pcuzner@redhat.com'
def delete_images(cfg):
changes_made = False
for disk_name, disk in cfg.config['disks'].items():
image = disk['image']
logger.debug("Deleing image {}".format(image))
backstore = disk.get('backstore')
if backstore is None:
# ceph iscsi-config based.
rbd_dev = RBDDev(image, 0, disk['pool'])
else:
# ceph-iscsi based.
rbd_dev = RBDDev(image, 0, backstore, disk['pool'])
try:
rbd_dev.delete()
except rbd.ImageNotFound:
# Just log and ignore. If we crashed while purging we could delete
# the image but not removed it from the config
logger.debug("Image already deleted.")
except rbd.ImageHasSnapshots:
logger.error("Image still has snapshots.")
# Older versions of ceph-iscsi-config do not have a error_msg
# string.
if not rbd_dev.error_msg:
rbd_dev.error_msg = "Image has snapshots."
if rbd_dev.error:
if rbd_dev.error_msg:
logger.error("Could not remove {}. Error: {}. Manually run the " # noqa: E501
"rbd command line tool to delete.".
format(image, rbd_dev.error_msg))
else:
logger.error("Could not remove {}. Manually run the rbd "
"command line tool to delete.".format(image))
else:
changes_made = True
return changes_made
def delete_gateway_config(cfg, module):
ioctx = cfg._open_ioctx()
try:
size, mtime = ioctx.stat(cfg.config_name)
except rados.ObjectNotFound:
logger.debug("gateway.conf already removed.")
return False
try:
ioctx.remove_object(cfg.config_name)
except Exception as err:
module.fail_json(msg="Gateway config object failed: {}".format(err))
return True
def ansible_main():
fields = {"mode": {"required": True,
"type": "str",
"choices": ["gateway", "disks"]
}
}
module = AnsibleModule(argument_spec=fields, # noqa: F405
supports_check_mode=False)
run_mode = module.params['mode']
changes_made = False
logger.info("START - GATEWAY configuration PURGE started, run mode "
"is {}".format(run_mode))
cfg = Config(logger)
#
# Purge gateway configuration, if the config has gateways
if run_mode == 'gateway':
changes_made = delete_gateway_config(cfg, module)
elif run_mode == 'disks' and len(cfg.config['disks'].keys()) > 0:
#
# Remove the disks on this host, that have been registered in the
# config object
changes_made = delete_images(cfg)
logger.info("END - GATEWAY configuration PURGE complete")
module.exit_json(changed=changes_made,
meta={"msg": "Purge of iSCSI settings ({}) "
"complete".format(run_mode)})
if __name__ == '__main__':
module_name = os.path.basename(__file__).replace('ansible_module_', '')
logger = logging.getLogger(os.path.basename(module_name))
logger.setLevel(logging.DEBUG)
handler = RotatingFileHandler('/var/log/ansible-module-igw_config.log',
maxBytes=5242880,
backupCount=7)
log_fmt = logging.Formatter('%(asctime)s %(name)s %(levelname)-8s : '
'%(message)s')
handler.setFormatter(log_fmt)
logger.addHandler(handler)
settings.init()
ansible_main()

58
roles/ceph-defaults/defaults/main.yml
View File

@ -727,64 +727,6 @@ alertmanager_dashboard_api_no_ssl_verify: "{{ true if dashboard_protocol == 'htt
igw_network: "{{ public_network }}"
##################################
# DEPRECIATED iSCSI TARGET SETUP #
##################################
# WARNING #
# The following values are depreciated. To setup targets, gateways, LUNs, and
# clients you should use gwcli or dashboard. If the following values are set,
# the old ceph-iscsi-config/ceph-iscsi-cli packages will be used.
# Specify the iqn for ALL gateways. This iqn is shared across the gateways, so an iscsi
# client sees the gateway group as a single storage subsystem.
gateway_iqn: ""
# gateway_ip_list provides a list of the IP Addrresses - one per gateway - that will be used
# as an iscsi target portal ip. The list must be comma separated - and the order determines
# the sequence of TPG's within the iscsi target across each gateway. Once set, additional
# gateways can be added, but the order must *not* be changed.
gateway_ip_list: 0.0.0.0
# rbd_devices defines the images that should be created and exported from the iscsi gateways.
# If the rbd does not exist, it will be created for you. In addition you may increase the
# size of rbd's by changing the size parameter and rerunning the playbook. A size value lower
# than the current size of the rbd is ignored.
#
# the 'host' parameter defines which of the gateway nodes should handle the physical
# allocation/expansion or removal of the rbd
# to remove an image, simply use a state of 'absent'. This will first check the rbd is not allocated
# to any client, and the remove it from LIO and then delete the rbd image
#
# NB. this variable definition can be commented out to bypass LUN management
#
# Example:
#
#rbd_devices:
# - { pool: 'rbd', image: 'ansible1', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible2', size: '15G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible3', size: '30G', host: 'ceph-1', state: 'present' }
# - { pool: 'rbd', image: 'ansible4', size: '50G', host: 'ceph-1', state: 'present' }
rbd_devices: {}
# client_connections defines the client ACL's to restrict client access to specific LUNs
# The settings are as follows;
# - image_list is a comma separated list of rbd images of the form <pool name>.<rbd_image_name>
# - chap supplies the user and password the client will use for authentication of the
# form <user>/<password>
# - status shows the intended state of this client definition - 'present' or 'absent'
#
# NB. this definition can be commented out to skip client (nodeACL) management
#
# Example:
#
#client_connections:
# - { client: 'iqn.1994-05.com.redhat:rh7-iscsi-client', image_list: 'rbd.ansible1,rbd.ansible2', chap: 'rh7-iscsi-client/redhat', status: 'present' }
# - { client: 'iqn.1991-05.com.microsoft:w2k12r2', image_list: 'rbd.ansible4', chap: 'w2k12r2/microsoft_w2k12', status: 'absent' }
client_connections: {}
no_log_on_ceph_key_tasks: True
###############

5
roles/ceph-facts/tasks/facts.yml
View File

@ -255,11 +255,6 @@
import_tasks: set_radosgw_address.yml
when: inventory_hostname in groups.get(rgw_group_name, [])
- name: set_fact use_new_ceph_iscsi package or old ceph-iscsi-config/cli
set_fact:
use_new_ceph_iscsi: "{{ (gateway_ip_list == '0.0.0.0' and gateway_iqn | length == 0 and client_connections | length == 0 and rbd_devices | length == 0) | bool | ternary(true, false) }}"
when: iscsi_gw_group_name in group_names
- name: set_fact ceph_run_cmd
set_fact:
ceph_run_cmd: "{{ container_binary + ' run --rm --net=host -v /etc/ceph:/etc/ceph:z -v /var/lib/ceph/:/var/lib/ceph/:z -v /var/log/ceph/:/var/log/ceph/:z --entrypoint=ceph ' + ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else 'ceph' }}"

6
roles/ceph-iscsi-gw/tasks/main.yml
View File

@ -13,12 +13,6 @@
include_tasks: deploy_ssl_keys.yml
when: generate_crt | bool
- name: include non-container/configure_iscsi.yml
include_tasks: non-container/configure_iscsi.yml
when:
- not containerized_deployment | bool
- not use_new_ceph_iscsi | bool
- name: include non-container/postrequisites.yml
include_tasks: non-container/postrequisites.yml
when: not containerized_deployment | bool

33
roles/ceph-iscsi-gw/tasks/non-container/configure_iscsi.yml
View File

@ -1,33 +0,0 @@
---
- name: igw_gateway (tgt) | configure iscsi target (gateway)
igw_gateway:
mode: "target"
gateway_iqn: "{{ gateway_iqn }}"
gateway_ip_list: "{{ gateway_ip_list }}"
register: target
- name: igw_lun | configure luns (create/map rbds and add to lio)
igw_lun:
pool: "{{ item.pool }}"
image: "{{ item.image }}"
size: "{{ item.size }}"
host: "{{ item.host }}"
state: "{{ item.state }}"
with_items: "{{ rbd_devices }}"
register: images
- name: igw_gateway (map) | map luns to the iscsi target
igw_gateway:
mode: "map"
gateway_iqn: "{{ gateway_iqn }}"
gateway_ip_list: "{{ gateway_ip_list }}"
register: luns
- name: igw_client | configure client connectivity
igw_client:
client_iqn: "{{ item.client }}"
image_list: "{{ item.image_list }}"
chap: "{{ item.chap }}"
state: "{{ item.status }}"
with_items: "{{ client_connections }}"
register: clients

25
roles/ceph-iscsi-gw/tasks/non-container/prerequisites.yml
View File

@ -2,24 +2,12 @@
- name: red hat based systems tasks
when: ansible_facts['os_family'] == 'RedHat'
block:
- name: set_fact common_pkgs
- name: set_fact iscsi_pkgs
set_fact:
common_pkgs:
iscsi_pkgs:
- tcmu-runner
- targetcli
- name: set_fact base iscsi pkgs if new style ceph-iscsi
set_fact:
iscsi_base:
- ceph-iscsi
when: use_new_ceph_iscsi | bool
- name: set_fact base iscsi pkgs if using older ceph-iscsi-config
set_fact:
iscsi_base:
- ceph-iscsi-cli
- ceph-iscsi-config
when: not use_new_ceph_iscsi | bool
- name: when ceph_iscsi_config_dev is true
when:
@ -37,17 +25,16 @@
- name: ceph-iscsi development repository
get_url:
url: "https://shaman.ceph.com/api/repos/{{ item }}/master/latest/{{ ansible_facts['distribution'] | lower }}/{{ ansible_facts['distribution_major_version'] }}/repo"
dest: '/etc/yum.repos.d/{{ item }}-dev.repo'
url: "https://shaman.ceph.com/api/repos/ceph-iscsi/master/latest/{{ ansible_facts['distribution'] | lower }}/{{ ansible_facts['distribution_major_version'] }}/repo"
dest: '/etc/yum.repos.d/ceph-iscsi-dev.repo'
force: true
register: result
until: result is succeeded
with_items: '{{ iscsi_base }}'
when: ceph_repository == 'dev'
- name: ceph-iscsi stable repository
get_url:
url: "https://download.ceph.com/ceph-iscsi/{{ '3' if use_new_ceph_iscsi | bool else '2' }}/rpm/el{{ ansible_facts['distribution_major_version'] }}/ceph-iscsi.repo"
url: "https://download.ceph.com/ceph-iscsi/3/rpm/el{{ ansible_facts['distribution_major_version'] }}/ceph-iscsi.repo"
dest: /etc/yum.repos.d/ceph-iscsi.repo
force: true
register: result
@ -56,7 +43,7 @@
- name: install ceph iscsi package
package:
name: "{{ common_pkgs + iscsi_base }}"
name: "{{ iscsi_pkgs }}"
state: "{{ (upgrade_ceph_packages|bool) | ternary('latest','present') }}"
register: result
until: result is succeeded

26
roles/ceph-validate/tasks/check_iscsi.yml
View File

@ -4,32 +4,6 @@
msg: "iSCSI gateways can only be deployed on Red Hat Enterprise Linux, CentOS or Fedora"
when: ansible_facts['distribution'] not in ['RedHat', 'CentOS', 'Fedora']
- name: make sure gateway_ip_list is configured
fail:
msg: "you must set a list of IPs (comma separated) for gateway_ip_list"
when:
- gateway_ip_list == '0.0.0.0'
- not containerized_deployment | bool
- not use_new_ceph_iscsi | bool
- name: make sure gateway_iqn is configured
fail:
msg: "you must set a iqn for the iSCSI target"
when:
- gateway_iqn | length == 0
- not containerized_deployment | bool
- not use_new_ceph_iscsi | bool
- name: fail if unsupported chap configuration
fail:
msg: "Mixing clients with CHAP enabled and disabled is not supported."
with_items: "{{ client_connections }}"
when:
- item.status is defined
- item.status == "present"
- item.chap
- " '' in client_connections | selectattr('status', 'match', 'present') | map(attribute='chap') | list"
- name: fail on unsupported distribution version for iscsi gateways
command: "grep -q {{ item }}=m {% if is_atomic|bool %}/usr/lib/ostree-boot{% else %}/boot{% endif %}/config-{{ ansible_facts['kernel'] }}"
register: iscsi_kernel