Add --security-opt label=disable to all containers
accessing /var/lib/ceph. podman selinux relabeling behavious changed
since version podman-3:4.2.0-1 which prevent some containers to access
files in these subdirectories.
Signed-off-by: Teoman ONAY <tonay@ibm.com>
We need to make sure `rgw_instances` is set before `ceph.conf` is
rendered. Otherwise, the `ceph-crash` play in the main playbook updates
(via ceph-handler) the `ceph.conf` on rgw nodes and removes rgw instances
sections.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2141604
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit e47288ef6c)
These tasks are unnecessary executed when deploying client nodes on
an external Ceph cluster.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2151285
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Changed the when condition to only execute that fact setting on RGW
nodes while before it was run on all nodes and failed if the node
was not on the same network range as the RGW.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2131150
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 590e57cc1b)
in order to avoid the following error:
```
multiple RX peers are not currently supported
```
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037646
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit aa64747cd1)
This `run_once: true` breaks multiple rbd-mirror daemons support
as it would make all rbd-mirror daemons use the same keyring.
Each rbd-mirror daemon needs its own keyring in order to start.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037646
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit cfe6ca7adf)
This task doesn't setup a proper keyring.
This task wasn't backported because it relies on a feature of the `ceph_key` module that wasn't
available in the branch `rhcs-4.3`.
Given that this feature is now backported, let's use it.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2037646
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
The ceph_key module currently only supports the json output for the
info state.
When using this state on an entity then we something want the output
as:
- plain for copying it to another node.
- json in order to get only a subset information of the entity (like
the key or caps).
This patch adds the output_format parameter which uses json as a
default value for backward compatibility. It removes the internal and
hardcoded variable also called output_format.
In addition of json and plain outputs, there's also xml and yaml
values available.
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 7d3d51d6da)
If `osd_memory_target` is set in group_vars, the default value (4Gb)
should be overridden.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2118544
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 03713070eb)
When we come from configure_dashboard.yml, this fact should be set if
`rgw_instances` is defined in group_vars/host_vars. Otherwise, the next
task that set the fact `rgw_instances` will be run as it will assume it
wasn't user defined.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2117294
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 33ac715cfb)
the daemon is not running on the 'primary' daemon.
Therefore, these tests are not needed.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 37e67fb672)
In order to not have to always reproduce it when a failure shows up in the CI
having the failure logged can make us save some time.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f1239b6907)
- Use config-key store to add cluster peer.
- Support multiple pools mirroring.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit b74ff6e22c)
When 'osd_memory_target' is overridden in ceph_conf_overrides.
The task that sets the fact `osd_memory_target` in the ceph-config role
should be skipped.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2056675#c11
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit cb5d6b48fb)
"set_fact container_run_cmd" is not set when using --limit on MDS as facts
were not run on first MON.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2111017
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 9a4a3f5f19)
Add missing `--cluster {{ cluster }}` on task
`set osd_memory_target` in the main.yml file of the
ceph-config role.
Also it moves the task after ceph configuration file is actually written.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 9f59c7286f)
- preserve mode and ownership on main directories
- make sure the directories are well present prior to restoring files.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2051640
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 047af3a3f6)
If the user doesn't pass a valid name (present in the inventory)
the playbook will fail like following:
```
fatal: [localhost -> {{ target_node }}]: FAILED! =>
msg: |-
The task includes an option with an undefined variable. The error was: "hostvars['10.70.46.40']" is undefined
```
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2051640
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit b18a1aa3ca)
Typical failure:
```
fatal: [localhost]: FAILED! =>
msg: |-
The conditional check 'mode not in ['backup', 'restore']' failed. The error was: error while evaluating conditional (mode not in ['backup', 'restore']): 'mode' is undefined
```
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2051640
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 848dd03fa6)
If the physical disk to device path mapping has changed since the
last ceph-volume simple scan (e.g. addition or removal of disks),
a wrong disk could be deleted.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2071035
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 64e08f2c0b)
use `include_tasks` instead of `import_tasks`.
Given that with `import_tasks` statements are preprocessed
and the tasks that defines it hasn't been run yet, it will fail
and complain like following:
```
The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_interface'
```
Using `include_tasks` instead fixes this.
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 434793e2fe)
(cherry picked from commit d57377ef61)
there's no need to run the roles ceph-facts, ceph-config and ceph-client
altogether on client nodes in rolling update playbook.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2019831
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 817c03bc0e)
(cherry picked from commit c0da98b1d6)
Update `After=` and `Wants=` parameters in container systemd units
and make them be aligned with the systemd units that come
from the packaging.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2027440
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f01536ea19)
(cherry picked from commit 690c879aef)
This playbook doesn't support less than 3 monitors present in the inventory.
Just like the rolling_update playbook, let's fail if less than
3 monitors are present.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2049132
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f08129edf2)
(cherry picked from commit b970ab6691)
This commit makes podman bindmount `/:/rootfs:ro` so the container can
collect data from the host.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2028775
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 0f34cd16d8)
(cherry picked from commit 2e2d893d28)
Teoman ONAY
Guillaume Abrioux
David Galloway
Teoman ONAY
Dimitri Savineau