From 52fc8a0385a7bc58b8b33fc0c5e05db1a03c5c1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Han?= Date: Thu, 10 May 2018 10:38:55 -0700 Subject: [PATCH] rolling_update: move mgr key creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Until all the mons haven't been updated to Luminous, there is no way to create a key. So we should do the key creation in the mon role only if we are not part of an update. If we are then the key creation is done after the mons upgrade to Luminous. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1574995 Signed-off-by: Sébastien Han --- infrastructure-playbooks/rolling_update.yml | 38 ++++++++++++++++++++- roles/ceph-mon/tasks/docker/main.yml | 1 + 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/infrastructure-playbooks/rolling_update.yml b/infrastructure-playbooks/rolling_update.yml index 9216184cd..1f7d2c982 100644 --- a/infrastructure-playbooks/rolling_update.yml +++ b/infrastructure-playbooks/rolling_update.yml @@ -192,7 +192,43 @@ become: True pre_tasks: - # this task has a failed_when: false to handle the scenario where no mgr existed before the upgrade + - name: non container | create ceph mgr keyring(s) + command: "ceph --cluster {{ cluster }} auth get-or-create mgr.{{ hostvars[item]['ansible_hostname'] }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' -o /etc/ceph/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring" + args: + creates: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring" + changed_when: false + delegate_to: "{{ groups[mon_group_name][0] }}" + with_items: + - "{{ groups.get(mgr_group_name, []) }}" + when: + - not containerized_deployment + - "{{ groups.get(mgr_group_name, []) | length > 0 }}" + + - name: container | create ceph mgr keyring(s) + command: "docker exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_hostname'] }} ceph --cluster {{ cluster }} auth get-or-create mgr.{{ hostvars[item]['ansible_hostname'] }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' -o /etc/ceph/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring" + args: + creates: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring" + changed_when: false + delegate_to: "{{ groups[mon_group_name][0] }}" + with_items: + - "{{ groups.get(mgr_group_name, []) }}" + when: + - containerized_deployment + - "{{ groups.get(mgr_group_name, []) | length > 0 }}" + + - name: fetch ceph mgr key(s) + fetch: + src: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring" + dest: "{{ fetch_directory }}/{{ fsid }}/" + flat: yes + fail_on_missing: no + delegate_to: "{{ groups[mon_group_name][0] }}" + with_items: + - "{{ groups.get(mgr_group_name, []) }}" + + # The following task has a failed_when: false + # to handle the scenario where no mgr existed before the upgrade + # or if we run a Ceph cluster before Luminous - name: stop ceph mgr systemd: name: ceph-mgr@{{ ansible_hostname }} diff --git a/roles/ceph-mon/tasks/docker/main.yml b/roles/ceph-mon/tasks/docker/main.yml index 8654cce08..1e84410b3 100644 --- a/roles/ceph-mon/tasks/docker/main.yml +++ b/roles/ceph-mon/tasks/docker/main.yml @@ -128,5 +128,6 @@ when: - item.stat.exists == true when: + - not rolling_update - inventory_hostname == groups[mon_group_name]|last - ceph_release_num[ceph_release] >= ceph_release_num.luminous