Commit Graph

5869 Commits (65003f4ff90413094d46b682b78f6d749fcc2747)
 

Author SHA1 Message Date
Mathias Chapelain 65003f4ff9 library: Add radosgw_caps to manage capabilities
This commit add `radosgw_caps` module to be able to manage RadosGW users
capabilities.

Usage from module's documentation:
```YAML
- name: add users read write and all buckets capabilities
  radosgw_caps:
    name: foo
    state: present
    caps:
      - users=read,write
      - buckets=*
- name: remove usage write capabilities
  radosgw_caps:
    name: foo
    state: absent
    caps:
      - usage=write
```

This module support check mode by simulating the original `radosgw-admin`
behavior when adding capabilities.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-16 09:44:36 +01:00
Mathias Chapelain 055326be7c module_utils/ca_common: Add optional diff argument to exit_module
Add optional `diff` argument defaulting to `{ "before": "", "after": ""}`.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-16 09:44:36 +01:00
Guillaume Abrioux 3e5bc30c87 rpm: fix packaging
This fixes a couple of issues:

- ansible 2.10 isn't packaged.
- MOCK_CONFIG variable is wrong (centos 8 is EOL)

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-15 17:37:22 +01:00
Joel Capitao 78c56f1c5f Update EPEL mock config
CL8 is EOL since 31st January 2022 [1].
So the EPEL mock config needs to be switched to
new one supported [2][3].

[1] https://www.centos.org/centos-linux-eol/
[2] https://pagure.io/epel/issue/133
[3] https://github.com/rpm-software-management/mock/pull/817

Signed-off-by: Joel Capitao <jcapitao@redhat.com>
2022-02-15 16:39:17 +01:00
Mathias Chapelain f0f1dd986a library/ceph_pool: Fix potential null value when creating pools
Before, creating a pool by providing *only* `pg_num` would result in an
error as it would produce `--pgp-num null`.

This commit fix this behavior by defaulting `pgp_num` value to `pg_num`.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-15 15:54:07 +01:00
Guillaume Abrioux 94e51d5c14 adopt: fix rbd-mirror adoption
We can't use `{{ cephadm_cmd }}` here because the monitors aren't yet adopted.
We must use `{{ ceph_cmd }}` instead.
This also fixes some filters `| default()` (they must be moved before `| from_json()`)

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967440

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-09 20:58:27 +01:00
Guillaume Abrioux f30767432b adopt: fix bug in mon_ip_list set_fact
`default('{}')` must be before `| from_json`

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-09 11:32:00 +01:00
Guillaume Abrioux ddae06e1a2 adopt: check for POOL_APP_NOT_ENABLED warning
This commit makes the cephadm-adopt playbook fail if the cluster
has the `POOL_APP_NOT_ENABLED` warning raised.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2040243

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-09 11:32:00 +01:00
Benoît Knecht 7684d892c0 ceph-facts: Fix get_def_crush_rule_name.yml in check mode
This construct doesn't work as intended since ansible/ansible#74212:

```
item.stdout | default('{}') | from_json
```

That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.

Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:

```
item.stdout | default('{}', True) | from_json
```

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-02-07 14:13:19 +01:00
Benoît Knecht ef05e9a313 ceph-osd: Fix crush_rules.yml in check mode
Set a default value for `item.stdout` before passing it to `from_json()`. The
`when` condition doesn't prevent this template from being evaluated in check
mode, so it fails if `item.stdout` doesn't contain a valid JSON string.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-02-07 14:13:19 +01:00
Benoît Knecht 0b3a608216 ceph-osd: Fix start_osds.yml in check mode
This construct doesn't work as intended since ansible/ansible#74212:

```
ceph_osd_ids.stdout | default('{}') | from_json
```

That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.

Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:

```
ceph_osd_ids.stdout | default('{}', True) | from_json
```

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-02-07 14:13:19 +01:00
John Karasev 79ca442d53 ceph-grafana: Add proxy env vars to grafana service template
When installing grafana plugins, the container will make http requests.
This requires http proxy otherwise installation cannot be performed. Passed
the proxy vars from all.yml as env args.
Fixes: ceph#6484, ceph#6481

Signed-off-by: John Karasev <john.karasev@intel.com>
2022-02-07 14:09:22 +01:00
jowsiewski 1dfd195c7e Remove the remaining packages
Signed-off-by: jowsiewski <owsiewski@gmail.com>
2022-02-04 10:00:44 +01:00
Francesco Pantano 12dd8b5df1 Add with_pkg tag on package related tasks
In the OpenStack context we let the integration tool (TripleO)
deal with repositories and packages.
This change just adds the with_pkg tag to allow TripleO skipping
both the repositories and packages installation.

Signed-off-by: Francesco Pantano <fpantano@redhat.com>
2022-02-01 16:04:10 +01:00
Guillaume Abrioux bc36f60e8d tests: use centos stream-8 instead of centos 8
CentOS 8 is EOL as of December 2021.
Let's use CentOS stream 8 instead.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-31 15:58:58 +01:00
Guillaume Abrioux 7f517cdd22 adopt: create nfs exports at the user level
The current implementation is wrong.
ceph-ansible lists all existing buckets and try to create
an export for each of them.
Instead, it's easier to create the export at the user level.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037691

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-28 15:16:30 +01:00
Guillaume Abrioux c491e67486 nfs-ganesha: fix debian based OS deployments
Let's use ppa repositories in order to deploy nfs-ganesha on Debian based OS.

Fixes: #7031

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-19 13:42:10 +01:00
Dmitriy Rabotyagov 2eb0a88a67 Use upstream config_template collection
In order to reduce need of module
internal maintenance and to join forces on plugin development,
it's proposed to switch to using upstream version of
config_template module.

As it's shipped as collection, it's installation for end-users
is trivial and aligns with general approach of shipping extra modules.

Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
2022-01-18 20:22:10 +01:00
Dmitriy Rabotyagov 583e60af84 Fix rich version for ansible-lint
Ansible-lint prior to v5.3.1 has issue with reach version >=11.0.0.
In order to cherry-pick fix to stable branches we fix rich version.

This should be reverted with ansible-lint version bump.

Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
2022-01-14 13:51:45 +01:00
yasinlachiny 2a28758472 cephadm: set allow_overwrite at bootstrap step
Signed-off-by: yasinlachiny <yasin.lachiny@gmail.com>
2022-01-07 10:08:33 +01:00
Guillaume Abrioux aee1f06497 cephadm-adopt: use named args in rgw export creation
In order to avoid breaking changes, let's use named argument
instead of positional argument syntax in the command line
used to create rgw export.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037691

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-06 15:56:07 +01:00
Benoît Knecht bffca06837 ceph-handler: Fix check mode
When running in check mode with one or more Ceph daemons that need to be
restarted, the `tmpdirpath.path` variable that several handlers rely on is
undefined, leading to fatal errors.

This commit ensures the tasks that require `tmpdirpath.path` are skipped when
it's undefined.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-01-06 10:46:55 +01:00
Guillaume Abrioux 3f923d69ac tests: temporarily disable nfs-ganesha
This commit [1] seems to have broken a selinux policy preventing nfs-ganesha from
starting properly.

Since we can't address the issue in ceph-ansible, let's disable temporarily nfs-ganesha testing.

[1] dae2da63d5

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-05 15:41:44 +01:00
Guillaume Abrioux dc8940fe1c common: remove legacy repositories
As of rhceph-5, those repositories don't longer exist.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2032790

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-15 13:28:50 +01:00
Guillaume Abrioux 817c03bc0e update: speed up client play
wip

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-15 08:42:23 +01:00
Guillaume Abrioux f01536ea19 container: align systemd units with rpm
Update `After=` and `Wants=` parameters in container systemd units
and make them be aligned with the systemd units that come
from the packaging.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027440

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-14 13:46:27 +01:00
Guillaume Abrioux 7ece59b41d cephadm-adopt: ensure /etc/ceph is present on monitoring node
When deploying the monitoring stack on a dedicated node, the directory
`/etc/ceph` has never been created. Therefore, the play for adopting the
monitoring stack fails because it can't write the minimal config file.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2029697

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-07 22:06:46 +01:00
Danny Webb 189ff93372 make grafana network a configurable option
Signed-off-by: Danny Webb <danny.webb@thehutgroup.com>
2021-12-02 08:53:58 +01:00
Guillaume Abrioux 20035852a4 purge: remove ceph directories on client nodes
Otherwise any ceph directories are left over on client nodes
after the purge.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2024815

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-02 08:53:24 +01:00
Guillaume Abrioux 64196ce3a3 validate: support obs repository
Otherwise, installation on SuSe fails.

Fixes: #6996

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-02 08:51:45 +01:00
Benoît Knecht b29a6b18f8 roles/ceph-rgw: Support CRUSH device class
The pools created by `ceph-rgw` (listed in `rgw_create_pools`) now support a
`ec_crush_device_class` option to specify which device class the EC pool should
use.

It default to being omitted, which means it will use OSDs from any device class
by default.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2021-12-01 08:39:14 +01:00
Benoît Knecht 09b56a8890 library/ceph_ec_profile.py: Support CRUSH device class
The `crush_device_class` option of the `ceph_ec_profile` module was documented
but not implemented.

This commit adds it and ensures its value is updated on the corresponding EC
profile.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2021-12-01 08:39:14 +01:00
Guillaume Abrioux c4fdf956bd cephadm-adopt: bindmount /var/lib/ceph with 'ro'
When collocating osds with iscsigw daemons, cephadm bindmounts the
following:

```
-v /var/lib/ceph/6126c064-6a9e-4092-8a64-977930df0843/iscsi.rbd.ceph-ameenasuhani-4fs3bq-node5.vomtqb/configfs:/sys/kernel/config
```

this prevents cephadm-adopt playbook from running container and bindmounting `/var/lib/ceph:/var/lib/ceph:z`

since 'ro' is enough in this playbook, let's replace the ':z' option on
this bindmount with ':ro'

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-30 18:39:31 +01:00
Guillaume Abrioux b02d71c307 ceph_volume: support overriding bind-mounts
This makes it possible to call `podman run` with custom bind-mounts.

cephadm-adopt.yml playbook needs it for a very specific use case:

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-30 18:39:31 +01:00
Guillaume Abrioux e5ea2ece99 adopt: fix ceph_origin and ceph_repository defaults
This is overriding those variables because the precedence at the 'block
var' level is greater than the group_vars/host_vars.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2026861

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-29 13:40:00 +01:00
Guillaume Abrioux 6ad7e52869 validate: fix bug when using vault
since a variable encrypted with vault is no longer a string but a
encrypted object we can't use the filter | length, we have to convert it
to a string before.

Fixes: #6991

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-16 16:23:27 +01:00
Dimitri Savineau c41241244e cephadm-adopt: remove logrotate configuration
cephadm uses its own logrotate configuration file so ceph-ansible needs
to remove that custom file during the cephadm-adopt playbook.

Closes: #6944

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-11-03 08:49:24 +01:00
Guillaume Abrioux e5edcc4214 update: move a set_fact
ceph-facts roles makes decisions based on the fact `rolling_update` so
it must be called before we run this role.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-03 08:48:09 +01:00
Guillaume Abrioux 82eee4303b update: support --limit on monitor nodes
Change needed in order to support --limit on mon nodes.
Otherwise, a call to `hostvars[groups[mon_group_name][0]]['_current_monitor_address']`
throws an error:

```
"The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_current_monitor_address'"
```

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304#c28

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-28 21:47:01 +02:00
Guillaume Abrioux 4f2c2af9b4 cephadm: support adding hosts with ipv6
The current implementation doesn't support adding hosts when using ipv6
addresses.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-28 16:37:22 +02:00
Guillaume Abrioux 2f34531304 cephadm: use public_network when adding hosts
When adding host, using ansible_facts['default_ipv4']['address'] might
not be the desired network, we shouldn't enforce the subnet with the
default route.
Let's use the public_network instead.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2006415

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-28 16:37:22 +02:00
Guillaume Abrioux 9aa9b4dda2 Revert "cephadm: use public_network when adding host"
This reverts commit 7a12b854c4.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-28 16:37:22 +02:00
Guillaume Abrioux 7a12b854c4 cephadm: use public_network when adding host
When adding host, using `ansible_facts['default_ipv4']['address']` might
not be the desired network, we shouldn't enforce the subnet with the
default route.
Let's use the public_network instead.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2006415

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-26 21:09:06 +02:00
Guillaume Abrioux 9c794aa9bc adopt: fix rbd mirror adoption
The rbd mirroring is broken because cephadm doesn't bindmount /etc/ceph anymore.
It means the keyrings and ceph config file aren't available after the
migration.
The idea here is to remove the current rbd mirror peer and add it back
to the mon config store so we aren't bound to the /etc/ceph directory.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967440

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-25 15:45:17 +02:00
Guillaume Abrioux 4257410dcd adopt: use mgr/nfs volume
use the mgr 'nfs' module to recreate nfs exports.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1954971

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-25 15:44:53 +02:00
Guillaume Abrioux 50a21d695e rolling_update: modify default health_osd_check_*
let's do more retries with a shorter delay.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-25 15:44:17 +02:00
Guillaume Abrioux fc9f87c45f rolling_update: fix pre and post osd upgrade play
when using --limit osds, the play before and after osd upgrade are
skipped because we use `hosts: "{{ mon_group_name | default('mons') }}[0]"`
using `hosts: "{{ osds_group_name | default('osds') }}" with
`delegate_to` to the first monitor addresses this issue.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-25 14:23:00 +02:00
Guillaume Abrioux 923af40527 tests: followup on pr6951
destroy VMs at the end of the testing.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-25 14:23:00 +02:00
Guillaume Abrioux e5cf9db2b0 update: support upgrading a subset of nodes
It can be useful in a large cluster deployment to split the upgrade and
only upgrade a group of nodes at a time.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-21 20:51:14 +02:00
Guillaume Abrioux fb8a66149b tests: add new scenario subset_update
new scenario in order to test the subset upgrade approach using tags.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-21 20:51:14 +02:00