From fb03dfda30ec7e7b23cc95009861981510d065f7 Mon Sep 17 00:00:00 2001 From: Guillaume Abrioux Date: Thu, 7 Jan 2021 12:40:18 +0100 Subject: [PATCH] dashboard: configure passwords via stdin Due to recent changes in ceph, the few dashboard passwors must be passed via `-i` Signed-off-by: Guillaume Abrioux (cherry picked from commit ef975ef5eacb14b66a8982ccb27a38ce552abcc4) --- .../tasks/configure_dashboard.yml | 29 +++++++++++++++---- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml index 73a28f5d8..fd2bb1a73 100644 --- a/roles/ceph-dashboard/tasks/configure_dashboard.yml +++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml @@ -4,6 +4,10 @@ container_exec_cmd: "{{ container_binary }} exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_hostname'] }}" when: containerized_deployment | bool +- name: set_fact container_run_cmd + set_fact: + ceph_cmd: "{{ hostvars[groups[mon_group_name][0]]['container_binary'] + ' run --interactive --rm -v /etc/ceph:/etc/ceph:z --entrypoint=ceph ' + ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else 'ceph' }}" + - name: disable SSL for dashboard when: dashboard_protocol == "http" delegate_to: "{{ groups[mon_group_name][0] }}" @@ -140,7 +144,10 @@ changed_when: false - name: set grafana api password - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-password {{ grafana_admin_password }}" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-grafana-api-password -i -" + args: + stdin: "{{ grafana_admin_password }}" + stdin_add_newline: no delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false @@ -205,12 +212,18 @@ changed_when: false - name: set the rgw access key - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-access-key {{ rgw_access_key }}" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-access-key -i -" + args: + stdin: "{{ rgw_access_key }}" + stdin_add_newline: no delegate_to: "{{ groups[mon_group_name][0] }}" changed_when: false - name: set the rgw secret key - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-secret-key {{ rgw_secret_key }}" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard set-rgw-api-secret-key -i -" + args: + stdin: "{{ rgw_secret_key }}" + stdin_add_newline: no delegate_to: "{{ groups[mon_group_name][0] }}" changed_when: false @@ -256,14 +269,20 @@ - generate_crt | default(false) | bool - name: add iscsi gateways - ipv4 - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" + args: + stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}" + stdin_add_newline: no changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" with_items: "{{ groups[iscsi_gw_group_name] }}" when: ip_version == 'ipv4' - name: add iscsi gateways - ipv6 - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}" + command: "{{ ceph_cmd }} --cluster {{ cluster }} dashboard iscsi-gateway-add -i -" + args: + stdin: "{{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}" + stdin_add_newline: no changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" with_items: "{{ groups[iscsi_gw_group_name] }}"