ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/roles/ceph-dashboard/tasks/configure_dashboard.yml

290 lines
13 KiB
YAML
Raw Blame History

---
- name: set_fact container_exec_cmd
set_fact:
container_exec_cmd: "{{ container_binary }} exec ceph-mon-{{ hostvars[groups[mon_group_name][0]]['ansible_hostname'] }}"
when: containerized_deployment | bool
- name: disable SSL for dashboard
when: dashboard_protocol == "http"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
block:
- name: get SSL status for dashboard
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config get mgr mgr/dashboard/ssl"
changed_when: false
register: current_ssl_for_dashboard
- name: disable SSL for dashboard
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl false"
when: current_ssl_for_dashboard.stdout == "true"
- name: with SSL for dashboard
when: dashboard_protocol == "https"
block:
- name: enable SSL for dashboard
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl true"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: copy dashboard SSL certificate file
copy:
src: "{{ dashboard_crt }}"
dest: "/etc/ceph/ceph-dashboard.crt"
owner: root
group: root
mode: 0440
remote_src: "{{ dashboard_tls_external | bool }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
when: dashboard_crt | length > 0
- name: copy dashboard SSL certificate key
copy:
src: "{{ dashboard_key }}"
dest: "/etc/ceph/ceph-dashboard.key"
owner: root
group: root
mode: 0440
remote_src: "{{ dashboard_tls_external | bool }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
when: dashboard_key | length > 0
- name: generate and copy self-signed certificate
when: dashboard_key | length == 0 or dashboard_crt | length == 0
block:
- name: generate a Self Signed OpenSSL certificate for dashboard
shell: |
test -f /etc/ceph/ceph-dashboard.key -a -f /etc/ceph/ceph-dashboard.crt || \
openssl req -new -nodes -x509 -subj '/O=IT/CN=ceph-dashboard' -days 3650 -keyout /etc/ceph/ceph-dashboard.key -out /etc/ceph/ceph-dashboard.crt -extensions v3_ca
run_once: True
- name: slurp self-signed generated certificate for dashboard
slurp:
src: "/etc/ceph/{{ item }}"
run_once: True
with_items:
- 'ceph-dashboard.key'
- 'ceph-dashboard.crt'
register: slurp_self_signed_crt
- name: copy self-signed generated certificate on mons
copy:
dest: "{{ item.0.source }}"
content: "{{ item.0.content | b64decode }}"
owner: "{{ ceph_uid }}"
group: "{{ ceph_uid }}"
mode: "{{ '0600' if item.0.source.split('.')[-1] == 'key' else '0664' }}"
delegate_to: "{{ item.1 }}"
run_once: True
with_nested:
- "{{ slurp_self_signed_crt.results }}"
- "{{ groups[mon_group_name] }}"
- name: import dashboard certificate file
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/crt -i /etc/ceph/ceph-dashboard.crt"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: import dashboard certificate key
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/key -i /etc/ceph/ceph-dashboard.key"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: "set the dashboard port ({{ dashboard_port }})"
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/server_port {{ dashboard_port }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: "set the dashboard SSL port ({{ dashboard_port }})"
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl_server_port {{ dashboard_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0
- include_tasks: configure_dashboard_backends.yml
with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}'
vars:
dashboard_backend: '{{ item }}'
- name: disable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: enable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module enable dashboard"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: create dashboard admin user
ceph_dashboard_user:
name: "{{ dashboard_admin_user }}"
cluster: "{{ cluster }}"
password: "{{ dashboard_admin_password }}"
roles: ["{{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }}"]
run_once: true
delegate_to: "{{ groups[mon_group_name][0] }}"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
- name: set grafana api user
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-username {{ grafana_admin_user }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set grafana api password
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-password {{ grafana_admin_password }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: disable ssl verification for grafana
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-ssl-verify False"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
when:
- dashboard_protocol == "https"
- dashboard_grafana_api_no_ssl_verify | bool
- name: set alertmanager host
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-alertmanager-api-host http://{{ grafana_server_addrs | first }}:{{ alertmanager_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- name: set prometheus host
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-prometheus-api-host http://{{ grafana_server_addrs | first }}:{{ prometheus_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
- include_tasks: configure_grafana_layouts.yml
with_items: '{{ grafana_server_addrs }}'
vars:
grafana_server_addr: '{{ item }}'
- name: config grafana api url vip
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-grafana-api-url {{ dashboard_protocol }}://{{ dashboard_frontend_vip }}:{{ grafana_port }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
changed_when: false
when: dashboard_frontend_vip is defined and dashboard_frontend_vip |length > 0
- name: dashboard object gateway management frontend
when: groups.get(rgw_group_name, []) | length > 0
run_once: true
block:
- name: get radosgw system user
command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin --cluster {{ cluster }} user info --uid={{ dashboard_rgw_api_user_id }}"
register: get_rgw_user
until: get_rgw_user.rc == 0
retries: 3
delegate_to: "{{ groups[mon_group_name][0] }}"
failed_when: false
changed_when: false
- name: create radosgw system user
command: "timeout --foreground -s KILL 20 {{ container_exec_cmd }} radosgw-admin --cluster {{ cluster }} user create --uid={{ dashboard_rgw_api_user_id }} --display-name='Ceph dashboard' --system"
register: create_rgw_user
until: create_rgw_user.rc == 0
retries: 3
delegate_to: "{{ groups[mon_group_name][0] }}"
when:
- not rgw_multisite | bool or rgw_zonemaster | bool
- get_rgw_user.rc == 22
- name: get the rgw access and secret keys
set_fact:
rgw_access_key: "{{ (create_rgw_user.stdout | default(get_rgw_user.stdout) | from_json)['keys'][0]['access_key'] }}"
rgw_secret_key: "{{ (create_rgw_user.stdout | default(get_rgw_user.stdout) | from_json)['keys'][0]['secret_key'] }}"
- name: set the rgw user
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-user-id {{ dashboard_rgw_api_user_id }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
- name: set the rgw access key
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-access-key {{ rgw_access_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
- name: set the rgw secret key
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-secret-key {{ rgw_secret_key }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
changed_when: false
- name: set the rgw host
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-host {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_address'] }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: set the rgw port
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-port {{ hostvars[groups[rgw_group_name][0]]['rgw_instances'][0]['radosgw_frontend_port'] }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: set the rgw scheme
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-scheme {{ 'https' if radosgw_frontend_ssl_certificate else 'http' }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: set the rgw admin resource
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-admin-resource {{ dashboard_rgw_api_admin_resource }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
when: dashboard_rgw_api_admin_resource | length > 0
- name: disable ssl verification for rgw
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-rgw-api-ssl-verify False"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
when:
- dashboard_rgw_api_no_ssl_verify | bool
- radosgw_frontend_ssl_certificate | length > 0
- name: dashboard iscsi management
when: groups.get(iscsi_gw_group_name, []) | length > 0
run_once: true
block:
- name: disable iscsi api ssl verification
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard set-iscsi-api-ssl-verification false"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
when:
- api_secure | default(false) | bool
- generate_crt | default(false) | bool
- name: add iscsi gateways - ipv4
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}:{{ hostvars[item]['api_port'] | default(5000) }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
when: ip_version == 'ipv4'
- name: add iscsi gateways - ipv6
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard iscsi-gateway-add {{ 'https' if hostvars[item]['api_secure'] | default(false) | bool else 'http' }}://{{ hostvars[item]['api_user'] | default('admin') }}:{{ hostvars[item]['api_password'] | default('admin') }}@{{ hostvars[item]['ansible_all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last | ipwrap }}:{{ hostvars[item]['api_port'] | default(5000) }}"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ groups[iscsi_gw_group_name] }}"
when: ip_version == 'ipv6'
- name: disable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module disable dashboard"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
- name: enable mgr dashboard module (restart)
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} mgr module enable dashboard"
changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
run_once: true
Reference in New Issue View Git Blame Copy Permalink