become: true
tasks:
- - name: check if selinux is enabled
- command: getenforce
- register: sestatus
- changed_when: false
- when: ansible_os_family == 'RedHat'
-
- - name: set selinux permissions
- command: chcon -Rt svirt_sandbox_file_t "{{ item }}"
- with_items:
- - /etc/ceph
- - /var/lib/ceph
- changed_when: false
- when:
- - sestatus.stdout != 'Disabled'
- - ansible_os_family == 'RedHat'
-
- name: gather and delegate facts
setup:
delegate_to: "{{ item }}"
docker run \
--rm \
-d \
- -v {{ ceph_conf_key_directory }}:{{ ceph_conf_key_directory }} \
+ -v {{ ceph_conf_key_directory }}:{{ ceph_conf_key_directory }}:z \
--name ceph-create-keys \
--entrypoint=sleep \
{{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \
---
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t /etc/ceph
- changed_when: false
- when:
- - containerized_deployment
- - ansible_os_family == 'RedHat'
- - sestatus is defined
- - sestatus.stdout != 'Disabled'
-
-- name: copy ceph admin keyring if needed
+- name: copy ceph admin keyring when non containerized deployment
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring"
dest: "/etc/ceph/"
- not osd_auto_discovery|default(False)
- osd_scenario|default('dummy') != 'lvm'
-- name: set_fact ceph_uid for Debian based system
+- name: set_fact ceph_uid for debian based system
set_fact:
ceph_uid: 64045
when:
- containerized_deployment
- ceph_docker_image_tag | search("ubuntu")
-- name: set_fact ceph_uid for Red Hat based system
+- name: set_fact ceph_uid for red hat based system
set_fact:
ceph_uid: 167
when:
- containerized_deployment
- ceph_docker_image_tag | search("latest") or ceph_docker_image_tag | search("centos") or ceph_docker_image_tag | search("fedora")
-- name: set_fact ceph_uid for Red Hat
+- name: set_fact ceph_uid for red hat
set_fact:
ceph_uid: 167
when:
- containerized_deployment
- ceph_docker_image | search("rhceph")
-
-- name: check if selinux is enabled
- command: getenforce
- register: sestatus
- changed_when: false
- check_mode: no
- when:
- - ansible_os_family == 'RedHat'
set_fact:
docker_exec_cmd: "docker exec ceph-mds-{{ ansible_hostname }}"
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
+- name: set_fact admin_keyring
+ set_fact:
+ admin_keyring:
+ - "/etc/ceph/{{ cluster }}.client.admin.keyring"
when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
+ - copy_admin_key
+
+- name: set_fact ceph_config_keys
+ set_fact:
+ ceph_config_keys:
+ - /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
+
+- name: merge ceph_config_keys and admin_keyring
+ set_fact:
+ ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
+ when:
+ - copy_admin_key
+
+- name: stat for ceph config and keys
+ local_action:
+ module: stat
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ failed_when: false
+ check_mode: no
+ register: statconfig
+
+- name: try to fetch ceph config and keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: root
+ group: root
+ mode: 0644
+ changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
+ when: item.1.stat.exists == true
- name: generate systemd unit file
become: true
--cpu-quota={{ ceph_mds_docker_cpu_limit * 100000 }} \
{% endif -%}
{% if not containerized_deployment_with_kv -%}
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
{% else -%}
-e KV_TYPE={{kv_type}} \
-e KV_IP={{kv_endpoint}} \
--- /dev/null
+---
+- name: set_fact ceph_config_keys
+ set_fact:
+ ceph_config_keys:
+ - /etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring
+ - /etc/ceph/{{ cluster }}.client.admin.keyring
+
+- name: stat for ceph config and keys
+ local_action:
+ module: stat
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ failed_when: false
+ check_mode: no
+ register: statconfig
+
+- name: try to fetch ceph keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: "{{ ceph_uid }}"
+ mode: 0600
+ changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
+ when:
+ - item.1.stat.exists == true
+ - item.0 | search("keyring")
+
+- name: try to fetch ceph config
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: root
+ group: root
+ mode: 0644
+ changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
+ when:
+ - item.1.stat.exists == true
+ - not (item.0 | search("keyring"))
+
+- name: "copy mgr key to /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
+ command: cp /etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring
+ changed_when: false
+ check_mode: no
+ with_items: "{{ statconfig.results }}"
+ when: item.stat.exists == true
+
+- name: set ceph mgr key permission
+ file:
+ path: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
+ owner: "{{ bootstrap_dirs_owner }}"
+ group: "{{ bootstrap_dirs_group }}"
+ mode: "0600"
+ when: cephx
\ No newline at end of file
---
-- name: include selinux.yml
- include: selinux.yml
-
- name: include start_docker_mgr.yml
include: start_docker_mgr.yml
+++ /dev/null
----
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
--cpu-quota={{ ceph_mgr_docker_cpu_limit * 100000 }} \
{% endif -%}
{% if not containerized_deployment_with_kv -%}
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
{% else -%}
-e KV_TYPE={{kv_type}} \
-e KV_IP={{kv_endpoint}} \
- "{{ statconfig.results }}"
when:
- item.1.stat.exists == true
- - not (item.0 | search("keyring"))
-
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
+ - not (item.0 | search("keyring"))
\ No newline at end of file
--cpu-quota={{ ceph_mon_docker_cpu_limit * 100000 }} \
{% endif -%}
{% if not containerized_deployment_with_kv -%}
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
{% else -%}
-e KV_TYPE={{kv_type}} \
-e KV_IP={{kv_endpoint}}\
---
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
+- name: set_fact admin_keyring
+ set_fact:
+ admin_keyring:
+ - "/etc/ceph/{{ cluster }}.client.admin.keyring"
+ when:
+ - copy_admin_key
+
+- name: set_fact ceph_config_keys
+ set_fact:
+ ceph_config_keys:
+ - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
+
+- name: merge ceph_config_keys and admin_keyring
+ set_fact:
+ ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
+ when:
+ - copy_admin_key
+
+- name: stat for config and keys
+ local_action:
+ module: stat
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ failed_when: false
+ check_mode: no
+ register: statconfig
+
+- name: try to fetch config and keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: "64045"
+ group: "64045"
+ mode: 0644
changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
+ - item.1.stat.exists == true
- name: create dbus service file
become: true
ExecStartPre=/usr/bin/mkdir -p /etc/ceph /etc/ganesha /var/lib/nfs/ganesha
ExecStart=/usr/bin/docker run --rm --net=host \
{% if not containerized_deployment_with_kv -%}
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
-v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha \
-v /etc/ganesha:/etc/ganesha \
{% if ceph_nfs_dynamic_exports %}
--- /dev/null
+---
+- name: set_fact admin_keyring
+ set_fact:
+ admin_keyring:
+ - "/etc/ceph/{{ cluster }}.client.admin.keyring"
+ when:
+ - copy_admin_key
+
+- name: set_fact ceph_config_keys
+ set_fact:
+ ceph_config_keys:
+ - /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
+
+- name: merge ceph_config_keys and admin_keyring
+ set_fact:
+ ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
+ when:
+ - copy_admin_key
+
+- name: wait for ceph.conf and keys
+ local_action:
+ module: wait_for
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ become: false
+ with_items: "{{ ceph_config_keys }}"
+
+- name: stat for ceph config and keys
+ local_action:
+ module: stat
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ failed_when: false
+ check_mode: no
+ register: statconfig
+
+- name: try to copy ceph config and keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ dest: "{{ item }}"
+ owner: root
+ group: root
+ mode: 0644
+ changed_when: false
+ with_items: "{{ ceph_config_keys }}"
\ No newline at end of file
---
-- name: include selinux.yml
- include: selinux.yml
-
- name: include start_docker_osd.yml
include: start_docker_osd.yml
+++ /dev/null
----
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
--pid=host \
--privileged=true \
--name=ceph-osd-prepare-{{ ansible_hostname }}-{{ item.1 | regex_replace('/dev/', '') }} \
- -v /etc/ceph:/etc/ceph \
- -v /var/lib/ceph/:/var/lib/ceph/ \
+ -v /etc/ceph:/etc/ceph:z \
+ -v /var/lib/ceph/:/var/lib/ceph/:z \
-v /dev:/dev \
-v /etc/localtime:/etc/localtime:ro \
-e DEBUG=verbose \
--pid=host \
--privileged=true \
--name=ceph-osd-prepare-{{ ansible_hostname }}-{{ item.split('/')[-1] }} \
- -v /etc/ceph:/etc/ceph \
- -v /var/lib/ceph/:/var/lib/ceph/ \
+ -v /etc/ceph:/etc/ceph:z \
+ -v /var/lib/ceph/:/var/lib/ceph/:z \
-v /dev:/dev \
-v /etc/localtime:/etc/localtime:ro \
-e DEBUG=verbose \
--pid=host \
--privileged=true \
--name=ceph-osd-prepare-{{ ansible_hostname }}-{{ item.1 | regex_replace('/dev/', '') }} \
- -v /etc/ceph:/etc/ceph \
- -v /var/lib/ceph/:/var/lib/ceph/ \
+ -v /etc/ceph:/etc/ceph:z \
+ -v /var/lib/ceph/:/var/lib/ceph/:z \
-v /dev:/dev \
-v /etc/localtime:/etc/localtime:ro \
-e DEBUG=verbose \
--pid=host \
--privileged=true \
--name=ceph-osd-prepare-{{ ansible_hostname }}-{{ item.1 | regex_replace('/dev/', '') }} \
- -v /etc/ceph:/etc/ceph \
- -v /var/lib/ceph/:/var/lib/ceph/ \
+ -v /etc/ceph:/etc/ceph:z \
+ -v /var/lib/ceph/:/var/lib/ceph/:z \
-v /dev:/dev \
-v /etc/localtime:/etc/localtime:ro \
-e DEBUG=verbose \
#############
{% if disk_list.get('rc') == 0 -%}
function expose_partitions () {
-DOCKER_ENV=$(docker run --rm --net=host --name expose_partitions_${1} --privileged=true -v /dev/:/dev/ -v /etc/ceph:/etc/ceph -e CLUSTER={{ cluster }} -e OSD_DEVICE=/dev/${1} {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} disk_list)
+DOCKER_ENV=$(docker run --rm --net=host --name expose_partitions_${1} --privileged=true -v /dev/:/dev/ -v /etc/ceph:/etc/ceph:z -e CLUSTER={{ cluster }} -e OSD_DEVICE=/dev/${1} {{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} disk_list)
docker rm -f expose_partitions_${1}
}
{% else -%}
{% endif -%}
-v /dev:/dev \
-v /etc/localtime:/etc/localtime:ro \
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
$DOCKER_ENV \
{% if ansible_distribution == 'Ubuntu' -%}
--security-opt apparmor:unconfined \
--- /dev/null
+---
+- name: set_fact bootstrap_rbd_keyring
+ set_fact:
+ bootstrap_rbd_keyring: "/var/lib/ceph/bootstrap-rbd/{{ cluster }}.keyring"
+ when:
+ - ceph_release_num[ceph_release] >= ceph_release_num.luminous
+
+- name: set_fact ceph_config_keys
+ set_fact:
+ ceph_config_keys:
+ - /etc/ceph/{{ cluster }}.client.admin.keyring
+ - "{{ bootstrap_rbd_keyring | default('') }}"
+
+- name: stat for ceph config and keys
+ local_action:
+ module: stat
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ failed_when: false
+ check_mode: no
+ register: statconfig
+ when: "item | length > 0"
+
+- name: try to fetch ceph config and keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: root
+ group: root
+ mode: 0644
+ changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
+ when:
+ - not item.1.get('skipped')
+ - item.1.stat.exists == true
\ No newline at end of file
---
-- name: include selinux.yml
- include: selinux.yml
-
- name: include start_docker_rbd_mirror.yml
include: start_docker_rbd_mirror.yml
+++ /dev/null
----
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
--cpu-quota={{ ceph_rbd_mirror_docker_cpu_limit * 100000 }} \
{% endif -%}
{% if not containerized_deployment_with_kv -%}
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
{% else -%}
-e KV_TYPE={{kv_type}} \
-e KV_IP={{kv_endpoint}} \
- "{{ ceph_config_keys }}"
- "{{ statconfig.results }}"
when:
- - item.1.stat.exists == true
-
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
+ - item.1.stat.exists == true
\ No newline at end of file
--- /dev/null
+---
+- name: set_fact admin_keyring
+ set_fact:
+ admin_keyring:
+ - "/etc/ceph/{{ cluster }}.client.admin.keyring"
+ when:
+ - copy_admin_key
+
+- name: set_fact ceph_config_keys
+ set_fact:
+ ceph_config_keys:
+ - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
+
+- name: merge ceph_config_keys and admin_keyring
+ set_fact:
+ ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
+ when:
+ - copy_admin_key
+
+- name: stat for ceph config and keys
+ local_action:
+ module: stat
+ path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ with_items: "{{ ceph_config_keys }}"
+ changed_when: false
+ become: false
+ ignore_errors: true
+ check_mode: no
+ register: statconfig
+
+- name: try to fetch ceph config and keys
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+ dest: "{{ item.0 }}"
+ owner: root
+ group: root
+ mode: 0644
+ changed_when: false
+ with_together:
+ - "{{ ceph_config_keys }}"
+ - "{{ statconfig.results }}"
+ when:
+ - item.1.stat.exists == true
\ No newline at end of file
---
-- name: include selinux.yml
- include: selinux.yml
-
- name: include start_docker_rgw.yml
include: start_docker_rgw.yml
+++ /dev/null
----
-- name: set selinux permissions
- shell: |
- chcon -Rt svirt_sandbox_file_t {{ item }}
- with_items:
- - "{{ ceph_conf_key_directory }}"
- - /var/lib/ceph
- changed_when: false
- when:
- - ansible_os_family == 'RedHat'
- - sestatus.stdout != 'Disabled'
--cpu-quota={{ ceph_rgw_docker_cpu_limit * 100000 }} \
{% endif -%}
{% if not containerized_deployment_with_kv -%}
- -v /var/lib/ceph:/var/lib/ceph \
- -v /etc/ceph:/etc/ceph \
+ -v /var/lib/ceph:/var/lib/ceph:z \
+ -v /etc/ceph:/etc/ceph:z \
{% else -%}
-e KV_TYPE={{ kv_type }} \
-e KV_IP={{ kv_endpoint }} \
projects / ceph-ansible.git / commitdiff