rgw: do not use daemon

This changes the entrypoint used for radosgw containerized daemons in the systemd template. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-09-19 16:10:39 +02:00 · 2022-09-19 16:10:39 +02:00 · c33cfc000b
parent 3b36a4e826
commit c33cfc000b
4 changed files with 55 additions and 17 deletions
--- a/roles/ceph-handler/tasks/main.yml
+++ b/roles/ceph-handler/tasks/main.yml
@ -64,7 +64,6 @@
      import_role:
        name: ceph-rgw
        tasks_from: pre_requisite.yml
-      when: not containerized_deployment | bool

    - name: import_role ceph-rgw
      import_role:
--- a/roles/ceph-rgw/tasks/main.yml
+++ b/roles/ceph-rgw/tasks/main.yml
@ -4,7 +4,6 @@

 - name: include_tasks pre_requisite.yml
  include_tasks: pre_requisite.yml
-  when: not containerized_deployment | bool

 - name: rgw pool creation tasks
  include_tasks: rgw_create_pools.yml
--- a/roles/ceph-rgw/tasks/pre_requisite.yml
+++ b/roles/ceph-rgw/tasks/pre_requisite.yml
@ -1,4 +1,15 @@
 ---
+- name: create rados gateway directories
+  file:
+    path: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}"
+    state: directory
+    owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    mode: "{{ ceph_directories_mode }}"
+  delegate_to: "{{ groups.get(mon_group_name, [])[0] }}"
+  loop: "{{ rgw_instances }}"
+  when: groups.get(mon_group_name, []) | length > 0
+
 - name: create rgw keyrings
  ceph_key:
    name: "client.rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}"
@ -9,13 +20,45 @@
    caps:
      osd: 'allow rwx'
      mon: 'allow rw'
-    import_key: False
-    owner: "ceph"
-    group: "ceph"
+    import_key: "{{ True if groups.get(mon_group_name, []) | length > 0 else False }}"
+    owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
    mode: "0600"
  no_log: "{{ no_log_on_ceph_key_tasks }}"
+  delegate_to: "{{ groups[mon_group_name][0] if groups.get(mon_group_name, []) | length > 0 else 'localhost'}}"
  environment:
    CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
    CEPH_CONTAINER_BINARY: "{{ container_binary }}"
  with_items: "{{ rgw_instances }}"
-  when: cephx | bool
+  when: cephx | bool
+
+- name: get keys from monitors
+  ceph_key:
+    name: "client.rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}"
+    cluster: "{{ cluster }}"
+    output_format: plain
+    state: info
+  environment:
+    CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
+    CEPH_CONTAINER_BINARY: "{{ container_binary }}"
+  register: _rgw_keys
+  loop: "{{ rgw_instances }}"
+  delegate_to: "{{ groups.get(mon_group_name)[0] }}"
+  when:
+    - cephx | bool
+    - groups.get(mon_group_name, []) | length > 0
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
+
+- name: copy ceph key(s) if needed
+  copy:
+    dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.{{ item.item.instance_name }}/keyring"
+    content: "{{ item.stdout + '\n' }}"
+    owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    mode: "{{ ceph_keyring_permissions }}"
+  with_items: "{{ _rgw_keys.results }}"
+  when:
+    - cephx | bool
+    - item is not skipped
+    - groups.get(mon_group_name, []) | length > 0
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@ -34,26 +34,23 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
  {% if ceph_rgw_docker_cpuset_mems is defined -%}
  --cpuset-mems="{{ ceph_rgw_docker_cpuset_mems }}" \
  {% endif -%}
-  -v /var/lib/ceph/radosgw:/var/lib/ceph/radosgw:z \
-  -v /var/lib/ceph/bootstrap-rgw:/var/lib/ceph/bootstrap-rgw:z \
-  -v /etc/ceph:/etc/ceph:z \
-  -v /var/run/ceph:/var/run/ceph:z \
-  -v /etc/localtime:/etc/localtime:ro \
-  -v /var/log/ceph:/var/log/ceph:z \
+  -v /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.${INST_NAME}:/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.${INST_NAME}:z \
+  -v /etc/ceph:/etc/ceph \
+  -v /var/run/ceph:/var/run/ceph \
+  -v /etc/localtime:/etc/localtime \
+  -v /var/log/ceph:/var/log/ceph \
  {% if ansible_facts['os_family'] == 'RedHat' -%}
  -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
  {% endif -%}
  {% if radosgw_frontend_ssl_certificate -%}
  -v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }} \
  {% endif -%}
-  -e CEPH_DAEMON=RGW \
-  -e CLUSTER={{ cluster }} \
-  -e RGW_NAME={{ ansible_facts['hostname'] }}.${INST_NAME} \
-  -e CONTAINER_IMAGE={{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \
  -e TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES={{ ceph_tcmalloc_max_total_thread_cache }} \
  --name=ceph-rgw-{{ ansible_facts['hostname'] }}-${INST_NAME} \
+  --entrypoint=/usr/bin/radosgw \
  {{ ceph_rgw_docker_extra_env }} \
-  {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
+  {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \
+  -f -n client.rgw.{{ ansible_facts['hostname'] }}.${INST_NAME} -k /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.${INST_NAME}/keyring
 {% if container_binary == 'podman' %}
 ExecStop=-/usr/bin/sh -c "/usr/bin/{{ container_binary }} rm -f `cat /%t/%n-cid`"
 {% else %}