From c33cfc000be0221cd9512fa06fded0b8e2265225 Mon Sep 17 00:00:00 2001
From: Guillaume Abrioux <gabrioux@redhat.com>
Date: Mon, 19 Sep 2022 16:10:39 +0200
Subject: [PATCH] rgw: do not use daemon

This changes the entrypoint used for radosgw containerized daemons
in the systemd template.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
---
 roles/ceph-handler/tasks/main.yml             |  1 -
 roles/ceph-rgw/tasks/main.yml                 |  1 -
 roles/ceph-rgw/tasks/pre_requisite.yml        | 51 +++++++++++++++++--
 .../templates/ceph-radosgw.service.j2         | 19 +++----
 4 files changed, 55 insertions(+), 17 deletions(-)

diff --git a/roles/ceph-handler/tasks/main.yml b/roles/ceph-handler/tasks/main.yml
index 40157c70f..66ff53237 100644
--- a/roles/ceph-handler/tasks/main.yml
+++ b/roles/ceph-handler/tasks/main.yml
@@ -64,7 +64,6 @@
       import_role:
         name: ceph-rgw
         tasks_from: pre_requisite.yml
-      when: not containerized_deployment | bool
 
     - name: import_role ceph-rgw
       import_role:
diff --git a/roles/ceph-rgw/tasks/main.yml b/roles/ceph-rgw/tasks/main.yml
index 5811115b1..fc7e84c74 100644
--- a/roles/ceph-rgw/tasks/main.yml
+++ b/roles/ceph-rgw/tasks/main.yml
@@ -4,7 +4,6 @@
 
 - name: include_tasks pre_requisite.yml
   include_tasks: pre_requisite.yml
-  when: not containerized_deployment | bool
 
 - name: rgw pool creation tasks
   include_tasks: rgw_create_pools.yml
diff --git a/roles/ceph-rgw/tasks/pre_requisite.yml b/roles/ceph-rgw/tasks/pre_requisite.yml
index af42f688f..2e2ddaf6c 100644
--- a/roles/ceph-rgw/tasks/pre_requisite.yml
+++ b/roles/ceph-rgw/tasks/pre_requisite.yml
@@ -1,4 +1,15 @@
 ---
+- name: create rados gateway directories
+  file:
+    path: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}"
+    state: directory
+    owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    mode: "{{ ceph_directories_mode }}"
+  delegate_to: "{{ groups.get(mon_group_name, [])[0] }}"
+  loop: "{{ rgw_instances }}"
+  when: groups.get(mon_group_name, []) | length > 0
+
 - name: create rgw keyrings
   ceph_key:
     name: "client.rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}"
@@ -9,13 +20,45 @@
     caps:
       osd: 'allow rwx'
       mon: 'allow rw'
-    import_key: False
-    owner: "ceph"
-    group: "ceph"
+    import_key: "{{ True if groups.get(mon_group_name, []) | length > 0 else False }}"
+    owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
     mode: "0600"
   no_log: "{{ no_log_on_ceph_key_tasks }}"
+  delegate_to: "{{ groups[mon_group_name][0] if groups.get(mon_group_name, []) | length > 0 else 'localhost'}}"
   environment:
     CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
     CEPH_CONTAINER_BINARY: "{{ container_binary }}"
   with_items: "{{ rgw_instances }}"
-  when: cephx | bool
\ No newline at end of file
+  when: cephx | bool
+
+- name: get keys from monitors
+  ceph_key:
+    name: "client.rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}"
+    cluster: "{{ cluster }}"
+    output_format: plain
+    state: info
+  environment:
+    CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
+    CEPH_CONTAINER_BINARY: "{{ container_binary }}"
+  register: _rgw_keys
+  loop: "{{ rgw_instances }}"
+  delegate_to: "{{ groups.get(mon_group_name)[0] }}"
+  when:
+    - cephx | bool
+    - groups.get(mon_group_name, []) | length > 0
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
+
+- name: copy ceph key(s) if needed
+  copy:
+    dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.{{ item.item.instance_name }}/keyring"
+    content: "{{ item.stdout + '\n' }}"
+    owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
+    mode: "{{ ceph_keyring_permissions }}"
+  with_items: "{{ _rgw_keys.results }}"
+  when:
+    - cephx | bool
+    - item is not skipped
+    - groups.get(mon_group_name, []) | length > 0
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 9e658f8cb..c618437e5 100644
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -34,26 +34,23 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
   {% if ceph_rgw_docker_cpuset_mems is defined -%}
   --cpuset-mems="{{ ceph_rgw_docker_cpuset_mems }}" \
   {% endif -%}
-  -v /var/lib/ceph/radosgw:/var/lib/ceph/radosgw:z \
-  -v /var/lib/ceph/bootstrap-rgw:/var/lib/ceph/bootstrap-rgw:z \
-  -v /etc/ceph:/etc/ceph:z \
-  -v /var/run/ceph:/var/run/ceph:z \
-  -v /etc/localtime:/etc/localtime:ro \
-  -v /var/log/ceph:/var/log/ceph:z \
+  -v /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.${INST_NAME}:/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.${INST_NAME}:z \
+  -v /etc/ceph:/etc/ceph \
+  -v /var/run/ceph:/var/run/ceph \
+  -v /etc/localtime:/etc/localtime \
+  -v /var/log/ceph:/var/log/ceph \
   {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
   {% endif -%}
   {% if radosgw_frontend_ssl_certificate -%}
   -v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }} \
   {% endif -%}
-  -e CEPH_DAEMON=RGW \
-  -e CLUSTER={{ cluster }} \
-  -e RGW_NAME={{ ansible_facts['hostname'] }}.${INST_NAME} \
-  -e CONTAINER_IMAGE={{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \
   -e TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES={{ ceph_tcmalloc_max_total_thread_cache }} \
   --name=ceph-rgw-{{ ansible_facts['hostname'] }}-${INST_NAME} \
+  --entrypoint=/usr/bin/radosgw \
   {{ ceph_rgw_docker_extra_env }} \
-  {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
+  {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \
+  -f -n client.rgw.{{ ansible_facts['hostname'] }}.${INST_NAME} -k /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.${INST_NAME}/keyring
 {% if container_binary == 'podman' %}
 ExecStop=-/usr/bin/sh -c "/usr/bin/{{ container_binary }} rm -f `cat /%t/%n-cid`"
 {% else %}