--- - name: set_fact container_exec_cmd set_fact: container_exec_cmd: "{{ container_binary }} exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_hostname'] }}" when: containerized_deployment | bool - name: disable SSL for dashboard command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl false" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true when: dashboard_protocol == "http" - name: with SSL for dashboard when: dashboard_protocol == "https" block: - name: enable SSL for dashboard command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl true" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: copy dashboard SSL certificate file copy: src: "{{ dashboard_crt }}" dest: "/etc/ceph/ceph-dashboard.crt" owner: root group: root mode: 0440 when: dashboard_crt | length > 0 - name: copy dashboard SSL certificate key copy: src: "{{ dashboard_key }}" dest: "/etc/ceph/ceph-dashboard.key" owner: root group: root mode: 0440 when: dashboard_key | length > 0 - name: generate and copy self-signed certificate when: dashboard_key | length == 0 or dashboard_crt | length == 0 block: - name: generate a Self Signed OpenSSL certificate for dashboard shell: | test -f /etc/ceph/ceph-dashboard.key -a -f /etc/ceph/ceph-dashboard.crt || \ openssl req -new -nodes -x509 -subj '/O=IT/CN=ceph-dashboard' -days 3650 -keyout /etc/ceph/ceph-dashboard.key -out /etc/ceph/ceph-dashboard.crt -extensions v3_ca run_once: True - name: slurp self-signed generated certificate for dashboard slurp: src: "/etc/ceph/{{ item }}" run_once: True with_items: - 'ceph-dashboard.key' - 'ceph-dashboard.crt' register: slurp_self_signed_crt - name: copy self-signed generated certificate on mons copy: dest: "{{ item.0.source }}" content: "{{ item.0.content | b64decode }}" owner: "{{ ceph_uid }}" group: "{{ ceph_uid }}" mode: "{{ '0600' if item.0.source.split('.')[-1] == 'key' else '0664' }}" delegate_to: "{{ item.1 }}" run_once: True with_nested: - "{{ slurp_self_signed_crt.results }}" - "{{ groups[mon_group_name] }}" - name: import dashboard certificate file command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/crt -i /etc/ceph/ceph-dashboard.crt" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: import dashboard certificate key command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/key -i /etc/ceph/ceph-dashboard.key" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: "set the dashboard port ({{ dashboard_port }})" command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/server_port {{ dashboard_port }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: "set the dashboard SSL port ({{ dashboard_port }})" command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl_server_port {{ dashboard_port }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0 - include_tasks: configure_dashboard_backends.yml with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}' vars: dashboard_backend: '{{ item }}' - name: disable mgr dashboard module (restart) command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: enable mgr dashboard module (restart) command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module enable dashboard" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: set or update dashboard admin username and password shell: | if {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}; then {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} else {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} fi {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-roles {{ dashboard_admin_user | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }} retries: 6 delay: 5 register: ac_result delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false until: ac_result.rc == 0 - name: set grafana api user command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-username {{ grafana_admin_user }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: set grafana api password command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-password {{ grafana_admin_password }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: disable ssl verification for grafana command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false when: - dashboard_protocol == "https" - dashboard_grafana_api_no_ssl_verify | bool - name: set alertmanager host command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-alertmanager-api-host http://{{ grafana_server_addrs | first }}:{{ alertmanager_port }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: set prometheus host command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-prometheus-api-host http://{{ grafana_server_addrs | first }}:{{ prometheus_port }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - include_tasks: configure_grafana_layouts.yml with_items: '{{ grafana_server_addrs }}' vars: grafana_server_addr: '{{ item }}' - name: config grafana api url vip command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-url {{ dashboard_protocol }}://{{ dashboard_frontend_vip }}:{{ grafana_port }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false when: dashboard_frontend_vip is defined and dashboard_frontend_vip |length > 0 - name: dashboard object gateway management frontend when: groups.get(rgw_group_name, []) | length > 0 block: - name: get radosgw system user command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin --cluster {{ cluster }} user info --uid={{ dashboard_rgw_api_user_id }}" register: get_rgw_user until: get_rgw_user.rc == 0 retries: 3 delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true failed_when: false changed_when: false - name: create radosgw system user command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin --cluster {{ cluster }} user create --uid={{ dashboard_rgw_api_user_id }} --display-name='Ceph dashboard' --system" register: create_rgw_user until: create_rgw_user.rc == 0 retries: 3 delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true when: - not rgw_multisite | bool or rgw_zonemaster | bool - get_rgw_user.rc == 22 - name: get the rgw access and secret keys set_fact: rgw_access_key: "{{ (create_rgw_user.stdout | default(get_rgw_user.stdout) | from_json)['keys'][0]['access_key'] }}" rgw_secret_key: "{{ (create_rgw_user.stdout | default(get_rgw_user.stdout) | from_json)['keys'][0]['secret_key'] }}" run_once: true - name: set the rgw user command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-user-id {{ dashboard_rgw_api_user_id }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: set the rgw access key command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-access-key {{ rgw_access_key }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: set the rgw secret key command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-secret-key {{ rgw_secret_key }}" delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true changed_when: false - name: set the rgw host command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-host {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_address'] }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: set the rgw port command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-port {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_frontend_port'] }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: set the rgw scheme command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-scheme {{ 'https' if radosgw_frontend_ssl_certificate else 'http' }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: set the rgw admin resource command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-admin-resource {{ dashboard_rgw_api_admin_resource }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true when: dashboard_rgw_api_admin_resource | length > 0 - name: disable ssl verification for rgw command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-ssl-verify False" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true when: - dashboard_rgw_api_no_ssl_verify | bool - radosgw_frontend_ssl_certificate | length > 0 - name: dashboard iscsi management when: groups.get(iscsi_gw_group_name, []) | length > 0 block: - name: disable iscsi api ssl verification command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-iscsi-api-ssl-verification false" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true when: - api_secure | default(false) | bool - generate_crt | default(false) | bool - name: add iscsi gateways - ipv4 command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" with_items: "{{ groups[iscsi_gw_group_name] }}" run_once: true when: ip_version == 'ipv4' - name: add iscsi gateways - ipv6 command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" with_items: "{{ groups[iscsi_gw_group_name] }}" run_once: true when: ip_version == 'ipv6' - name: disable mgr dashboard module (restart) command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true - name: enable mgr dashboard module (restart) command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module enable dashboard" changed_when: false delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true