Add --security-opt label=disable to all containers
accessing /var/lib/ceph. podman selinux relabeling behavious changed
since version podman-3:4.2.0-1 which prevent some containers to access
files in these subdirectories.
Signed-off-by: Teoman ONAY <tonay@ibm.com>
in order to avoid the following error:
```
multiple RX peers are not currently supported
```
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037646
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit aa64747cd1)
This `run_once: true` breaks multiple rbd-mirror daemons support
as it would make all rbd-mirror daemons use the same keyring.
Each rbd-mirror daemon needs its own keyring in order to start.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037646
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 665601bf8a)
Changed the when condition to only execute that fact setting on RGW
nodes while before it was run on all nodes and failed if the node
was not on the same network range as the RGW.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2131150
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 590e57cc1b)
When we come from configure_dashboard.yml, this fact should be set if
`rgw_instances` is defined in group_vars/host_vars. Otherwise, the next
task that set the fact `rgw_instances` will be run as it will assume it
wasn't user defined.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2117294
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
When 'osd_memory_target' is overridden in ceph_conf_overrides.
The task that sets the fact `osd_memory_target` in the ceph-config role
should be skipped.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2056675#c11
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit e2076e439b)
"set_fact container_run_cmd" is not set when using --limit on MDS as facts
were not run on first MON.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2111017
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit cef1636f70)
(cherry picked from commit 80dc46d31f)
- Use config-key store to add cluster peer.
- Support multiple pools mirroring.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit b74ff6e22c)
Add missing `--cluster {{ cluster }}` on task
`set osd_memory_target` in the main.yml file of the
ceph-config role.
Also it moves the task after ceph configuration file is actually written.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit cf4a430d0b)
use `include_tasks` instead of `import_tasks`.
Given that with `import_tasks` statements are preprocessed
and the tasks that defines it hasn't been run yet, it will fail
and complain like following:
```
The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_interface'
```
Using `include_tasks` instead fixes this.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 434793e2fe)
ansible.netcommon.ipwrap is deprecated and is not being redirected with ansible 2.9.*
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com>
We should consider bumping ansible version for future releases, so let's
start testing against ansible 2.10
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 839fac8f94)
when these variables are defined in the inventory host file,
all tasks are skipped then because the node being played isn't
aware about the values from the rgw nodes.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063029
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
When the following conditions are met:
- rgw is deployed,
- dashboard is deployed,
- playbook is called with --limit,
- a node being processed is collocated on either a mon or mgr.
The playbook fails because `rgw_instances` is undefined.
The idea here is to make sure this variable is always defined.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063029
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit makes podman bindmount `/:/rootfs:ro` so the container can
collect data from the host.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2028775
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 0f34cd16d8)
This commit fixes templating error that occurs when using auto osd discovery. Getting the len before converting the result to a list causes "object of type generator has no len()" error.
Signed-off-by: pinotelio <ahmadreza.mollapour@gmail.com>
(cherry picked from commit f288364c5c)
Since the ISO install method removal, ceph-ansible isn't able
to detect wheter the user is deploying in a 'disconnected environment'.
By the way, given that ceph-ansible is available only for upgrading to RHCS 5,
this check doesn't make sense anymore, let's drop it.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2062147
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 1cd1fa0560)
When deploying with --skip-tags=package-install (when there is no access to a repository), the playbook is still trying to update the package cache, which makes the playbook fail.
This change prevents the playbook to try to update the cache when the package-install tag is skipped.
Signed-off-by: Florent CARLI <florent.carli@rte-france.com>
(cherry picked from commit 58fdc03e63)
When running the playbook with `--limit`, if the play targeted doesn't match
hosts present in the mgr group the playbook can fail.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063029
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 72e4654aae)
Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 7e8ce2567e)
When using group of group, the playbook will apply undesired
labels on nodes.
This commit fixes it by applying only the expected labels.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2057528
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 266b6e739c)
By default cephadm uses root account to connect remotely
to other nodes in the cluster. This change allows to choose
another account.
This commit also allows to use a dedicated subnet for cephadm mgmt.
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit da42f3d139)
Ignore disks with active mountpoint when osd_auto_discovery is true
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 9d87fd87cb)
This construct doesn't work as intended since ansible/ansible#74212:
```
item.stdout | default('{}') | from_json
```
That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.
Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:
```
item.stdout | default('{}', True) | from_json
```
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 7684d892c0)
Set a default value for `item.stdout` before passing it to `from_json()`. The
`when` condition doesn't prevent this template from being evaluated in check
mode, so it fails if `item.stdout` doesn't contain a valid JSON string.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit ef05e9a313)
This construct doesn't work as intended since ansible/ansible#74212:
```
ceph_osd_ids.stdout | default('{}') | from_json
```
That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.
Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:
```
ceph_osd_ids.stdout | default('{}', True) | from_json
```
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 0b3a608216)
When running in check mode with one or more Ceph daemons that need to be
restarted, the `tmpdirpath.path` variable that several handlers rely on is
undefined, leading to fatal errors.
This commit ensures the tasks that require `tmpdirpath.path` are skipped when
it's undefined.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit bffca06837)
When installing grafana plugins, the container will make http requests.
This requires http proxy otherwise installation cannot be performed. Passed
the proxy vars from all.yml as env args.
Fixes: ceph#6484, ceph#6481
Signed-off-by: John Karasev <john.karasev@intel.com>
(cherry picked from commit 79ca442d53)
Let's use ppa repositories in order to deploy nfs-ganesha on Debian based OS.
Fixes: #7031
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit c491e67486)
Update `After=` and `Wants=` parameters in container systemd units
and make them be aligned with the systemd units that come
from the packaging.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027440
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f01536ea19)