ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/roles/ceph-client/tasks/create_users_keys.yml

155 lines
5.9 KiB
YAML
Raw Blame History

---
- name: set_fact keys_tmp - preserve backward compatibility after the introduction of the ceph_keys module
set_fact:
keys_tmp: "{{ keys_tmp|default([]) + [ { 'key': item.key, 'name': item.name, 'caps': { 'mon': item.mon_cap, 'osd': item.osd_cap|default(''), 'mds': item.mds_cap|default(''), 'mgr': item.mgr_cap|default('') } , 'mode': item.mode } ] }}"
when:
- item.get('mon_cap', None) # it's enough to assume we are running an old-fashionned syntax simply by checking the presence of mon_cap since every key needs this cap
with_items: "{{ keys }}"
- name: set_fact keys - override keys_tmp with keys
set_fact:
keys: "{{ keys_tmp }}"
when:
- keys_tmp is defined
# dummy container setup is only supported on x86_64
# when running with containerized_deployment: true this task
# creates a group that contains only x86_64 hosts.
# when running with containerized_deployment: false this task
# will add all client hosts to the group (and not filter).
- name: create filtered clients group
add_host:
name: "{{ item }}"
groups: _filtered_clients
with_items: "{{ groups[client_group_name] | intersect(ansible_play_batch) }}"
when: (hostvars[item]['ansible_architecture'] == 'x86_64') or (not containerized_deployment | bool)
- name: set_fact delegated_node, condition_copy_admin_key, docker_exec_cmd
set_fact:
delegated_node: "{{ groups[mon_group_name][0] if groups.get(mon_group_name, []) | length > 0 else inventory_hostname }}"
condition_copy_admin_key: "{{ True if groups.get(mon_group_name, []) | length > 0 else copy_admin_key }}"
- name: set_fact docker_exec_cmd
set_fact:
docker_exec_cmd: "docker exec {% if groups.get(mon_group_name, []) | length > 0 -%} ceph-mon-{{ hostvars[delegated_node]['ansible_hostname'] }} {% else %} ceph-create-keys {% endif %}"
when:
- containerized_deployment
- name: ensure the dummy container is not run already
command: docker stop ceph-create-keys
changed_when: false
failed_when: false
when:
- containerized_deployment
- inventory_hostname == groups.get('_filtered_clients') | first
- name: run a dummy container (sleep infinity) from where we can create pool(s)/key(s)
command: >
docker run \
--rm \
-d \
-v {{ ceph_conf_key_directory }}:{{ ceph_conf_key_directory }}:z \
--name ceph-create-keys \
--entrypoint=sleep \
{{ ceph_client_docker_registry}}/{{ ceph_client_docker_image }}:{{ ceph_client_docker_image_tag }} \
infinity
changed_when: false
when:
- containerized_deployment
- inventory_hostname == groups.get('_filtered_clients') | first
- name: create cephx key(s)
ceph_key:
state: present
name: "{{ item.name }}"
caps: "{{ item.caps }}"
secret: "{{ item.key | default('') }}"
containerized: "{{ docker_exec_cmd | default('') }}"
cluster: "{{ cluster }}"
dest: "{{ ceph_conf_key_directory }}"
import_key: "{{ condition_copy_admin_key }}"
mode: "{{ item.mode|default(omit) }}"
with_items: "{{ keys }}"
delegate_to: "{{ delegated_node }}"
when:
- cephx
- keys | length > 0
- inventory_hostname == groups.get('_filtered_clients') | first
- name: slurp client cephx key(s)
slurp:
src: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring"
with_items:
- "{{ keys }}"
register: slurp_client_keys
delegate_to: "{{ delegated_node }}"
when:
- cephx
- keys | length > 0
- inventory_hostname == groups.get('_filtered_clients') | first
- name: pool related tasks
when:
- condition_copy_admin_key
- inventory_hostname == groups.get('_filtered_clients', []) | first
block:
- name: list existing pool(s)
command: >
{{ docker_exec_cmd | default('') }} ceph --cluster {{ cluster }}
osd pool get {{ item.name }} size
with_items: "{{ pools }}"
register: created_pools
failed_when: false
delegate_to: "{{ delegated_node }}"
- name: create ceph pool(s)
command: >
{{ docker_exec_cmd | default('') }} ceph --cluster {{ cluster }}
osd pool create {{ item.0.name }}
{{ item.0.pg_num | default(osd_pool_default_pg_num) }}
{{ item.0.pgp_num | default(item.0.pg_num) | default(osd_pool_default_pg_num) }}
{{ 'replicated_rule' if not item.0.rule_name | default('replicated_rule') else item.0.rule_name | default('replicated_rule') }}
{{ 1 if item.0.type|default(1) == 'replicated' else 3 if item.0.type|default(1) == 'erasure' else item.0.type|default(1) }}
{%- if (item.0.type | default("1") == '3' or item.0.type | default("1") == 'erasure') and item.0.erasure_profile != '' %}
{{ item.0.erasure_profile }}
{%- endif %}
{{ item.0.expected_num_objects | default('') }}
with_together:
- "{{ pools }}"
- "{{ created_pools.results }}"
changed_when: false
delegate_to: "{{ delegated_node }}"
when:
- pools | length > 0
- item.1.rc != 0
- name: customize pool size
command: >
{{ docker_exec_cmd | default('') }} ceph --cluster {{ cluster }}
osd pool set {{ item.name }} size {{ item.size | default(osd_pool_default_size) }}
with_items: "{{ pools | unique }}"
delegate_to: "{{ delegated_node }}"
changed_when: false
when:
- pools | length > 0
- item.size | default(osd_pool_default_size) != ceph_osd_pool_default_size
- name: get client cephx keys
copy:
dest: "{{ item.source }}"
content: "{{ item.content | b64decode }}"
mode: "{{ item.item.get('mode', '0600') }}"
owner: "{{ ceph_uid }}"
group: "{{ ceph_uid }}"
with_items:
- "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] }}"
when:
- not item.get('skipped', False)
- name: stop the dummy container
command: docker stop ceph-create-keys
changed_when: false
failed_when: false
when:
- containerized_deployment
- inventory_hostname == groups.get('_filtered_clients') | first
Reference in New Issue View Git Blame Copy Permalink