Skip to content

Commit

Permalink
cephadm-ansible playbooks import
Browse files Browse the repository at this point in the history
Signed-off-by: Teoman ONAY <[email protected]>
  • Loading branch information
asm0deuz committed Dec 9, 2024
1 parent a42d787 commit d839b68
Show file tree
Hide file tree
Showing 12 changed files with 1,008 additions and 7 deletions.
15 changes: 8 additions & 7 deletions galaxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@

namespace: "ceph"
name: "automation"
version: 1.0.1
version: 1.1.0
readme: README.md
authors:
- Teoman ONAY <[email protected]>
- Teoman ONAY <[email protected]>

description: Ceph automation modules
license_file: LICENSE
# TO-DO: update the tags based on your content type
tags: ["linux", "tools"]
dependencies: {}
tags: [ "linux", "tools" ]
dependencies: { ansible.posix, community.general }

repository: https://github.com/ceph/ceph.automation
documentation: https://docs.ceph.com/projects/ceph.automation
Expand All @@ -26,9 +26,10 @@ issues: https://github.com/ceph/ceph.automation/issues
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
# and '.git' are always filtered. Mutually exclusive with 'manifest'
build_ignore:
- .gitignore
- changelogs/.plugin-cache.yaml
- ".*"
- .gitignore
- changelogs/.plugin-cache.yaml
- ".*"

# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
# list of MANIFEST.in style
# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
Expand Down
187 changes: 187 additions & 0 deletions playbooks/cephadm-clients.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
---
# Copyright Red Hat
# SPDX-License-Identifier: Apache-2.0
#
# Distribute keyring and conf files to a set of clients
#
# Uses ceph_defaults
# - local_client_dir: determines the dir name for the config files on the ansible host
# - ceph_defaults_ceph_client_pkgs: list of pre-req packages that must be on the client
#
# Required run-time variables
# ------------------
# keyring : full path name of the keyring file on the admin[0] host which holds the key for the client to use
# fsid : fsid of the cluster to extract the keyring and conf from
#
# Optional run-time variables
# ------------------
# conf : full path name of the conf file on the admin[0] host to use (undefined will trigger a minimal conf)
# ceph_defaults_client_group : ansible group name for the clients to set up
# keyring_dest : full path name of the destination where the keyring will be copied. (default: /etc/ceph/ceph.keyring)
#
# Example
# -------
# ansible-playbook -i hosts cephadm-clients.yml -e fsid=BLA -e ceph_defaults_client_group=fs_clients -e keyring=/etc/ceph/fs.keyring
#


- name: Confirm local readiness
hosts: all
gather_facts: false
tasks:
- name: Confirm local readiness
run_once: true
delegate_to: localhost
block:
- name: Import_role ceph_defaults
ansible.builtin.import_role:
name: ceph_defaults

- name: Fail if the fsid parameter is missing
ansible.builtin.fail:
msg: >
You must supply an 'fsid' parameter for the corresponding ceph cluster
when: fsid is undefined

- name: Fail if admin group doesn't exist or is empty
ansible.builtin.fail:
msg: |
You must define a group [admin] in your inventory which provides the
keyring that you want to distribute
when: "'admin' not in groups or groups['admin'] | length < 1"

- name: Fail if ceph_defaults_client_group is NOT in the inventory
ansible.builtin.fail:
msg: >
Variable ceph_defaults_client_group '{{ ceph_defaults_client_group }}' is not defined in the inventory
when: ceph_defaults_client_group not in groups

- name: Fail if keyring variable is missing
ansible.builtin.fail:
msg: |
You must supply a 'keyring' variable that defines the path to the key
that you want to distribute to your client machines
when: keyring is not defined


- name: Confirm admin host is ready
hosts: admin[0]
become: true
gather_facts: false
tasks:
- name: Check fsid is present on {{ inventory_hostname }}
ansible.builtin.stat:
path: /var/lib/ceph/{{ fsid }}
register: fsid_stat

- name: Fail if fsid is not present
ansible.builtin.fail:
msg: >
The given fsid ({{ fsid }}), is not present in /var/lib/ceph on {{ inventory_hostname }}
when:
- not fsid_stat.stat.exists | bool
- not fsid_stat.stat.isdir | bool

- name: Check keyring status on {{ inventory_hostname }}
ansible.builtin.stat:
path: "{{ keyring }}"
register: keyring_stat

- name: Fail if keyring not found on {{ inventory_hostname }}
ansible.builtin.fail:
msg: >
The keyring path provided '{{ keyring }}' can not be found on {{ inventory_hostname }}
when: not keyring_stat.stat.exists | bool

- name: Check conf is OK to use
ansible.builtin.stat:
path: "{{ conf }}"
register: conf_stat
when: conf is defined

- name: Fail if conf supplied is not on {{ inventory_hostname }}
ansible.builtin.fail:
msg: |
The conf file '{{ conf }}' can not be found on {{ inventory_hostname }}
when:
- conf is defined
- not conf_stat.stat.exists | bool
- not conf_stat.stat.isreg | bool


- name: Assemble client payload
hosts: admin[0]
become: true
gather_facts: false
tasks:
- name: Import_role ceph_defaults
ansible.builtin.import_role:
name: ceph_defaults

- name: Slurp the keyring
ansible.builtin.slurp:
src: "{{ keyring }}"
register: client_keyring
no_log: true

- name: Slurp the conf if it's supplied
ansible.builtin.slurp:
src: "{{ conf }}"
register: ceph_config
when:
- conf is defined
- conf | length > 0

- name: Create minimal conf as a default
ansible.builtin.command: cephadm shell -- ceph config generate-minimal-conf
register: minimal_ceph_config
when: conf is undefined


- name: Distribute client configuration
hosts: "{{ ceph_defaults_client_group }}"
become: true
gather_facts: true
tasks:
- name: Import_role ceph_defaults
ansible.builtin.import_role:
name: ceph_defaults

- name: Install ceph-common on rhel
ansible.builtin.command: dnf install --allowerasing --assumeyes ceph-common
changed_when: false
register: result
until: result is succeeded
when: ansible_facts['os_family'] == 'RedHat'

- name: Install ceph client prerequisites if needed
ansible.builtin.package:
name: "{{ ceph_defaults_ceph_client_pkgs }}"
state: present
register: result
until: result is succeeded

- name: Copy configuration and keyring files to the clients
ansible.builtin.copy:
content: "{{ item.content }}"
dest: "{{ item.dest }}"
owner: ceph
group: ceph
mode: '0600'
backup: true
loop:
- { content: "{{ hostvars[groups['admin'][0]]\
['client_keyring']['content'] | b64decode }}",
dest: "{{ keyring_dest | default('/etc/ceph/ceph.keyring') }}",
copy_file: True }
- { content: "{{ hostvars[groups['admin'][0]]\
['minimal_ceph_config']['stdout'] | default('') }}{{ '\n' }}",
dest: '/etc/ceph/ceph.conf',
copy_file: "{{ conf is undefined }}" }
- { content: "{{ hostvars[groups['admin'][0]]\
['ceph_config']['content'] | default('') | b64decode }}",
dest: '/etc/ceph/ceph.conf',
copy_file: "{{ hostvars[groups['admin'][0]]\
['ceph_config']['skipped'] is undefined }}" }
when: item.copy_file | bool
no_log: true
73 changes: 73 additions & 0 deletions playbooks/cephadm-distribute-ssh-key.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
---
# Copyright Red Hat
# SPDX-License-Identifier: Apache-2.0
# Author: Guillaume Abrioux <[email protected]>
#
# This playbook copies an SSH public key to a specified user on remote hosts.
#
# Required run-time variables
# ------------------
# admin_node : The name of a node with enough privileges to call `cephadm get-pub-key` command.
# (usually the bootstrap node).
#
# Optional run-time variables
# ------------------
# fsid : The fsid of the Ceph cluster.
# cephadm_ssh_user : ssh username on remote hosts.
# cephadm_pubkey_path : Full path name of the ssh public key file *on the ansible controller host*.
# If not passed, the playbook will assume it has to get the key from `cephadm get-pub-key` command.
#
# Example
# -------
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e cephadm_pubkey_path=/home/cephadm/ceph.key -e admin_node=ceph-node0
#
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e admin_node=ceph-node0

- hosts: all
become: true
gather_facts: false
tasks:
- name: Fail if admin_node is not defined
ansible.builtin.fail:
msg: "You must set the variable admin_node"
run_once: true
delegate_to: localhost
when: admin_node is undefined

- name: Get ssh public key from a file on the Ansible controller host
when: cephadm_pubkey_path is defined
block:
- name: Get details about {{ cephadm_pubkey_path }}
ansible.builtin.stat:
path: "{{ cephadm_pubkey_path }}"
register: cephadm_pubkey_path_stat
delegate_to: localhost
run_once: true

- name: Fail if {{ cephadm_pubkey_path }} doesn't exist
ansible.builtin.fail:
msg: "{{ cephadm_pubkey_path }} doesn't exist or is invalid."
run_once: true
delegate_to: localhost
when:
- not cephadm_pubkey_path_stat.stat.exists | bool
or not cephadm_pubkey_path_stat.stat.isfile | bool

- name: Get the cephadm ssh pub key
ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm get-pub-key"
changed_when: false
run_once: true
register: cephadm_get_pub_key
delegate_to: "{{ admin_node }}"
when: cephadm_pubkey_path is undefined

- name: Allow ssh public key for {{ cephadm_ssh_user | default('root') }} account
ansible.posix.authorized_key:
user: "{{ cephadm_ssh_user | default('root') }}"
key: "{{ lookup('file', cephadm_pubkey_path) if cephadm_pubkey_path is defined else cephadm_get_pub_key.stdout }}"

- name: Set cephadm ssh user to {{ cephadm_ssh_user }}
ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm set-user {{ cephadm_ssh_user | default('root') }}"
changed_when: false
run_once: true
delegate_to: "{{ admin_node }}"
Loading

0 comments on commit d839b68

Please sign in to comment.