Commit Graph

2890 Commits (fbebe3a6979248c290ee0ef1fdf191b8f3394c20)

Author SHA1 Message Date
Guillaume Abrioux c9dd9a09d2 switch to ansible.netcommon.ipwrap
As of 2.10, Ansible moved ipwrap to netcommon collection.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-06-07 16:30:18 +02:00
Guillaume Abrioux 9842b1050f core: bump ansible version
We should consider bumping ansible version for future releases, so let's
start testing against ansible 2.10

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 839fac8f94)
2022-05-13 12:41:17 +02:00
Guillaume Abrioux 71cf666903 common: config rhcs tools repo on all nodes
Otherwise `cephadm` can't be installed during cephadm-adopt.yml
playbook execution.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2073480

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 1e11f879f6)
2022-05-13 12:41:17 +02:00
Guillaume Abrioux 823b9d81b8 facts: follow up on aa0cc93
when these variables are defined in the inventory host file,
all tasks are skipped then because the node being played isn't
aware about the values from the rgw nodes.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063029

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-04-21 13:36:33 +02:00
Guillaume Abrioux 8ca2e9cafa facts: fix mon/mgr collocation
`service dump` hangs when no active mgr is available.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-04-21 10:12:08 +02:00
Guillaume Abrioux 5596360ffd dashboard: fix regression
introduced by ceph/ceph-ansible/pull/7150

when no rgw is present, it fails.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2076192

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-04-21 10:12:08 +02:00
Ingo Ebel f4a3f365f8 added AlmaLinux and Rocky for iscsi deploy
Signed-off-by: Ingo Ebel <ingo.ebel@desy.de>
(cherry picked from commit c5bb450f87)
2022-04-14 08:59:31 +02:00
Guillaume Abrioux aa0cc9381d dashboard: support --limit execution with rgw
When the following conditions are met:

- rgw is deployed,
- dashboard is deployed,
- playbook is called with --limit,
- a node being processed is collocated on either a mon or mgr.

The playbook fails because `rgw_instances` is undefined.
The idea here is to make sure this variable is always defined.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063029

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2022-04-14 08:42:56 +02:00
Guillaume Abrioux 79b1ad47a1 dashboard: allow collecting stats from the host
This commit makes podman bindmount `/:/rootfs:ro` so the container can
collect data from the host.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2028775

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 0f34cd16d8)
2022-04-14 00:37:25 +02:00
pinotelio bc84a1cc31 ceph-facts: fix ansible templating error for auto osd discovery
This commit fixes templating error that occurs when using auto osd discovery. Getting the len before converting the result to a list causes "object of type generator has no len()" error.

Signed-off-by: pinotelio <ahmadreza.mollapour@gmail.com>
(cherry picked from commit f288364c5c)
2022-04-14 00:20:46 +02:00
Guillaume Abrioux 0d6763d4ef validate: drop a check
Since the ISO install method removal, ceph-ansible isn't able
to detect wheter the user is deploying in a 'disconnected environment'.
By the way, given that ceph-ansible is available only for upgrading to RHCS 5,
this check doesn't make sense anymore, let's drop it.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2062147

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 1cd1fa0560)
2022-04-07 16:46:20 +02:00
insatomcat 3ec9b054ce do not update Debian cache when package-install is disabled
When deploying with --skip-tags=package-install (when there is no access to a repository), the playbook is still trying to update the package cache, which makes the playbook fail.
This change prevents the playbook to try to update the cache when the package-install tag is skipped.

Signed-off-by: Florent CARLI <florent.carli@rte-france.com>
(cherry picked from commit 58fdc03e63)
2022-04-04 09:33:39 +02:00
Guillaume Abrioux a5baefea2b dashboard: always set `dashboard_server_addr`
When running the playbook with `--limit`, if the play targeted doesn't match
hosts present in the mgr group the playbook can fail.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2063029

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 72e4654aae)
2022-03-26 21:57:09 +01:00
Teoman ONAY f1f64f0f4f Turn off SELinux separation for containers MON and RGW
Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 7e8ce2567e)
2022-03-10 16:16:04 +01:00
Guillaume Abrioux bcab0d7a55 adopt: fix node labelling
When using group of group, the playbook will apply undesired
labels on nodes.
This commit fixes it by applying only the expected labels.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2057528

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 266b6e739c)
2022-03-03 17:01:58 +01:00
Teoman ONAY c3ce6fc41a Enable user to change the account used for ssh connection
By default cephadm uses root account to connect remotely
to other nodes in the cluster. This change allows to choose
another account.
This commit also allows to use a dedicated subnet for cephadm mgmt.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit da42f3d139)
2022-03-03 17:01:58 +01:00
Seena Fallah 823583a7ff ceph-facts: ignore mounted disks on osd auto discovery
Ignore disks with active mountpoint when osd_auto_discovery is true

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 9d87fd87cb)
2022-03-02 10:09:16 +01:00
Benoît Knecht df0901e879 ceph-facts: Fix get_def_crush_rule_name.yml in check mode
This construct doesn't work as intended since ansible/ansible#74212:

```
item.stdout | default('{}') | from_json
```

That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.

Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:

```
item.stdout | default('{}', True) | from_json
```

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 7684d892c0)
2022-02-16 09:50:24 +01:00
Benoît Knecht 9675e146ee ceph-osd: Fix crush_rules.yml in check mode
Set a default value for `item.stdout` before passing it to `from_json()`. The
`when` condition doesn't prevent this template from being evaluated in check
mode, so it fails if `item.stdout` doesn't contain a valid JSON string.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit ef05e9a313)
2022-02-16 09:50:24 +01:00
Benoît Knecht 54b400089c ceph-osd: Fix start_osds.yml in check mode
This construct doesn't work as intended since ansible/ansible#74212:

```
ceph_osd_ids.stdout | default('{}') | from_json
```

That PR made the `command` module return `stdout` even in check mode (setting
it to the empty string), so `default()` has no effect in that case and
`from_json()` fails to parse an empty string.

Instead, `default()` needs to be invoked with its second argument set to
`True`, so that it replaces any `False` value (such as an empty string) with
its first argument:

```
ceph_osd_ids.stdout | default('{}', True) | from_json
```

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 0b3a608216)
2022-02-16 09:50:24 +01:00
Benoît Knecht 948807d494 ceph-handler: Fix check mode
When running in check mode with one or more Ceph daemons that need to be
restarted, the `tmpdirpath.path` variable that several handlers rely on is
undefined, leading to fatal errors.

This commit ensures the tasks that require `tmpdirpath.path` are skipped when
it's undefined.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit bffca06837)
2022-02-16 09:44:52 +01:00
Guillaume Abrioux 7876d24a78 validate: support obs repository
Otherwise, installation on SuSe fails.

Fixes: #6996

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 64196ce3a3)
2022-02-15 18:19:11 +01:00
John Karasev 9d7e3bf2bb ceph-grafana: Add proxy env vars to grafana service template
When installing grafana plugins, the container will make http requests.
This requires http proxy otherwise installation cannot be performed. Passed
the proxy vars from all.yml as env args.
Fixes: ceph#6484, ceph#6481

Signed-off-by: John Karasev <john.karasev@intel.com>
(cherry picked from commit 79ca442d53)
2022-02-09 11:34:57 +01:00
Guillaume Abrioux f7389ecf25 nfs-ganesha: fix debian based OS deployments
Let's use ppa repositories in order to deploy nfs-ganesha on Debian based OS.

Fixes: #7031

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit c491e67486)
2022-01-31 09:39:26 +01:00
Danny Webb 29763efdc3 make grafana network a configurable option
Signed-off-by: Danny Webb <danny.webb@thehutgroup.com>
(cherry picked from commit 189ff93372)
2022-01-19 10:08:05 +01:00
Guillaume Abrioux 9f04949ba0 container: align systemd units with rpm
Update `After=` and `Wants=` parameters in container systemd units
and make them be aligned with the systemd units that come
from the packaging.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027440

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f01536ea19)
2021-12-15 13:49:37 +01:00
Guillaume Abrioux 993e4822c3 common: remove legacy repositories
As of rhceph-5, those repositories don't longer exist.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2032790

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit dc8940fe1c)
2021-12-15 13:36:02 +01:00
Guillaume Abrioux ef9921c215 validate: fix bug when using vault
since a variable encrypted with vault is no longer a string but a
encrypted object we can't use the filter | length, we have to convert it
to a string before.

Fixes: #6991

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 6ad7e52869)
2021-11-29 13:40:59 +01:00
Guillaume Abrioux 8f648269ec update: support --limit on monitor nodes
Change needed in order to support --limit on mon nodes.
Otherwise, a call to `hostvars[groups[mon_group_name][0]]['_current_monitor_address']`
throws an error:

```
"The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_current_monitor_address'"
```

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2014304#c28

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 82eee4303b)
2021-11-03 08:48:38 +01:00
Seena Fallah f6c410109b ceph-validate: export validate repository vars as a task
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 4f6da9d92f)
2021-10-13 08:10:05 +02:00
Seena Fallah 7fd5bd42b7 ceph-common: export repository configuration to a single task
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit e79bda9a05)
2021-10-13 08:10:05 +02:00
Guillaume Abrioux 07813aba14 tests: remove all references to ceph_stable_release
this is legacy and not needed anymore.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f277a39dfe)
2021-10-02 20:45:35 +02:00
Seena Fallah 12f0f711f4 ceph-defaults: set ceph_stable_release default to the stable branch release
ceph_stable_release is a legacy from the time where a single branch of ceph-ansible supported more than one release of ceph

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit fb99626987)
2021-10-02 20:45:35 +02:00
Guillaume Abrioux af964565bc dashboard: retry setting rgw-credentials
for some reason, this task can fail in the CI.
Adding a retry can help to avoid this failure.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f8d49827a4)
2021-09-30 18:30:38 +02:00
Alex Lambert fe617bed09 dashboard: allow disabling of unused features
Unconfigured dashboard features can lead to empty tabs in the dashboard
containing no meaningful content. Allow users to disable dashboard features
they know will not be used.

A list of features to be disabled allows the user to define a streamlined
dashboard as standard across deployments. Defaults to disabling no features,
ensuring that users are sure they do not need the dashboard feature before
disabling it.

Signed-off-by: Alex Lambert <lamberta@microsoft.com>
(cherry picked from commit a9680ab17f)
2021-09-29 16:31:34 +02:00
Dimitri Savineau 942420088a ceph-dashboard: fix oject gateway integration
Since [1] multiple ceph dashboard commands have been removed and this is
breaking the current ceph-ansible dashboard with RGW automation.
This removes the following dashboard rgw commands:

- ceph dashboard set-rgw-api-access-key
- ceph dashboard set-rgw-api-secret-key
- ceph dashboard set-rgw-api-host
- ceph dashboard set-rgw-api-port
- ceph dashboard set-rgw-api-scheme

Which are replaced by `ceph dashboard set-rgw-credentials`

The RGW user creation task is also removed.

Finally moving the delegate_to statement from the rgw tasks at the block
level.

[1] https://github.com/ceph/ceph/pull/42252

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 2ee2194ee0)
2021-09-18 06:35:33 +02:00
Dimitri Savineau 121bb58f20 ceph-defaults: set quay.io as the default registry
Because the ceph container images are now only pushed to the quay.io
registry then this updates the default registry value.
The docker.io registry can still be used but doesn't receive updated
container images.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit e7b43c1fc6)
2021-09-09 13:42:49 +02:00
Seena Fallah 1626caaf6a ceph-container-engine: allow override container_package_name and container_service_name
Only include specific variables when they are undefined

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 95bce32270)
2021-09-08 15:35:04 +02:00
Dimitri Savineau f71b172d2b container: explicitly pull monitoring images
We don't pull the monitoring container images (alertmanager, prometheus,
node-exporter and grafana) in a dedicated task like we're doing for the
ceph container image.
This means that the container image pull is done during the start of the
systemd service.
By doing this, pulling the image behind a proxy isn't working with podman.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1995574

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 5bb7240f87)
2021-08-23 16:08:10 -04:00
Guillaume Abrioux 299c81c58b iscsi: don't set default value for trusted_ip_list
It restricts access to the iSCSI API.
It can be left empty if the API isn't going to be access from outside the
gateway node

Even though this seems to be a limited use case, it's better to leave it
empty by default than having a meaningless default value.

We could make this variable mandatory but that would be a breaking
change. Let's just add a logic in the template in order to set this
variable in the configuration file only if it was specified by users.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1994930

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Co-authored-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 6802b8dddd)
2021-08-19 12:06:42 -04:00
Guillaume Abrioux d7311aeefc containers: introduce target systemd unit
This adds ceph-*.target systemd unit files support for containerized
deployments.
This also fixes a regression introduced by PR #6719 (rgw and nfs systemd
units not getting purged)

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1962748

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 09ef465f62)
2021-08-18 13:42:50 -04:00
Guillaume Abrioux a4f8bc688d roles: remove leftover from pr #4319
pr #4319 introduced some uesless `become: true` on systemd tasks.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 1db8fa8989)
2021-08-18 11:08:21 -04:00
Dimitri Savineau 490a1c6ba6 ceph-mon: do not log monitor keyring
We don't want to display the keyring in the ansible log.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit e44075abd6)
2021-08-12 13:30:50 +02:00
Guillaume Abrioux 634baa9b63 common: do not log keyring secret
let's not display any keyring secret by default in ansible log.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1980744

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 7511195738)
2021-08-11 14:59:25 -04:00
Dimitri Savineau 4b090b661e ceph-dashboard: fix TLS cert openssl generation
With OpenSSL version prior 1.1.1 (like CentOS 7 with 1.0.2k), the -addext
doesn't exist.
As a solution, this uses the default openssl.cnf configuration file as a
template and add the subjectAltName in the v3_ca section. This temp openssl
configuration file is removed after the TLS certificate creation.
This patch also move the run_once statement at the block level.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 5e0ace7e54)
2021-08-09 15:14:30 -04:00
Guillaume Abrioux f02295be85 dashboard: subj_alt_names fact refactor
the current way the variable is built results in:

```
2021-08-03 04:18:23,020 - ceph.ceph - INFO - ok: [ceph-sangadi-4x-indpt6-node1-installer] => changed=false
  ansible_facts:
    subj_alt_names: |-
      subjectAltName=ceph-sangadi-4x-indpt6-node1-installer/subjectAltName=10.0.210.223/subjectAltName=ceph-sangadi-4x-indpt6-node1-installersubjectAltName=ceph-sangadi-4x-indpt6-node2/subjectAltName=10.0.210.252/subjectAltName=ceph-sangadi-4x-indpt6-node2/
```

which is incorrect.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 6f1a0634f7)
2021-08-09 15:14:30 -04:00
Teoman ONAY f8facde33a podman pids.max default value is 2048, docker's one is 4096 which are
sufficient for the default value (512) of rgw thread pool size.
But if its value is increased near to the pids-limit value,
it does not leave place for the other processes to spawn and run within
the container and the container crashes.

pids-limit set to unlimited regardless of the container engine.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987041

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 9b5d97adb9)
2021-08-05 11:04:18 -04:00
Dimitri Savineau 31cc8bd2aa osds: use osd pool ls instead of osd dump command
The ceph osd pool ls detail command is a subset of the ceph osd dump
command.

$ ceph osd dump --format json|wc -c
10117
$ ceph osd pool ls detail --format json|wc -c
4740

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 06471a4b82)
2021-08-03 13:57:14 -04:00
Benoît Knecht 39fa5e2f2c ceph-handler: Fix osd handler in check mode
Run the Ceph commands that only gather information (without making any changes
to the cluster) when running Ansible in check mode.

This allows the tasks that depend on the variables set by those tasks to
succeed in check mode.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 498acd7527)
2021-08-02 15:53:49 +02:00
Dimitri Savineau 877b99b17e ceph-defaults: update grafana dashboards source
We currently download the grafana dashboars from the ceph@master branch
for all ceph releases.
We should use the right ceph branch according to the ceph release.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2021-07-27 11:44:43 -04:00