With this commit, upgrading a cluster from Nautilus to Pacific with
active rgw multisite replication will be blocked.
This is because a lot of bugs are currently present in Pacific regarding
RGW multisite.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063702
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.
Signed-off-by: Teoman ONAY <tonay@redhat.com>
When using group of group, the playbook will apply undesired
labels on nodes.
This commit fixes it by applying only the expected labels.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2057528
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
When using cluster custom names, cephadm commands are executed using
the default admin keyring name which fails.
Signed-off-by: Teoman ONAY <tonay@redhat.com>
By default cephadm uses root account to connect remotely
to other nodes in the cluster. This change allows to choose
another account.
This commit also allows to use a dedicated subnet for cephadm mgmt.
Signed-off-by: Teoman ONAY <tonay@redhat.com>
This fixes the service file removal and makes the playbook
call `systemctl reset-failed` on the service because in Ceph
Nautilus, ceph-crash doesn't handle `SIGTERM` signal.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2055992
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This playbook doesn't support less than 3 monitors present in the inventory.
Just like the rolling_update playbook, let's fail if less than
3 monitors are present.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2049132
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This fixes a couple of issues:
- ansible 2.10 isn't packaged.
- MOCK_CONFIG variable is wrong (centos 8 is EOL)
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Before, creating a pool by providing *only* `pg_num` would result in an
error as it would produce `--pgp-num null`.
This commit fix this behavior by defaulting `pgp_num` value to `pg_num`.
Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
We can't use `{{ cephadm_cmd }}` here because the monitors aren't yet adopted.
We must use `{{ ceph_cmd }}` instead.
This also fixes some filters `| default()` (they must be moved before `| from_json()`)
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967440
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit makes the cephadm-adopt playbook fail if the cluster
has the `POOL_APP_NOT_ENABLED` warning raised.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2040243
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This construct doesn't work as intended since ansible/ansible#74212:
```
item.stdout | default('{}') | from_json
```
That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.
Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:
```
item.stdout | default('{}', True) | from_json
```
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
Set a default value for `item.stdout` before passing it to `from_json()`. The
`when` condition doesn't prevent this template from being evaluated in check
mode, so it fails if `item.stdout` doesn't contain a valid JSON string.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
This construct doesn't work as intended since ansible/ansible#74212:
```
ceph_osd_ids.stdout | default('{}') | from_json
```
That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.
Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:
```
ceph_osd_ids.stdout | default('{}', True) | from_json
```
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
When installing grafana plugins, the container will make http requests.
This requires http proxy otherwise installation cannot be performed. Passed
the proxy vars from all.yml as env args.
Fixes: ceph#6484, ceph#6481
Signed-off-by: John Karasev <john.karasev@intel.com>
In the OpenStack context we let the integration tool (TripleO)
deal with repositories and packages.
This change just adds the with_pkg tag to allow TripleO skipping
both the repositories and packages installation.
Signed-off-by: Francesco Pantano <fpantano@redhat.com>
The current implementation is wrong.
ceph-ansible lists all existing buckets and try to create
an export for each of them.
Instead, it's easier to create the export at the user level.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037691
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
In order to reduce need of module
internal maintenance and to join forces on plugin development,
it's proposed to switch to using upstream version of
config_template module.
As it's shipped as collection, it's installation for end-users
is trivial and aligns with general approach of shipping extra modules.
Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Ansible-lint prior to v5.3.1 has issue with reach version >=11.0.0.
In order to cherry-pick fix to stable branches we fix rich version.
This should be reverted with ansible-lint version bump.
Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
In order to avoid breaking changes, let's use named argument
instead of positional argument syntax in the command line
used to create rgw export.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037691
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
When running in check mode with one or more Ceph daemons that need to be
restarted, the `tmpdirpath.path` variable that several handlers rely on is
undefined, leading to fatal errors.
This commit ensures the tasks that require `tmpdirpath.path` are skipped when
it's undefined.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
This commit [1] seems to have broken a selinux policy preventing nfs-ganesha from
starting properly.
Since we can't address the issue in ceph-ansible, let's disable temporarily nfs-ganesha testing.
[1] dae2da63d5
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Update `After=` and `Wants=` parameters in container systemd units
and make them be aligned with the systemd units that come
from the packaging.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027440
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
When deploying the monitoring stack on a dedicated node, the directory
`/etc/ceph` has never been created. Therefore, the play for adopting the
monitoring stack fails because it can't write the minimal config file.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2029697
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
The pools created by `ceph-rgw` (listed in `rgw_create_pools`) now support a
`ec_crush_device_class` option to specify which device class the EC pool should
use.
It default to being omitted, which means it will use OSDs from any device class
by default.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
The `crush_device_class` option of the `ceph_ec_profile` module was documented
but not implemented.
This commit adds it and ensures its value is updated on the corresponding EC
profile.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
When collocating osds with iscsigw daemons, cephadm bindmounts the
following:
```
-v /var/lib/ceph/6126c064-6a9e-4092-8a64-977930df0843/iscsi.rbd.ceph-ameenasuhani-4fs3bq-node5.vomtqb/configfs:/sys/kernel/config
```
this prevents cephadm-adopt playbook from running container and bindmounting `/var/lib/ceph:/var/lib/ceph:z`
since 'ro' is enough in this playbook, let's replace the ':z' option on
this bindmount with ':ro'
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This makes it possible to call `podman run` with custom bind-mounts.
cephadm-adopt.yml playbook needs it for a very specific use case:
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This is overriding those variables because the precedence at the 'block
var' level is greater than the group_vars/host_vars.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2026861
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
since a variable encrypted with vault is no longer a string but a
encrypted object we can't use the filter | length, we have to convert it
to a string before.
Fixes: #6991
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
cephadm uses its own logrotate configuration file so ceph-ansible needs
to remove that custom file during the cephadm-adopt playbook.
Closes: #6944
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
ceph-facts roles makes decisions based on the fact `rolling_update` so
it must be called before we run this role.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Change needed in order to support --limit on mon nodes.
Otherwise, a call to `hostvars[groups[mon_group_name][0]]['_current_monitor_address']`
throws an error:
```
"The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_current_monitor_address'"
```
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304#c28
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>