Commit Graph

6030 Commits (bba9955bf7efdc74cf6d389c29774a9f1664951a)
 

Author SHA1 Message Date
Teoman ONAY f851d3232c Using another user than root for cephadm ssh connections fails
Fixes commit da42f3d139

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2048734

Signed-off-by: Teoman ONAY <tonay@redhat.com>
2022-03-20 12:51:16 +01:00
Guillaume Abrioux 3e87df5e8f tests: update the system before deploying
Having a system up-to-date is usually a good idea.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-03-20 08:13:38 +01:00
Guillaume Abrioux 51bc8cb636 upgrade: block upgrade when rgw multisite is active
With this commit, upgrading a cluster from Nautilus to Pacific with
active rgw multisite replication will be blocked.
This is because a lot of bugs are currently present in Pacific regarding
RGW multisite.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063702

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-03-20 08:13:38 +01:00
Teoman ONAY 7e8ce2567e Turn off SELinux separation for containers MON and RGW
Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
2022-03-08 14:45:45 +01:00
Guillaume Abrioux 266b6e739c adopt: fix node labelling
When using group of group, the playbook will apply undesired
labels on nodes.
This commit fixes it by applying only the expected labels.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2057528

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-03-03 15:52:00 +01:00
Teoman ONAY f8c6bba657 Add cluster custom name support
When using cluster custom names, cephadm commands are executed using
the default admin keyring name which fails.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
2022-03-03 15:52:00 +01:00
Teoman ONAY da42f3d139 Enable user to change the account used for ssh connection
By default cephadm uses root account to connect remotely
to other nodes in the cluster. This change allows to choose
another account.
This commit also allows to use a dedicated subnet for cephadm mgmt.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
2022-03-03 15:52:00 +01:00
Guillaume Abrioux 2f11982590 purge: ceph-crash purge fixes
This fixes the service file removal and makes the playbook
call `systemctl reset-failed` on the service because in Ceph
Nautilus, ceph-crash doesn't handle `SIGTERM` signal.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2055992

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-03-02 10:08:35 +01:00
Guillaume Abrioux f08129edf2 switch2containers: fail if less than 3 monitors
This playbook doesn't support less than 3 monitors present in the inventory.
Just like the rolling_update playbook, let's fail if less than
3 monitors are present.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2049132

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-21 21:07:27 +01:00
Seena Fallah 9d87fd87cb ceph-facts: ignore mounted disks on osd auto discovery
Ignore disks with active mountpoint when osd_auto_discovery is true

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
2022-02-21 17:15:30 +01:00
Mathias Chapelain 6c0c53fa2d tests/library: Add radosgw_caps tests
Provide basic tests for `radosgw_caps` module.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-16 09:44:36 +01:00
Mathias Chapelain 65003f4ff9 library: Add radosgw_caps to manage capabilities
This commit add `radosgw_caps` module to be able to manage RadosGW users
capabilities.

Usage from module's documentation:
```YAML
- name: add users read write and all buckets capabilities
  radosgw_caps:
    name: foo
    state: present
    caps:
      - users=read,write
      - buckets=*
- name: remove usage write capabilities
  radosgw_caps:
    name: foo
    state: absent
    caps:
      - usage=write
```

This module support check mode by simulating the original `radosgw-admin`
behavior when adding capabilities.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-16 09:44:36 +01:00
Mathias Chapelain 055326be7c module_utils/ca_common: Add optional diff argument to exit_module
Add optional `diff` argument defaulting to `{ "before": "", "after": ""}`.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-16 09:44:36 +01:00
Guillaume Abrioux 3e5bc30c87 rpm: fix packaging
This fixes a couple of issues:

- ansible 2.10 isn't packaged.
- MOCK_CONFIG variable is wrong (centos 8 is EOL)

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-15 17:37:22 +01:00
Joel Capitao 78c56f1c5f Update EPEL mock config
CL8 is EOL since 31st January 2022 [1].
So the EPEL mock config needs to be switched to
new one supported [2][3].

[1] https://www.centos.org/centos-linux-eol/
[2] https://pagure.io/epel/issue/133
[3] https://github.com/rpm-software-management/mock/pull/817

Signed-off-by: Joel Capitao <jcapitao@redhat.com>
2022-02-15 16:39:17 +01:00
Mathias Chapelain f0f1dd986a library/ceph_pool: Fix potential null value when creating pools
Before, creating a pool by providing *only* `pg_num` would result in an
error as it would produce `--pgp-num null`.

This commit fix this behavior by defaulting `pgp_num` value to `pg_num`.

Signed-off-by: Mathias Chapelain <mathias.chapelain@proton.ch>
2022-02-15 15:54:07 +01:00
Guillaume Abrioux 94e51d5c14 adopt: fix rbd-mirror adoption
We can't use `{{ cephadm_cmd }}` here because the monitors aren't yet adopted.
We must use `{{ ceph_cmd }}` instead.
This also fixes some filters `| default()` (they must be moved before `| from_json()`)

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967440

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-09 20:58:27 +01:00
Guillaume Abrioux f30767432b adopt: fix bug in mon_ip_list set_fact
`default('{}')` must be before `| from_json`

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-09 11:32:00 +01:00
Guillaume Abrioux ddae06e1a2 adopt: check for POOL_APP_NOT_ENABLED warning
This commit makes the cephadm-adopt playbook fail if the cluster
has the `POOL_APP_NOT_ENABLED` warning raised.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2040243

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-02-09 11:32:00 +01:00
Benoît Knecht 7684d892c0 ceph-facts: Fix get_def_crush_rule_name.yml in check mode
This construct doesn't work as intended since ansible/ansible#74212:

```
item.stdout | default('{}') | from_json
```

That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.

Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:

```
item.stdout | default('{}', True) | from_json
```

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-02-07 14:13:19 +01:00
Benoît Knecht ef05e9a313 ceph-osd: Fix crush_rules.yml in check mode
Set a default value for `item.stdout` before passing it to `from_json()`. The
`when` condition doesn't prevent this template from being evaluated in check
mode, so it fails if `item.stdout` doesn't contain a valid JSON string.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-02-07 14:13:19 +01:00
Benoît Knecht 0b3a608216 ceph-osd: Fix start_osds.yml in check mode
This construct doesn't work as intended since ansible/ansible#74212:

```
ceph_osd_ids.stdout | default('{}') | from_json
```

That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.

Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:

```
ceph_osd_ids.stdout | default('{}', True) | from_json
```

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-02-07 14:13:19 +01:00
John Karasev 79ca442d53 ceph-grafana: Add proxy env vars to grafana service template
When installing grafana plugins, the container will make http requests.
This requires http proxy otherwise installation cannot be performed. Passed
the proxy vars from all.yml as env args.
Fixes: ceph#6484, ceph#6481

Signed-off-by: John Karasev <john.karasev@intel.com>
2022-02-07 14:09:22 +01:00
jowsiewski 1dfd195c7e Remove the remaining packages
Signed-off-by: jowsiewski <owsiewski@gmail.com>
2022-02-04 10:00:44 +01:00
Francesco Pantano 12dd8b5df1 Add with_pkg tag on package related tasks
In the OpenStack context we let the integration tool (TripleO)
deal with repositories and packages.
This change just adds the with_pkg tag to allow TripleO skipping
both the repositories and packages installation.

Signed-off-by: Francesco Pantano <fpantano@redhat.com>
2022-02-01 16:04:10 +01:00
Guillaume Abrioux bc36f60e8d tests: use centos stream-8 instead of centos 8
CentOS 8 is EOL as of December 2021.
Let's use CentOS stream 8 instead.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-31 15:58:58 +01:00
Guillaume Abrioux 7f517cdd22 adopt: create nfs exports at the user level
The current implementation is wrong.
ceph-ansible lists all existing buckets and try to create
an export for each of them.
Instead, it's easier to create the export at the user level.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037691

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-28 15:16:30 +01:00
Guillaume Abrioux c491e67486 nfs-ganesha: fix debian based OS deployments
Let's use ppa repositories in order to deploy nfs-ganesha on Debian based OS.

Fixes: #7031

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-19 13:42:10 +01:00
Dmitriy Rabotyagov 2eb0a88a67 Use upstream config_template collection
In order to reduce need of module
internal maintenance and to join forces on plugin development,
it's proposed to switch to using upstream version of
config_template module.

As it's shipped as collection, it's installation for end-users
is trivial and aligns with general approach of shipping extra modules.

Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
2022-01-18 20:22:10 +01:00
Dmitriy Rabotyagov 583e60af84 Fix rich version for ansible-lint
Ansible-lint prior to v5.3.1 has issue with reach version >=11.0.0.
In order to cherry-pick fix to stable branches we fix rich version.

This should be reverted with ansible-lint version bump.

Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
2022-01-14 13:51:45 +01:00
yasinlachiny 2a28758472 cephadm: set allow_overwrite at bootstrap step
Signed-off-by: yasinlachiny <yasin.lachiny@gmail.com>
2022-01-07 10:08:33 +01:00
Guillaume Abrioux aee1f06497 cephadm-adopt: use named args in rgw export creation
In order to avoid breaking changes, let's use named argument
instead of positional argument syntax in the command line
used to create rgw export.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037691

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-06 15:56:07 +01:00
Benoît Knecht bffca06837 ceph-handler: Fix check mode
When running in check mode with one or more Ceph daemons that need to be
restarted, the `tmpdirpath.path` variable that several handlers rely on is
undefined, leading to fatal errors.

This commit ensures the tasks that require `tmpdirpath.path` are skipped when
it's undefined.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2022-01-06 10:46:55 +01:00
Guillaume Abrioux 3f923d69ac tests: temporarily disable nfs-ganesha
This commit [1] seems to have broken a selinux policy preventing nfs-ganesha from
starting properly.

Since we can't address the issue in ceph-ansible, let's disable temporarily nfs-ganesha testing.

[1] dae2da63d5

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-01-05 15:41:44 +01:00
Guillaume Abrioux dc8940fe1c common: remove legacy repositories
As of rhceph-5, those repositories don't longer exist.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2032790

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-15 13:28:50 +01:00
Guillaume Abrioux 817c03bc0e update: speed up client play
wip

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-15 08:42:23 +01:00
Guillaume Abrioux f01536ea19 container: align systemd units with rpm
Update `After=` and `Wants=` parameters in container systemd units
and make them be aligned with the systemd units that come
from the packaging.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027440

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-14 13:46:27 +01:00
Guillaume Abrioux 7ece59b41d cephadm-adopt: ensure /etc/ceph is present on monitoring node
When deploying the monitoring stack on a dedicated node, the directory
`/etc/ceph` has never been created. Therefore, the play for adopting the
monitoring stack fails because it can't write the minimal config file.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2029697

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-07 22:06:46 +01:00
Danny Webb 189ff93372 make grafana network a configurable option
Signed-off-by: Danny Webb <danny.webb@thehutgroup.com>
2021-12-02 08:53:58 +01:00
Guillaume Abrioux 20035852a4 purge: remove ceph directories on client nodes
Otherwise any ceph directories are left over on client nodes
after the purge.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2024815

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-02 08:53:24 +01:00
Guillaume Abrioux 64196ce3a3 validate: support obs repository
Otherwise, installation on SuSe fails.

Fixes: #6996

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-12-02 08:51:45 +01:00
Benoît Knecht b29a6b18f8 roles/ceph-rgw: Support CRUSH device class
The pools created by `ceph-rgw` (listed in `rgw_create_pools`) now support a
`ec_crush_device_class` option to specify which device class the EC pool should
use.

It default to being omitted, which means it will use OSDs from any device class
by default.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2021-12-01 08:39:14 +01:00
Benoît Knecht 09b56a8890 library/ceph_ec_profile.py: Support CRUSH device class
The `crush_device_class` option of the `ceph_ec_profile` module was documented
but not implemented.

This commit adds it and ensures its value is updated on the corresponding EC
profile.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2021-12-01 08:39:14 +01:00
Guillaume Abrioux c4fdf956bd cephadm-adopt: bindmount /var/lib/ceph with 'ro'
When collocating osds with iscsigw daemons, cephadm bindmounts the
following:

```
-v /var/lib/ceph/6126c064-6a9e-4092-8a64-977930df0843/iscsi.rbd.ceph-ameenasuhani-4fs3bq-node5.vomtqb/configfs:/sys/kernel/config
```

this prevents cephadm-adopt playbook from running container and bindmounting `/var/lib/ceph:/var/lib/ceph:z`

since 'ro' is enough in this playbook, let's replace the ':z' option on
this bindmount with ':ro'

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-30 18:39:31 +01:00
Guillaume Abrioux b02d71c307 ceph_volume: support overriding bind-mounts
This makes it possible to call `podman run` with custom bind-mounts.

cephadm-adopt.yml playbook needs it for a very specific use case:

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027411

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-30 18:39:31 +01:00
Guillaume Abrioux e5ea2ece99 adopt: fix ceph_origin and ceph_repository defaults
This is overriding those variables because the precedence at the 'block
var' level is greater than the group_vars/host_vars.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2026861

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-29 13:40:00 +01:00
Guillaume Abrioux 6ad7e52869 validate: fix bug when using vault
since a variable encrypted with vault is no longer a string but a
encrypted object we can't use the filter | length, we have to convert it
to a string before.

Fixes: #6991

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-16 16:23:27 +01:00
Dimitri Savineau c41241244e cephadm-adopt: remove logrotate configuration
cephadm uses its own logrotate configuration file so ceph-ansible needs
to remove that custom file during the cephadm-adopt playbook.

Closes: #6944

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-11-03 08:49:24 +01:00
Guillaume Abrioux e5edcc4214 update: move a set_fact
ceph-facts roles makes decisions based on the fact `rolling_update` so
it must be called before we run this role.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-11-03 08:48:09 +01:00
Guillaume Abrioux 82eee4303b update: support --limit on monitor nodes
Change needed in order to support --limit on mon nodes.
Otherwise, a call to `hostvars[groups[mon_group_name][0]]['_current_monitor_address']`
throws an error:

```
"The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_current_monitor_address'"
```

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304#c28

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2021-10-28 21:47:01 +02:00