-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Teoman ONAY <[email protected]>
- Loading branch information
Showing
12 changed files
with
1,008 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,16 +5,16 @@ | |
|
||
namespace: "ceph" | ||
name: "automation" | ||
version: 1.0.1 | ||
version: 1.1.0 | ||
readme: README.md | ||
authors: | ||
- Teoman ONAY <[email protected]> | ||
- Teoman ONAY <[email protected]> | ||
|
||
description: Ceph automation modules | ||
license_file: LICENSE | ||
# TO-DO: update the tags based on your content type | ||
tags: ["linux", "tools"] | ||
dependencies: {} | ||
tags: [ "linux", "tools" ] | ||
dependencies: { ansible.posix, community.general } | ||
|
||
repository: https://github.com/ceph/ceph.automation | ||
documentation: https://docs.ceph.com/projects/ceph.automation | ||
|
@@ -26,9 +26,10 @@ issues: https://github.com/ceph/ceph.automation/issues | |
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', | ||
# and '.git' are always filtered. Mutually exclusive with 'manifest' | ||
build_ignore: | ||
- .gitignore | ||
- changelogs/.plugin-cache.yaml | ||
- ".*" | ||
- .gitignore | ||
- changelogs/.plugin-cache.yaml | ||
- ".*" | ||
|
||
# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a | ||
# list of MANIFEST.in style | ||
# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
--- | ||
# Copyright Red Hat | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
# Distribute keyring and conf files to a set of clients | ||
# | ||
# Uses ceph_defaults | ||
# - local_client_dir: determines the dir name for the config files on the ansible host | ||
# - ceph_defaults_ceph_client_pkgs: list of pre-req packages that must be on the client | ||
# | ||
# Required run-time variables | ||
# ------------------ | ||
# keyring : full path name of the keyring file on the admin[0] host which holds the key for the client to use | ||
# fsid : fsid of the cluster to extract the keyring and conf from | ||
# | ||
# Optional run-time variables | ||
# ------------------ | ||
# conf : full path name of the conf file on the admin[0] host to use (undefined will trigger a minimal conf) | ||
# ceph_defaults_client_group : ansible group name for the clients to set up | ||
# keyring_dest : full path name of the destination where the keyring will be copied. (default: /etc/ceph/ceph.keyring) | ||
# | ||
# Example | ||
# ------- | ||
# ansible-playbook -i hosts cephadm-clients.yml -e fsid=BLA -e ceph_defaults_client_group=fs_clients -e keyring=/etc/ceph/fs.keyring | ||
# | ||
|
||
|
||
- name: Confirm local readiness | ||
hosts: all | ||
gather_facts: false | ||
tasks: | ||
- name: Confirm local readiness | ||
run_once: true | ||
delegate_to: localhost | ||
block: | ||
- name: Import_role ceph_defaults | ||
ansible.builtin.import_role: | ||
name: ceph_defaults | ||
|
||
- name: Fail if the fsid parameter is missing | ||
ansible.builtin.fail: | ||
msg: > | ||
You must supply an 'fsid' parameter for the corresponding ceph cluster | ||
when: fsid is undefined | ||
|
||
- name: Fail if admin group doesn't exist or is empty | ||
ansible.builtin.fail: | ||
msg: | | ||
You must define a group [admin] in your inventory which provides the | ||
keyring that you want to distribute | ||
when: "'admin' not in groups or groups['admin'] | length < 1" | ||
|
||
- name: Fail if ceph_defaults_client_group is NOT in the inventory | ||
ansible.builtin.fail: | ||
msg: > | ||
Variable ceph_defaults_client_group '{{ ceph_defaults_client_group }}' is not defined in the inventory | ||
when: ceph_defaults_client_group not in groups | ||
|
||
- name: Fail if keyring variable is missing | ||
ansible.builtin.fail: | ||
msg: | | ||
You must supply a 'keyring' variable that defines the path to the key | ||
that you want to distribute to your client machines | ||
when: keyring is not defined | ||
|
||
|
||
- name: Confirm admin host is ready | ||
hosts: admin[0] | ||
become: true | ||
gather_facts: false | ||
tasks: | ||
- name: Check fsid is present on {{ inventory_hostname }} | ||
ansible.builtin.stat: | ||
path: /var/lib/ceph/{{ fsid }} | ||
register: fsid_stat | ||
|
||
- name: Fail if fsid is not present | ||
ansible.builtin.fail: | ||
msg: > | ||
The given fsid ({{ fsid }}), is not present in /var/lib/ceph on {{ inventory_hostname }} | ||
when: | ||
- not fsid_stat.stat.exists | bool | ||
- not fsid_stat.stat.isdir | bool | ||
|
||
- name: Check keyring status on {{ inventory_hostname }} | ||
ansible.builtin.stat: | ||
path: "{{ keyring }}" | ||
register: keyring_stat | ||
|
||
- name: Fail if keyring not found on {{ inventory_hostname }} | ||
ansible.builtin.fail: | ||
msg: > | ||
The keyring path provided '{{ keyring }}' can not be found on {{ inventory_hostname }} | ||
when: not keyring_stat.stat.exists | bool | ||
|
||
- name: Check conf is OK to use | ||
ansible.builtin.stat: | ||
path: "{{ conf }}" | ||
register: conf_stat | ||
when: conf is defined | ||
|
||
- name: Fail if conf supplied is not on {{ inventory_hostname }} | ||
ansible.builtin.fail: | ||
msg: | | ||
The conf file '{{ conf }}' can not be found on {{ inventory_hostname }} | ||
when: | ||
- conf is defined | ||
- not conf_stat.stat.exists | bool | ||
- not conf_stat.stat.isreg | bool | ||
|
||
|
||
- name: Assemble client payload | ||
hosts: admin[0] | ||
become: true | ||
gather_facts: false | ||
tasks: | ||
- name: Import_role ceph_defaults | ||
ansible.builtin.import_role: | ||
name: ceph_defaults | ||
|
||
- name: Slurp the keyring | ||
ansible.builtin.slurp: | ||
src: "{{ keyring }}" | ||
register: client_keyring | ||
no_log: true | ||
|
||
- name: Slurp the conf if it's supplied | ||
ansible.builtin.slurp: | ||
src: "{{ conf }}" | ||
register: ceph_config | ||
when: | ||
- conf is defined | ||
- conf | length > 0 | ||
|
||
- name: Create minimal conf as a default | ||
ansible.builtin.command: cephadm shell -- ceph config generate-minimal-conf | ||
register: minimal_ceph_config | ||
when: conf is undefined | ||
|
||
|
||
- name: Distribute client configuration | ||
hosts: "{{ ceph_defaults_client_group }}" | ||
become: true | ||
gather_facts: true | ||
tasks: | ||
- name: Import_role ceph_defaults | ||
ansible.builtin.import_role: | ||
name: ceph_defaults | ||
|
||
- name: Install ceph-common on rhel | ||
ansible.builtin.command: dnf install --allowerasing --assumeyes ceph-common | ||
changed_when: false | ||
register: result | ||
until: result is succeeded | ||
when: ansible_facts['os_family'] == 'RedHat' | ||
|
||
- name: Install ceph client prerequisites if needed | ||
ansible.builtin.package: | ||
name: "{{ ceph_defaults_ceph_client_pkgs }}" | ||
state: present | ||
register: result | ||
until: result is succeeded | ||
|
||
- name: Copy configuration and keyring files to the clients | ||
ansible.builtin.copy: | ||
content: "{{ item.content }}" | ||
dest: "{{ item.dest }}" | ||
owner: ceph | ||
group: ceph | ||
mode: '0600' | ||
backup: true | ||
loop: | ||
- { content: "{{ hostvars[groups['admin'][0]]\ | ||
['client_keyring']['content'] | b64decode }}", | ||
dest: "{{ keyring_dest | default('/etc/ceph/ceph.keyring') }}", | ||
copy_file: True } | ||
- { content: "{{ hostvars[groups['admin'][0]]\ | ||
['minimal_ceph_config']['stdout'] | default('') }}{{ '\n' }}", | ||
dest: '/etc/ceph/ceph.conf', | ||
copy_file: "{{ conf is undefined }}" } | ||
- { content: "{{ hostvars[groups['admin'][0]]\ | ||
['ceph_config']['content'] | default('') | b64decode }}", | ||
dest: '/etc/ceph/ceph.conf', | ||
copy_file: "{{ hostvars[groups['admin'][0]]\ | ||
['ceph_config']['skipped'] is undefined }}" } | ||
when: item.copy_file | bool | ||
no_log: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
--- | ||
# Copyright Red Hat | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# Author: Guillaume Abrioux <[email protected]> | ||
# | ||
# This playbook copies an SSH public key to a specified user on remote hosts. | ||
# | ||
# Required run-time variables | ||
# ------------------ | ||
# admin_node : The name of a node with enough privileges to call `cephadm get-pub-key` command. | ||
# (usually the bootstrap node). | ||
# | ||
# Optional run-time variables | ||
# ------------------ | ||
# fsid : The fsid of the Ceph cluster. | ||
# cephadm_ssh_user : ssh username on remote hosts. | ||
# cephadm_pubkey_path : Full path name of the ssh public key file *on the ansible controller host*. | ||
# If not passed, the playbook will assume it has to get the key from `cephadm get-pub-key` command. | ||
# | ||
# Example | ||
# ------- | ||
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e cephadm_pubkey_path=/home/cephadm/ceph.key -e admin_node=ceph-node0 | ||
# | ||
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e admin_node=ceph-node0 | ||
|
||
- hosts: all | ||
become: true | ||
gather_facts: false | ||
tasks: | ||
- name: Fail if admin_node is not defined | ||
ansible.builtin.fail: | ||
msg: "You must set the variable admin_node" | ||
run_once: true | ||
delegate_to: localhost | ||
when: admin_node is undefined | ||
|
||
- name: Get ssh public key from a file on the Ansible controller host | ||
when: cephadm_pubkey_path is defined | ||
block: | ||
- name: Get details about {{ cephadm_pubkey_path }} | ||
ansible.builtin.stat: | ||
path: "{{ cephadm_pubkey_path }}" | ||
register: cephadm_pubkey_path_stat | ||
delegate_to: localhost | ||
run_once: true | ||
|
||
- name: Fail if {{ cephadm_pubkey_path }} doesn't exist | ||
ansible.builtin.fail: | ||
msg: "{{ cephadm_pubkey_path }} doesn't exist or is invalid." | ||
run_once: true | ||
delegate_to: localhost | ||
when: | ||
- not cephadm_pubkey_path_stat.stat.exists | bool | ||
or not cephadm_pubkey_path_stat.stat.isfile | bool | ||
|
||
- name: Get the cephadm ssh pub key | ||
ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm get-pub-key" | ||
changed_when: false | ||
run_once: true | ||
register: cephadm_get_pub_key | ||
delegate_to: "{{ admin_node }}" | ||
when: cephadm_pubkey_path is undefined | ||
|
||
- name: Allow ssh public key for {{ cephadm_ssh_user | default('root') }} account | ||
ansible.posix.authorized_key: | ||
user: "{{ cephadm_ssh_user | default('root') }}" | ||
key: "{{ lookup('file', cephadm_pubkey_path) if cephadm_pubkey_path is defined else cephadm_get_pub_key.stdout }}" | ||
|
||
- name: Set cephadm ssh user to {{ cephadm_ssh_user }} | ||
ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm set-user {{ cephadm_ssh_user | default('root') }}" | ||
changed_when: false | ||
run_once: true | ||
delegate_to: "{{ admin_node }}" |
Oops, something went wrong.