rolling_update: move mgr key creation

Until all the mons haven't been updated to Luminous, there is no way to create a key. So we should do the key creation in the mon role only if we are not part of an update. If we are then the key creation is done after the mons upgrade to Luminous. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1574995 Signed-off-by: Sébastien Han <seb@redhat.com>
2018-05-10 10:38:55 -07:00 · 2018-05-10 10:38:55 -07:00 · 52fc8a0385
parent e810fb217f
commit 52fc8a0385
2 changed files with 38 additions and 1 deletions
--- a/infrastructure-playbooks/rolling_update.yml
+++ b/infrastructure-playbooks/rolling_update.yml
@ -192,7 +192,43 @@
  become: True

  pre_tasks:
-    # this task has a failed_when: false to handle the scenario where no mgr existed before the upgrade
+    - name: non container | create ceph mgr keyring(s)
+      command: "ceph --cluster {{ cluster }} auth get-or-create mgr.{{ hostvars[item]['ansible_hostname'] }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' -o /etc/ceph/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
+      args:
+        creates: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
+      changed_when: false
+      delegate_to: "{{ groups[mon_group_name][0] }}"
+      with_items:
+        - "{{ groups.get(mgr_group_name, []) }}"
+      when:
+        - not containerized_deployment
+        - "{{ groups.get(mgr_group_name, []) | length > 0 }}"
+
+    - name: container | create ceph mgr keyring(s)
+      command: "docker exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_hostname'] }} ceph --cluster {{ cluster }} auth get-or-create mgr.{{ hostvars[item]['ansible_hostname'] }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' -o /etc/ceph/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
+      args:
+        creates: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
+      changed_when: false
+      delegate_to: "{{ groups[mon_group_name][0] }}"
+      with_items:
+        - "{{ groups.get(mgr_group_name, []) }}"
+      when:
+        - containerized_deployment
+        - "{{ groups.get(mgr_group_name, []) | length > 0 }}"
+
+    - name: fetch ceph mgr key(s)
+      fetch:
+        src: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
+        dest: "{{ fetch_directory }}/{{ fsid }}/"
+        flat: yes
+        fail_on_missing: no
+      delegate_to: "{{ groups[mon_group_name][0] }}"
+      with_items:
+        - "{{ groups.get(mgr_group_name, []) }}"
+
+    # The following task has a failed_when: false
+    # to handle the scenario where no mgr existed before the upgrade
+    # or if we run a Ceph cluster before Luminous
    - name: stop ceph mgr
      systemd:
        name: ceph-mgr@{{ ansible_hostname }}
--- a/roles/ceph-mon/tasks/docker/main.yml
+++ b/roles/ceph-mon/tasks/docker/main.yml
@ -128,5 +128,6 @@
    when:
      - item.stat.exists == true
  when:
+    - not rolling_update
    - inventory_hostname == groups[mon_group_name]|last
    - ceph_release_num[ceph_release] >= ceph_release_num.luminous