From 2d21f741f53a2c05b5d1f410725cfdd8ddcaf518 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= <seb@redhat.com>
Date: Mon, 4 Apr 2016 00:35:09 +0200
Subject: [PATCH] ceph-rbd-mirror: add new role
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Sébastien Han <seb@redhat.com>
---
 group_vars/all.sample                         |  1 +
 group_vars/rbd-mirrors.sample                 | 37 +++++++++++++++++
 purge-cluster.yml                             | 17 ++++++++
 roles/ceph-common/defaults/main.yml           |  1 +
 roles/ceph-rbd-mirror/README.md               | 41 +++++++++++++++++++
 roles/ceph-rbd-mirror/defaults/main.yml       | 28 +++++++++++++
 roles/ceph-rbd-mirror/meta/main.yml           | 17 ++++++++
 .../tasks/configure_mirroring.yml             |  3 ++
 roles/ceph-rbd-mirror/tasks/main.yml          |  5 +++
 roles/ceph-rbd-mirror/tasks/pre_requisite.yml | 28 +++++++++++++
 .../tasks/start_rbd_mirror.yml                | 36 ++++++++++++++++
 site.yml.sample                               |  5 +++
 test.yml                                      |  6 ++-
 13 files changed, 224 insertions(+), 1 deletion(-)
 create mode 100644 group_vars/rbd-mirrors.sample
 create mode 100644 roles/ceph-rbd-mirror/README.md
 create mode 100644 roles/ceph-rbd-mirror/defaults/main.yml
 create mode 100644 roles/ceph-rbd-mirror/meta/main.yml
 create mode 100644 roles/ceph-rbd-mirror/tasks/configure_mirroring.yml
 create mode 100644 roles/ceph-rbd-mirror/tasks/main.yml
 create mode 100644 roles/ceph-rbd-mirror/tasks/pre_requisite.yml
 create mode 100644 roles/ceph-rbd-mirror/tasks/start_rbd_mirror.yml

diff --git a/group_vars/all.sample b/group_vars/all.sample
index 3fb36ea40..4c76b44b6 100644
--- a/group_vars/all.sample
+++ b/group_vars/all.sample
@@ -25,6 +25,7 @@ dummy:
 #rgw_group_name: rgws
 #mds_group_name: mdss
 #restapi_group_name: restapis
+#rbdmirror_group_name: rbdmirrors
 
 # If check_firewall is true, then ansible will try to determine if the
 # Ceph ports are blocked by a firewall. If the machine running ansible
diff --git a/group_vars/rbd-mirrors.sample b/group_vars/rbd-mirrors.sample
new file mode 100644
index 000000000..ad0f46f29
--- /dev/null
+++ b/group_vars/rbd-mirrors.sample
@@ -0,0 +1,37 @@
+---
+# Variables here are applicable to all host groups NOT roles
+
+# This sample file generated by generate_group_vars_sample.sh
+
+# Dummy variable to avoid error because ansible does not recognize the
+# file as a good configuration file when no variable in it.
+dummy:
+
+#########
+# SETUP #
+#########
+
+# NOTE (leseb): the rbd-mirror daemon needs a user to start
+# because it has to authenticate with the local cluster.
+# By default, using the admin user is fine, so you should not
+# need to change 'ceph_rbd_mirror_local_user' unless you have
+# a dedicated key available in /etc/ceph/.
+# Generally Ansible will use the admin key and put it
+# under /etc/ceph/. The same goes for 'ceph_rbd_mirror_remote_user'
+# there should not be any reason to change it.
+#ceph_rbd_mirror_local_user: admin
+#ceph_rbd_mirror_remote_user: admin
+
+# NOTE (leseb): the following variable needs the name of the remote cluster.
+# The name of this cluster must be different than your local cluster simply
+# because we need to have both keys and ceph.conf inside /etc/ceph.
+# Thus if cluster names are identical we can not have them under /etc/ceph
+#ceph_rbd_mirror_remote_cluster: ""
+
+#################
+# CONFIGURATION #
+#################
+
+#ceph_rbd_mirror_configure: false
+#ceph_rbd_mirror_pool: ""
+
diff --git a/purge-cluster.yml b/purge-cluster.yml
index f9ecdcf09..6e9138b39 100644
--- a/purge-cluster.yml
+++ b/purge-cluster.yml
@@ -44,6 +44,7 @@
     mon_group_name: mons
     rgw_group_name: rgws
     mds_group_name: mdss
+    rbdmirror_group_name: rbdmirrors
 
 # When set to true both groups of packages are purged.
 # This can cause problem with qemu-kvm
@@ -156,6 +157,15 @@
       systemd_unit_files.stdout != "0" and
       rgw_group_name in group_names
 
+  - name: stop ceph rbd mirror with systemd
+    service:
+      name: ceph-rbd-mirror@admin.service
+      state: stopped
+    when:
+      ansible_os_family == 'RedHat' and
+      systemd_unit_files.stdout != "0" and
+      rbdmirror_group_name in group_names
+
 # before infernalis
   - name: stop ceph osds
     command: service ceph stop osd
@@ -218,6 +228,13 @@
       ansible_distribution == 'Ubuntu' and
       rgw_group_name in group_names
 
+  - name: stop ceph rbd mirror on ubuntu
+    command: initctl stop ceph-rbd-mirorr cluster={{ cluster }} id=admin
+    failed_when: false
+    when:
+      ansible_distribution == 'Ubuntu' and
+      rbdmirror_group_name in group_names
+
   - name: check for anything running ceph
     shell: "ps awux | grep -v grep | grep -q -- ceph-"
     register: check_for_running_ceph
diff --git a/roles/ceph-common/defaults/main.yml b/roles/ceph-common/defaults/main.yml
index c951a7386..131d50eab 100644
--- a/roles/ceph-common/defaults/main.yml
+++ b/roles/ceph-common/defaults/main.yml
@@ -17,6 +17,7 @@ osd_group_name: osds
 rgw_group_name: rgws
 mds_group_name: mdss
 restapi_group_name: restapis
+rbdmirror_group_name: rbdmirrors
 
 # If check_firewall is true, then ansible will try to determine if the
 # Ceph ports are blocked by a firewall. If the machine running ansible
diff --git a/roles/ceph-rbd-mirror/README.md b/roles/ceph-rbd-mirror/README.md
new file mode 100644
index 000000000..59cbc9489
--- /dev/null
+++ b/roles/ceph-rbd-mirror/README.md
@@ -0,0 +1,41 @@
+# Ansible role: Ceph Storage Agent
+
+This role bootstraps the Ceph RBD mirror agent.
+
+# Requirements
+
+Nothing, it runs out of the box.
+
+# Role variables
+
+Have a look at: `defaults/main.yml`.
+
+## Mandatory variables
+
+None.
+
+# Dependencies
+
+The role `ceph.ceph-common` must be installed.
+
+# Example Playbook
+
+```
+- hosts: servers
+  remote_user: ubuntu
+  roles:
+     - { role: ceph.ceph-rbd-mirror }
+```
+
+# Contribution
+
+**THIS REPOSITORY DOES NOT ACCEPT PULL REQUESTS**
+**PULL REQUESTS MUST GO THROUGH [CEPH-ANSIBLE](https://github.com/ceph/ceph-ansible)**
+
+# License
+
+Apache
+
+# Author Information
+
+This role was created by S2bastien Han.
diff --git a/roles/ceph-rbd-mirror/defaults/main.yml b/roles/ceph-rbd-mirror/defaults/main.yml
new file mode 100644
index 000000000..12207b179
--- /dev/null
+++ b/roles/ceph-rbd-mirror/defaults/main.yml
@@ -0,0 +1,28 @@
+---
+#########
+# SETUP #
+#########
+
+# NOTE (leseb): the rbd-mirror daemon needs a user to start
+# because it has to authenticate with the local cluster.
+# By default, using the admin user is fine, so you should not
+# need to change 'ceph_rbd_mirror_local_user' unless you have
+# a dedicated key available in /etc/ceph/.
+# Generally Ansible will use the admin key and put it
+# under /etc/ceph/. The same goes for 'ceph_rbd_mirror_remote_user'
+# there should not be any reason to change it.
+ceph_rbd_mirror_local_user: admin
+ceph_rbd_mirror_remote_user: admin
+
+# NOTE (leseb): the following variable needs the name of the remote cluster.
+# The name of this cluster must be different than your local cluster simply
+# because we need to have both keys and ceph.conf inside /etc/ceph.
+# Thus if cluster names are identical we can not have them under /etc/ceph
+ceph_rbd_mirror_remote_cluster: ""
+
+#################
+# CONFIGURATION #
+#################
+
+ceph_rbd_mirror_configure: false
+ceph_rbd_mirror_pool: ""
diff --git a/roles/ceph-rbd-mirror/meta/main.yml b/roles/ceph-rbd-mirror/meta/main.yml
new file mode 100644
index 000000000..648af5aa6
--- /dev/null
+++ b/roles/ceph-rbd-mirror/meta/main.yml
@@ -0,0 +1,17 @@
+---
+galaxy_info:
+  author: Sébastien Han
+  description: Installs Ceph Mirror Agent
+  license: Apache
+  min_ansible_version: 1.7
+  platforms:
+    - name: Ubuntu
+      versions:
+        - trusty
+    - name: EL
+      versions:
+        - 7
+  categories:
+    - system
+dependencies:
+  - { role: ceph.ceph-common }
diff --git a/roles/ceph-rbd-mirror/tasks/configure_mirroring.yml b/roles/ceph-rbd-mirror/tasks/configure_mirroring.yml
new file mode 100644
index 000000000..66c32e19e
--- /dev/null
+++ b/roles/ceph-rbd-mirror/tasks/configure_mirroring.yml
@@ -0,0 +1,3 @@
+---
+- name: add a peer
+  shell: "rbd mirror pool peer add {{ ceph_rbd_mirror_pool }} {{ ceph_rbd_mirror_remote_user }}@{{ ceph_rbd_mirror_remote_cluster }}"
diff --git a/roles/ceph-rbd-mirror/tasks/main.yml b/roles/ceph-rbd-mirror/tasks/main.yml
new file mode 100644
index 000000000..05fbfff74
--- /dev/null
+++ b/roles/ceph-rbd-mirror/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- include: pre_requisite.yml
+- include: start_rbd_mirror.yml
+- include: configure_mirroring.yml
+  when: ceph_rbd_mirror_configure
diff --git a/roles/ceph-rbd-mirror/tasks/pre_requisite.yml b/roles/ceph-rbd-mirror/tasks/pre_requisite.yml
new file mode 100644
index 000000000..3d74d3f5c
--- /dev/null
+++ b/roles/ceph-rbd-mirror/tasks/pre_requisite.yml
@@ -0,0 +1,28 @@
+---
+- name: install dependencies
+  apt:
+    pkg: rbd-mirror
+    state: present
+  when: ansible_os_family == 'Debian'
+  tags:
+    - package-install
+
+- name: install dependencies
+  # XXX Determine what RH repository this will belong to so that it can be
+  # properly checked and errored if the repository is not enabled.
+  yum:
+    name: rbd-mirror
+    state: present
+  when: ansible_os_family == 'RedHat'
+  tags:
+    - package-install
+
+- name: copy ceph admin key
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring"
+    dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
+    owner: "{{ key_owner }}"
+    group: "{{ key_group }}"
+    mode: "{{ key_mode }}"
+  when:
+    cephx
diff --git a/roles/ceph-rbd-mirror/tasks/start_rbd_mirror.yml b/roles/ceph-rbd-mirror/tasks/start_rbd_mirror.yml
new file mode 100644
index 000000000..cf2c47fb5
--- /dev/null
+++ b/roles/ceph-rbd-mirror/tasks/start_rbd_mirror.yml
@@ -0,0 +1,36 @@
+---
+- name: start and add that the rbd mirror service to the init sequence (ubuntu)
+  command: initctl emit ceph-rbd-mirror cluster={{ cluster }} id={{ ansible_hostname }}
+  changed_when: false
+  failed_when: false
+  when: ansible_distribution == "Ubuntu"
+
+# NOTE (leseb): somehow the service ansible module is messing things up
+# as a safety measure we run the raw command
+- name: start and add that the rbd mirror service to the init sequence
+  command: service ceph start ceph-rbd-mirror
+  changed_when: false
+  when:
+    ansible_distribution != "Ubuntu" and
+    not is_ceph_infernalis
+
+- name: enable systemd unit file for the rbd mirror service (for or after infernalis)
+  file:
+    src: /usr/lib/systemd/system/ceph-rbd-mirror@.service
+    dest: "/etc/systemd/system/multi-user.target.wants/ceph-rbd-mirror@{{ ceph_rbd_mirror_local_user }}.service"
+    state: link
+  changed_when: false
+  failed_when: false
+  when:
+    ansible_distribution != "Ubuntu" and
+    is_ceph_infernalis
+
+- name: start and add that the rbd mirror service to the init sequence (for or after infernalis)
+  service:
+      name: "ceph-rbd-mirror@{{ ceph_rbd_mirror_local_user }}"
+      state: started
+      enabled: yes
+  changed_when: false
+  when:
+    ansible_distribution != "Ubuntu" and
+    is_ceph_infernalis
diff --git a/site.yml.sample b/site.yml.sample
index 90239cb4b..f2e81dce7 100644
--- a/site.yml.sample
+++ b/site.yml.sample
@@ -30,3 +30,8 @@
   become: True
   roles:
   - ceph-restapi
+
+- hosts: rbdmirrors
+  become: True
+  roles:
+  - ceph-rbd-mirror
diff --git a/test.yml b/test.yml
index d01a16d2b..f5feddb40 100644
--- a/test.yml
+++ b/test.yml
@@ -1,9 +1,13 @@
 ---
 - hosts: localhost
-  sudo: true
+  become: true
   roles:
     - ceph.ceph-common
     - ceph-mon
     - ceph-osd
     - ceph-mds
     - ceph-rgw
+    - ceph-fetch-keys
+    - ceph-agent
+    - ceph-common-coreos
+    - ceph-rbd-mirror