ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

global: remove fetch_directory dependency 

This commit drops the fetch_directory dependency.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1622688

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit ab370b6ad8)
pull/4475/head
Guillaume Abrioux 2019-09-23 13:30:05 +02:00
parent 96dafd676c
commit e1d06f498c
16 changed files with 263 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/iscsigws.yml.sample
View File

@ -19,6 +19,8 @@ dummy:
#iscsi_pool_name: rbd #iscsi_pool_name: rbd
#iscsi_pool_size: "{{ osd_pool_default_size }}" #iscsi_pool_size: "{{ osd_pool_default_size }}"
#copy_admin_key: True
################## ##################
# RBD-TARGET-API # # RBD-TARGET-API #
################## ##################

2
group_vars/rbdmirrors.yml.sample
View File

@ -11,8 +11,6 @@ dummy:
# SETUP # # SETUP #
######### #########
#fetch_directory: fetch/
# Even though rbd-mirror nodes should not have the admin key # Even though rbd-mirror nodes should not have the admin key
# at their disposal, some people might want to have it # at their disposal, some people might want to have it
# distributed on rbd-mirror nodes. Setting 'copy_admin_key' to 'true' # distributed on rbd-mirror nodes. Setting 'copy_admin_key' to 'true'

2
roles/ceph-iscsi-gw/defaults/main.yml
View File

@ -11,6 +11,8 @@ iscsi_conf_overrides: {}
iscsi_pool_name: rbd iscsi_pool_name: rbd
iscsi_pool_size: "{{ osd_pool_default_size }}" iscsi_pool_size: "{{ osd_pool_default_size }}"
copy_admin_key: True
################## ##################
# RBD-TARGET-API # # RBD-TARGET-API #
################## ##################

25
roles/ceph-iscsi-gw/tasks/common.yml
View File

@ -1,12 +1,25 @@
--- ---
- name: copy admin key - name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _iscsi_keys
with_items:
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring" dest: "{{ item.item.path }}"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring" content: "{{ item.stdout + '\n' }}"
owner: "root" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "root" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}" mode: "{{ ceph_keyring_permissions }}"
when: cephx | bool with_items: "{{ _iscsi_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- name: deploy gateway settings, used by the ceph_iscsi_config modules - name: deploy gateway settings, used by the ceph_iscsi_config modules
config_template: config_template:

102
roles/ceph-iscsi-gw/tasks/deploy_ssl_keys.yml
View File

@ -1,4 +1,11 @@
--- ---
- name: create a temporary directory
tempfile:
state: directory
register: iscsi_ssl_tmp_dir
delegate_to: localhost
run_once: true
- name: set_fact crt_files - name: set_fact crt_files
set_fact: set_fact:
crt_files: crt_files:
@ -7,54 +14,75 @@
- "iscsi-gateway.pem" - "iscsi-gateway.pem"
- "iscsi-gateway-pub.key" - "iscsi-gateway-pub.key"
- name: stat for crt file(s) - name: check for existing crt file(s) in monitor key/value store
stat: command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config get iscsi/ssl/{{ item }}"
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ crt_files }}" with_items: "{{ crt_files }}"
changed_when: false changed_when: false
failed_when: false failed_when: false
check_mode: no run_once: true
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
register: crt_files_exist register: crt_files_exist
- name: create ssl crt/key files - name: set_fact crt_files_missing
command: > set_fact:
openssl req -newkey rsa:2048 -nodes -keyout {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key crt_files_missing: "{{ crt_files_exist.results | selectattr('rc', 'equalto', 0) | map(attribute='rc') | list | length != crt_files | length }}"
-x509 -days 365 -out {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
-subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
delegate_to: localhost
become: False
run_once: True
with_items: "{{ crt_files_exist.results }}"
when: not item.stat.exists
- name: create pem - name: generate ssl crt/key files
shell: > block:
cat {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt - name: create ssl crt/key files
{{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem command: >
delegate_to: localhost openssl req -newkey rsa:2048 -nodes -keyout {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.key
become: False -x509 -days 365 -out {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.crt
run_once: True -subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
register: pem delegate_to: localhost
with_items: "{{ crt_files_exist.results }}" run_once: True
when: not item.stat.exists with_items: "{{ crt_files_exist.results }}"
- name: create public key from pem - name: create pem
shell: > shell: >
openssl x509 -inform pem -in {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem cat {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.crt
-pubkey -noout > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway-pub.key {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.key > {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.pem
delegate_to: localhost delegate_to: localhost
become: False run_once: True
run_once: True register: pem
when: pem.changed with_items: "{{ crt_files_exist.results }}"
tags: skip_ansible_lint
- name: create public key from pem
shell: >
openssl x509 -inform pem -in {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.pem
-pubkey -noout > {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway-pub.key
delegate_to: localhost
run_once: True
when: pem.changed
tags: skip_ansible_lint
- name: slurp ssl crt/key files
slurp:
src: "{{ iscsi_ssl_tmp_dir.path }}/{{ item }}"
register: iscsi_ssl_files_content
with_items: "{{ crt_files }}"
run_once: true
delegate_to: localhost
- name: store ssl crt/key files
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key put iscsi/ssl/{{ item.item }} {{ item.content }}"
run_once: true
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
with_items: "{{ iscsi_ssl_files_content.results }}"
when: crt_files_missing
- name: copy crt file(s) to gateway nodes - name: copy crt file(s) to gateway nodes
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item }}" content: "{{ item.stdout | b64decode }}"
dest: "/etc/ceph/{{ item }}" dest: "/etc/ceph/{{ item.item }}"
owner: root owner: root
group: root group: root
mode: 0400 mode: 0400
changed_when: false changed_when: false
with_items: "{{ crt_files }}" with_items: "{{ crt_files_exist.results if not crt_files_missing else iscsi_ssl_files_content.results }}"
when: not crt_files_missing
- name: clean temporary directory
file:
path: "{{ iscsi_ssl_tmp_dir.path }}"
state: absent

25
roles/ceph-mds/tasks/common.yml
View File

@ -10,16 +10,25 @@
- /var/lib/ceph/bootstrap-mds/ - /var/lib/ceph/bootstrap-mds/
- /var/lib/ceph/mds/{{ cluster }}-{{ mds_name }} - /var/lib/ceph/mds/{{ cluster }}-{{ mds_name }}
- name: copy ceph keyring(s) if needed - name: get keys from monitors
command: "{{ hostvars[groups.get(mon_group_name)[0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _mds_keys
with_items:
- { name: "client.bootstrap-mds", path: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}" dest: "{{ item.item.path }}"
dest: "{{ item.name }}" content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}" mode: "{{ ceph_keyring_permissions }}"
with_items: with_items: "{{ _mds_keys.results }}"
- { name: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
when: when:
- cephx - cephx | bool
- item.copy_key|bool - item.item.copy_key | bool

40
roles/ceph-mds/tasks/containerized.yml
View File

@ -3,46 +3,6 @@
set_fact: set_fact:
container_exec_cmd: "{{ container_binary }} exec ceph-mds-{{ ansible_hostname }}" container_exec_cmd: "{{ container_binary }} exec ceph-mds-{{ ansible_hostname }}"
- name: set_fact admin_keyring
set_fact:
admin_keyring:
- "/etc/ceph/{{ cluster }}.client.admin.keyring"
when: copy_admin_key
- name: set_fact ceph_config_keys
set_fact:
ceph_config_keys:
- /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
- name: merge ceph_config_keys and admin_keyring
set_fact:
ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
when: copy_admin_key
- name: stat for ceph config and keys
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ ceph_config_keys }}"
changed_when: false
become: false
failed_when: false
check_mode: no
register: statconfig
- name: try to fetch ceph config and keys
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
dest: "{{ item.0 }}"
owner: root
group: root
mode: 0644
changed_when: false
with_together:
- "{{ ceph_config_keys }}"
- "{{ statconfig.results }}"
when: item.1.stat.exists
- name: generate systemd unit file - name: generate systemd unit file
become: true become: true
template: template:

43
roles/ceph-mgr/tasks/common.yml
View File

@ -49,34 +49,33 @@
run_once: True run_once: True
delegate_to: "{{ groups[mon_group_name][0] }}" delegate_to: "{{ groups[mon_group_name][0] }}"
- name: copy ceph mgr key(s) from mon node to the ansible server - name: set_fact _mgr_keys
fetch: set_fact:
src: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring" _mgr_keys: "{{ _mgr_keys | default([{ 'name': 'client.admin', 'path': '/etc/ceph/' + cluster + '.client.admin.keyring', 'copy_key': copy_admin_key, 'hostname': hostvars[item]['ansible_hostname'] }]) + [{ 'name': 'mgr.' + hostvars[item]['ansible_hostname'], 'path': '/var/lib/ceph/mgr/' + cluster + '-' + hostvars[item]['ansible_hostname'] + '/keyring', 'copy_key': true, 'hostname': hostvars[item]['ansible_hostname'] }] }}"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
flat: yes
with_items: "{{ groups.get(mgr_group_name, []) }}" with_items: "{{ groups.get(mgr_group_name, []) }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: copy ceph keyring(s) to mgr node - name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _mgr_keys
with_items: "{{ _mgr_keys }}"
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring" dest: "{{ item.item.path }}"
dest: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring" content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}" mode: "{{ ceph_keyring_permissions }}"
when: cephx | bool with_items: "{{ _mgr_keys.results }}"
delegate_to: "{{ item.item.hostname }}"
- name: copy ceph keyring(s) if needed run_once: true
copy: when:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring" - cephx | bool
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring" - item.item.copy_key | bool
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
when:
- cephx | bool
- groups.get(mgr_group_name, []) | length > 0
- copy_admin_key | bool
- name: set mgr key permissions - name: set mgr key permissions
file: file:

41
roles/ceph-mon/tasks/ceph_keys.yml
View File

@ -16,31 +16,16 @@
delay: "{{ handler_health_mon_check_delay }}" delay: "{{ handler_health_mon_check_delay }}"
changed_when: false changed_when: false
- name: tasks for MONs when cephx is enabled - name: fetch ceph initial keys
when: cephx | bool ceph_key:
block: state: fetch_initial_keys
- name: fetch ceph initial keys cluster: "{{ cluster }}"
ceph_key: owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
state: fetch_initial_keys group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
cluster: "{{ cluster }}" mode: "0400"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" environment:
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
mode: "0400" CEPH_CONTAINER_BINARY: "{{ container_binary }}"
environment: CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}" when:
CEPH_CONTAINER_BINARY: "{{ container_binary }}" - cephx | bool
CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
- name: copy keys to the ansible server
fetch:
src: "{{ item }}"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
flat: yes
with_items:
- /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rbd/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
- /etc/ceph/{{ cluster }}.client.admin.keyring
when: inventory_hostname == groups[mon_group_name] | last

57
roles/ceph-nfs/tasks/pre_requisite_container.yml
View File

@ -1,45 +1,28 @@
--- ---
- name: keyring related tasks - name: keyring related tasks
block: block:
- name: set_fact admin_keyring - name: get keys from monitors
set_fact: command: "{{ hostvars[groups.get(mon_group_name)[0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
admin_keyring: register: _rgw_keys
- "/etc/ceph/{{ cluster }}.client.admin.keyring" with_items:
when: copy_admin_key | bool - { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: set_fact ceph_config_keys - name: copy ceph key(s) if needed
set_fact:
ceph_config_keys:
- /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
- name: merge ceph_config_keys and admin_keyring
set_fact:
ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
when: copy_admin_key | bool
- name: stat for config and keys
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ ceph_config_keys }}"
changed_when: false
become: false
failed_when: false
check_mode: no
register: statconfig
- name: try to fetch config and keys
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}" dest: "{{ item.item.path }}"
dest: "{{ item.0 }}" content: "{{ item.stdout + '\n' }}"
owner: "64045" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "64045" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: 0644 mode: "{{ ceph_keyring_permissions }}"
changed_when: false with_items: "{{ _rgw_keys.results }}"
with_together: when:
- "{{ ceph_config_keys }}" - cephx | bool
- "{{ statconfig.results }}" - item.item.copy_key | bool
when: item.1.stat.exists
when: groups.get(mon_group_name, []) | length > 0 when: groups.get(mon_group_name, []) | length > 0
- name: dbus related tasks - name: dbus related tasks

31
roles/ceph-nfs/tasks/pre_requisite_non_container.yml
View File

@ -46,17 +46,28 @@
- cephx | bool - cephx | bool
- groups.get(mon_group_name, []) | length > 0 - groups.get(mon_group_name, []) | length > 0
block: block:
- name: copy bootstrap cephx keys - name: get keys from monitors
copy: command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}" register: _rgw_keys
dest: "{{ item.name }}"
owner: "ceph"
group: "ceph"
mode: "0600"
with_items: with_items:
- { name: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: "{{ nfs_obj_gw }}" } - { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" } - { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
when: item.copy_key | bool delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _rgw_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- name: nfs object gateway related tasks - name: nfs object gateway related tasks
when: nfs_obj_gw | bool when: nfs_obj_gw | bool

27
roles/ceph-osd/tasks/common.yml
View File

@ -11,16 +11,25 @@
- /var/lib/ceph/bootstrap-osd/ - /var/lib/ceph/bootstrap-osd/
- /var/lib/ceph/osd/ - /var/lib/ceph/osd/
- name: copy ceph key(s) if needed - name: get keys from monitors
copy: command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}" register: _osd_keys
dest: "{{ item.name }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: with_items:
- { name: "/var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring", copy_key: true } - { name: "client.bootstrap-osd", path: "/var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" } - { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when: when:
- cephx | bool - cephx | bool
- item.copy_key | bool - item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _osd_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool

62
roles/ceph-osd/tasks/openstack_config.yml
View File

@ -67,40 +67,38 @@
when: item.application is defined when: item.application is defined
- name: create openstack cephx key(s) - name: create openstack cephx key(s)
ceph_key: block:
state: present - name: generate keys
name: "{{ item.name }}" ceph_key:
caps: "{{ item.caps }}" state: present
secret: "{{ item.key | default('') }}" name: "{{ item.name }}"
cluster: "{{ cluster }}" caps: "{{ item.caps }}"
mode: "{{ item.mode|default(omit) }}" secret: "{{ item.key | default('') }}"
environment: cluster: "{{ cluster }}"
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}" mode: "{{ item.mode|default(omit) }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}" environment:
with_items: "{{ openstack_keys }}" CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
delegate_to: "{{ groups[mon_group_name][0] }}" CEPH_CONTAINER_BINARY: "{{ container_binary }}"
when: cephx | bool with_items: "{{ openstack_keys }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: fetch openstack cephx key(s) - name: get keys from monitors
fetch: command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
src: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" register: _osp_keys
dest: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" with_items: "{{ openstack_keys }}"
flat: yes delegate_to: "{{ groups.get(mon_group_name)[0] }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ openstack_keys }}"
- name: copy to other mons the openstack cephx key(s) - name: copy ceph key(s) if needed
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" dest: "/etc/ceph/{{ cluster }}.{{ item.0.item.name }}.keyring"
dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" content: "{{ item.0.stdout + '\n' }}"
owner: "{{ ceph_uid }}" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid }}" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ item.1.mode|default(omit) }}" mode: "{{ item.0.item.mode }}"
with_nested: with_nested:
- "{{ groups[mon_group_name] }}" - "{{ _osp_keys.results }}"
- "{{ openstack_keys }}" - "{{ groups[mon_group_name] }}"
delegate_to: "{{ item.0 }}" delegate_to: "{{ item.1 }}"
when: when:
- cephx | bool - cephx | bool
- openstack_config | bool - openstack_config | bool
- item.0 != groups[mon_group_name]

2
roles/ceph-rbd-mirror/defaults/main.yml
View File

@ -3,8 +3,6 @@
# SETUP # # SETUP #
######### #########
fetch_directory: fetch/
# Even though rbd-mirror nodes should not have the admin key # Even though rbd-mirror nodes should not have the admin key
# at their disposal, some people might want to have it # at their disposal, some people might want to have it
# distributed on rbd-mirror nodes. Setting 'copy_admin_key' to 'true' # distributed on rbd-mirror nodes. Setting 'copy_admin_key' to 'true'

28
roles/ceph-rbd-mirror/tasks/common.yml
View File

@ -1,20 +1,26 @@
--- ---
- name: copy rbd-mirror bootstrap key - name: get keys from monitors
copy: command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
src: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring" register: _rbd_mirror_keys
dest: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring" with_items:
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" - { name: "client.bootstrap-rbd-mirror", path: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring", copy_key: true }
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" - { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
mode: "{{ ceph_keyring_permissions }}" delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph admin keyring if needed - name: copy ceph key(s) if needed
copy: copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring" dest: "{{ item.item.path }}"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring" content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}" mode: "{{ ceph_keyring_permissions }}"
when: copy_admin_key | bool with_items: "{{ _rbd_mirror_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- name: create rbd-mirror keyring - name: create rbd-mirror keyring
command: > command: >

27
roles/ceph-rgw/tasks/common.yml
View File

@ -18,16 +18,25 @@
with_items: "{{ rgw_instances }}" with_items: "{{ rgw_instances }}"
when: rgw_instances is defined when: rgw_instances is defined
- name: copy ceph keyring(s) if needed - name: get keys from monitors
copy: command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}" register: _rgw_keys
dest: "{{ item.name }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: with_items:
- { name: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true } - { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" } - { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when: when:
- cephx | bool - cephx | bool
- item.copy_key | bool - item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _rgw_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool