#handler_health_rgw_check_retries: 5
#handler_health_rgw_check_delay: 10
+# NFS handler checks
+#handler_health_nfs_check_retries: 5
+#handler_health_nfs_check_delay: 10
+
###############
# NFS-GANESHA #
###############
#handler_health_rgw_check_retries: 5
#handler_health_rgw_check_delay: 10
+# NFS handler checks
+#handler_health_nfs_check_retries: 5
+#handler_health_nfs_check_delay: 10
+
###############
# NFS-GANESHA #
###############
handler_health_rgw_check_retries: 5
handler_health_rgw_check_delay: 10
+# NFS handler checks
+handler_health_nfs_check_retries: 5
+handler_health_nfs_check_delay: 10
+
###############
# NFS-GANESHA #
###############
--- /dev/null
+#!/bin/bash
+
+RETRIES="{{ handler_health_nfs_check_retries }}"
+DELAY="{{ handler_health_nfs_check_delay }}"
+NFS_NAME="{{ ansible_hostname }}"
+PID=/var/run/ganesha.pid
+
+# First, restart the daemon
+{% if containerized_deployment -%}
+systemctl restart ceph-nfs@${NFS_NAME}
+COUNT=10
+# Wait and ensure the pid exists after restarting the daemon
+while [ $RETRIES -ne 0 ]; do
+ {{ docker_exec_cmd }} test -f $PID && exit 0
+ sleep $DELAY
+ let RETRIES=RETRIES-1
+done
+# If we reach this point, it means the pid is not present.
+echo "PID file ${PID} could not be found, which means Ganesha is not running."
+exit 1
+{% else %}
+systemctl restart nfs-ganesha
+{% endif %}
- name: create rgw nfs user
command: "{{ docker_exec_cmd_nfs | default('') }} radosgw-admin --cluster {{ cluster }} user create --uid={{ ceph_nfs_rgw_user }} --display-name='RGW NFS User'"
register: rgwuser
+ changed_when: false
delegate_to: "{{ groups[mon_group_name][0] }}"
when:
- nfs_obj_gw
+++ /dev/null
----
-- name: set config and keys paths
- set_fact:
- ceph_config_keys:
- - /etc/ceph/{{ cluster }}.client.admin.keyring
- - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
-
-- name: stat for config and keys
- local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
- with_items: "{{ ceph_config_keys }}"
- changed_when: false
- become: false
- failed_when: false
- always_run: true
- register: statconfig
-
-- name: try to fetch config and keys
- copy:
- src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
- dest: "{{ item.0 }}"
- owner: "64045"
- group: "64045"
- mode: 0644
- changed_when: false
- with_together:
- - "{{ ceph_config_keys }}"
- - "{{ statconfig.results }}"
- when:
- - item.1.stat.exists == true
-
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
+++ /dev/null
----
-- name: include start_docker_nfs.yml
- include: start_docker_nfs.yml
+++ /dev/null
----
-- name: generate systemd unit file
- become: true
- template:
- src: "{{ role_path }}/templates/ceph-nfs.service.j2"
- dest: /etc/systemd/system/ceph-nfs@.service
- owner: "root"
- group: "root"
- mode: "0644"
-
-- name: systemd start nfs container
- systemd:
- name: "ceph-nfs@{{ ansible_hostname }}.service"
- state: started
- enabled: yes
- daemon_reload: yes
- when:
- - ceph_nfs_enable_service
--- /dev/null
+---
+- name: check if selinux is enabled
+ command: getenforce
+ register: selinuxstatus
+ changed_when: false
+ failed_when: false
+ always_run: true
+
+- name: install policycoreutils-python to get semanage
+ package:
+ name: policycoreutils-python
+ state: present
+ when:
+ - selinuxstatus.stdout != 'Disabled'
+
+- name: test if ganesha_t is already permissive
+ shell: |
+ semanage permissive -l | grep -soq ganesha_t
+ changed_when: false
+ failed_when: false
+ register: ganesha_t_permissive
+
+- name: run semanage permissive -a ganesha_t
+ command: semanage permissive -a ganesha_t
+ changed_when: false
+ when:
+ - selinuxstatus.stdout != 'Disabled'
+ - ganesha_t_permissive.rc != 0
---
-- name: include pre_requisite.yml
- include: pre_requisite.yml
+- name: include pre_requisite_non_container.yml
+ include: pre_requisite_non_container.yml
when:
- not containerized_deployment
+- name: include pre_requisite_container.yml
+ include: pre_requisite_container.yml
+ when:
+ - containerized_deployment
+
- name: include create_rgw_nfs_user.yml
include: create_rgw_nfs_user.yml
-- name: include start_nfs.yml
- include: start_nfs.yml
+# NOTE (leseb): workaround for issues with ganesha and librgw
+- name: include ganesha_selinux_fix.yml
+ include: ganesha_selinux_fix.yml
when:
- not containerized_deployment
+ - ansible_os_family == 'RedHat'
+ - ansible_distribution_version >= '7.4'
-- name: include docker/main.yml
- include: docker/main.yml
- when:
- - containerized_deployment
+- name: include start_nfs.yml
+ include: start_nfs.yml
+++ /dev/null
----
-- name: create rados gateway and ganesha directories
- file:
- path: "{{ item }}"
- state: directory
- owner: "ceph"
- group: "ceph"
- mode: "0755"
- with_items:
- - /var/lib/ceph/bootstrap-rgw
- - /var/lib/ceph/radosgw
- - /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}
- - "{{ rbd_client_admin_socket_path }}"
- - /var/lib/nfs/ganesha
- - /var/run/ganesha
- when:
- - nfs_obj_gw
-
-- name: copy rados gateway bootstrap key
- copy:
- src: "{{ fetch_directory }}/{{ fsid }}{{ item.name }}"
- dest: "{{ item.name }}"
- owner: "ceph"
- group: "ceph"
- mode: "0600"
- with_items:
- - { name: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- - { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
- when:
- - nfs_obj_gw
- - cephx
- - item.copy_key|bool
-
-- name: create rados gateway keyring
- command: ceph --cluster {{ cluster }} --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
- args:
- creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
- changed_when: false
- when:
- - nfs_obj_gw
- - cephx
-
-- name: set rados gateway key permissions
- file:
- path: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
- owner: "ceph"
- group: "ceph"
- mode: "0600"
- when:
- - cephx
-
-- name: change ownership on /var/log/ganesha
- file:
- path: '/var/log/ganesha'
- owner: 'root'
- group: 'root'
- mode: '0755'
--- /dev/null
+---
+- name: set config and keys paths
+ set_fact:
+ ceph_config_keys:
+ - /etc/ceph/{{ cluster }}.client.admin.keyring
+ - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
+
+- name: stat for config and keys
+ local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ failed_when: false
+ always_run: true
+ register: statconfig
+
+- name: try to fetch config and keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: "64045"
+ group: "64045"
+ mode: 0644
+ changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
+ when:
+ - item.1.stat.exists == true
+
+- name: set selinux permissions
+ shell: |
+ chcon -Rt svirt_sandbox_file_t {{ item }}
+ with_items:
+ - "{{ ceph_conf_key_directory }}"
+ - /var/lib/ceph
+ changed_when: false
+ when:
+ - ansible_os_family == 'RedHat'
+ - sestatus.stdout != 'Disabled'
--- /dev/null
+---
+# NOTE (leseb): we use root:ceph for permissions since ganesha
+# does not have the right selinux context to read ceph directories.
+- name: create rados gateway and ganesha directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: "ceph"
+ group: "ceph"
+ mode: "0755"
+ with_items:
+ - /var/lib/ceph/bootstrap-rgw
+ - /var/lib/ceph/radosgw
+ - /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}
+ - "{{ rbd_client_admin_socket_path }}"
+ - /var/log/ceph
+ - /var/run/ceph/
+ when:
+ - nfs_obj_gw
+
+- name: copy rados gateway bootstrap key
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}{{ item.name }}"
+ dest: "{{ item.name }}"
+ owner: "ceph"
+ group: "ceph"
+ mode: "0600"
+ with_items:
+ - { name: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
+ - { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
+ when:
+ - nfs_obj_gw
+ - cephx
+ - item.copy_key|bool
+
+- name: create rados gateway keyring
+ command: ceph --cluster {{ cluster }} --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
+ args:
+ creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
+ changed_when: false
+ when:
+ - nfs_obj_gw
+ - cephx
+
+- name: set rados gateway key permissions
+ file:
+ path: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
+ owner: "ceph"
+ group: "ceph"
+ mode: "0600"
+ when:
+ - cephx
+
+- name: change ownership on /var/log/ganesha
+ file:
+ path: /var/log/ganesha
+ owner: "root"
+ group: "root"
+ mode: "0755"
---
+- name: create /etc/ganesha
+ file:
+ path: /etc/ganesha
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+
- name: generate ganesha configuration file
action: config_template
args:
notify:
- restart ceph nfss
+- name: generate systemd unit file
+ become: true
+ template:
+ src: "{{ role_path }}/templates/ceph-nfs.service.j2"
+ dest: /etc/systemd/system/ceph-nfs@.service
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ when:
+ - containerized_deployment
+
+- name: systemd start nfs container
+ systemd:
+ name: "ceph-nfs@{{ ansible_hostname }}.service"
+ state: started
+ enabled: yes
+ daemon_reload: yes
+ when:
+ - ceph_nfs_enable_service
+ - containerized_deployment
+
- name: start nfs gateway service
service:
name: nfs-ganesha
enabled: yes
when:
- ceph_nfs_enable_service
+ - not containerized_deployment
ExecStartPre=-/usr/bin/docker rm ceph-nfs-%i
ExecStartPre=/usr/bin/mkdir -p /etc/ceph /etc/ganesha /var/lib/nfs/ganesha
ExecStart=/usr/bin/docker run --rm --net=host \
- {% if not containerized_deployment_with_kv -%}
- -v /etc/ceph:/etc/ceph \
- -v /etc/ganesha:/etc/ganesha \
- {% else -%}
- -e KV_TYPE={{kv_type}} \
- -e KV_IP={{kv_endpoint}}\
- -e KV_PORT={{kv_port}} \
- {% endif -%}
- -v /etc/localtime:/etc/localtime:ro \
- --privileged \
- -e CEPH_DAEMON=NFS \
- {{ ceph_nfs_docker_extra_env }} \
- --name=ceph-nfs-{{ ansible_hostname }} \
- {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
+ {% if not containerized_deployment_with_kv -%}
+ -v /var/lib/ceph:/var/lib/ceph \
+ -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ganesha:/var/lib/ganesha \
+ -v /etc/ganesha:/etc/ganesha \
+ {% else -%}
+ -e KV_TYPE={{kv_type}} \
+ -e KV_IP={{kv_endpoint}}\
+ -e KV_PORT={{kv_port}} \
+ {% endif -%}
+ -v /etc/localtime:/etc/localtime:ro \
+ -e CLUSTER={{ cluster }} \
+ -e CEPH_DAEMON=NFS \
+ {{ ceph_nfs_docker_extra_env }} \
+ --name=ceph-nfs-{{ ansible_hostname }} \
+ {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
ExecStopPost=-/usr/bin/docker stop ceph-nfs-%i
Restart=always
RestartSec=10s
projects / ceph-ansible.git / commitdiff