ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

adopt: import rgw ssl certificate into kv store 

Without this, when rgw is managed by cephadm, it fails to start because
the ssl certificate isn't present in the kv store.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987010
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1988404

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Co-authored-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 930fc4c850)
pull/6807/head
Guillaume Abrioux 2021-07-28 21:50:15 +02:00 committed by Dimitri Savineau
parent f8facde33a
commit 6e9cf80747
1 changed files with 52 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
infrastructure-playbooks/cephadm-adopt.yml
View File

@ -699,7 +699,7 @@
path: "/var/lib/ceph/mds/{{ cluster }}-{{ ansible_facts['hostname'] }}" path: "/var/lib/ceph/mds/{{ cluster }}-{{ ansible_facts['hostname'] }}"
state: absent state: absent
- name: rgw realm/zonegroup/zone requirements - name: redeploy rgw daemons
hosts: "{{ rgw_group_name | default('rgws') }}" hosts: "{{ rgw_group_name | default('rgws') }}"
become: true become: true
gather_facts: false gather_facts: false
@ -712,63 +712,65 @@
name: ceph-facts name: ceph-facts
tasks_from: set_radosgw_address.yml tasks_from: set_radosgw_address.yml
- name: for non multisite setup - name: import rgw ssl certificate into kv store
when: not rgw_multisite | bool when: radosgw_frontend_ssl_certificate | length > 0
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
block: block:
- name: create a default realm - name: slurp rgw ssl certificate
radosgw_realm: slurp:
cluster: "{{ cluster }}" src: "{{ radosgw_frontend_ssl_certificate }}"
name: default register: rgw_ssl_cert
default: true
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
- name: modify the default zonegroup - name: store ssl certificate in kv store (not multisite)
radosgw_zonegroup: command: >
cluster: "{{ cluster }}" {{ container_binary }} run --rm -i -v /etc/ceph:/etc/ceph:z --entrypoint=ceph {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} --cluster {{ cluster }}
name: default config-key set rgw/cert/rgw.{{ ansible_facts['hostname'] }} -i -
realm: default args:
master: true stdin: "{{ rgw_ssl_cert.content | b64decode }}"
default: true stdin_add_newline: no
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
- name: modify the default zone
radosgw_zone:
cluster: "{{ cluster }}"
name: default
realm: default
zonegroup: default
master: true
default: true
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
- name: commit the period
command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- radosgw-admin --cluster {{ cluster }} period update --commit"
changed_when: false changed_when: false
when: not rgw_multisite | bool
delegate_to: "{{ groups[mon_group_name][0] }}"
environment:
CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
- name: store ssl certificate in kv store (multisite)
command: >
{{ container_binary }} run --rm -i -v /etc/ceph:/etc/ceph:z --entrypoint=ceph {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} --cluster {{ cluster }}
config-key set rgw/cert/rgw.{{ ansible_facts['hostname'] }}.{{ item.rgw_realm }}.{{ item.rgw_zone }}.{{ item.radosgw_frontend_port }} -i -
args:
stdin: "{{ rgw_ssl_cert.content | b64decode }}"
stdin_add_newline: no
changed_when: false
loop: "{{ rgw_instances }}"
when: rgw_multisite | bool
delegate_to: "{{ groups[mon_group_name][0] }}"
environment: environment:
CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}' CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
- name: update the placement of radosgw hosts - name: update the placement of radosgw hosts
command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} orch apply rgw {{ cluster }} {{ rgw_realm | default('default') }} {{ rgw_zone | default('default') }} --placement='count-per-host:{{ radosgw_num_instances }} label:{{ rgw_group_name }}' --port={{ radosgw_frontend_port }} {{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}" command: >
run_once: true {{ cephadm_cmd }} shell --fsid {{ fsid }} --
ceph --cluster {{ cluster }} orch apply rgw {{ ansible_facts['hostname'] }}
--placement='count-per-host:{{ radosgw_num_instances }} {{ ansible_facts['hostname'] }}'
--port={{ radosgw_frontend_port }}
{{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}
changed_when: false changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
when: not rgw_multisite | bool
environment: environment:
CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}' CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
- name: update the placement of radosgw multisite hosts - name: update the placement of radosgw multisite hosts
command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} orch apply rgw {{ item.host }}.{{ item.rgw_realm }}.{{ item.rgw_zone }}.{{ item.radosgw_frontend_port }} --realm={{ item.rgw_realm }} --zone={{ item.rgw_zone }} --port={{ item.radosgw_frontend_port }} --placement={{ item.host }}" command: >
{{ cephadm_cmd }} shell --fsid {{ fsid }} --
ceph --cluster {{ cluster }} orch apply rgw {{ ansible_facts['hostname'] }}.{{ item.rgw_realm }}.{{ item.rgw_zone }}.{{ item.radosgw_frontend_port }}
--placement={{ ansible_facts['hostname'] }}
--realm={{ item.rgw_realm }} --zone={{ item.rgw_zone }}
--port={{ item.radosgw_frontend_port }}
{{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}
changed_when: false changed_when: false
with_items: "{{ rgw_instances_all }}" loop: "{{ rgw_instances }}"
when: rgw_multisite | bool when: rgw_multisite | bool
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
environment: environment:
CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}' CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'