this role manages ceph infra services such as ntp, firewall, ...
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
tags:
- package-install
-- name: include_tasks "misc/ntp_debian.yml"
- include_tasks: "misc/ntp_debian.yml"
- when:
- - ansible_os_family == 'Debian'
- - ntp_service_enabled
-
-- name: include_tasks "misc/ntp_rpm.yml"
- include_tasks: "misc/ntp_rpm.yml"
- when:
- - ansible_os_family in ['RedHat', 'Suse']
- - ntp_service_enabled
-
- name: get ceph version
command: ceph --version
changed_when: false
tags:
- always
-- name: include_tasks misc/configure_firewall_rpm.yml
- include_tasks: misc/configure_firewall_rpm.yml
- when:
- - configure_firewall
- - ansible_os_family in ['RedHat', 'Suse']
-
- name: include facts_mon_fsid.yml
include_tasks: facts_mon_fsid.yml
run_once: true
+++ /dev/null
----
-- name: check firewalld installation on redhat or suse
- command: rpm -q firewalld
- args:
- warn: no
- register: firewalld_pkg_query
- ignore_errors: true
- check_mode: no
- changed_when: false
- tags:
- - firewall
-
-- name: start firewalld
- service:
- name: firewalld
- state: started
- enabled: yes
- when:
- - firewalld_pkg_query.rc == 0
-
-- name: open monitor ports
- firewalld:
- service: ceph-mon
- zone: "{{ ceph_mon_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - mon_group_name is defined
- - mon_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open manager ports
- firewalld:
- service: ceph
- zone: "{{ ceph_mgr_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - ceph_release_num[ceph_release] >= ceph_release_num.luminous
- - mgr_group_name is defined
- - mgr_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open osd ports
- firewalld:
- service: ceph
- zone: "{{ ceph_osd_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - osd_group_name is defined
- - osd_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open rgw ports
- firewalld:
- port: "{{ radosgw_frontend_port }}/tcp"
- zone: "{{ ceph_rgw_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - rgw_group_name is defined
- - rgw_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open mds ports
- firewalld:
- service: ceph
- zone: "{{ ceph_mds_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - mds_group_name is defined
- - mds_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open nfs ports
- firewalld:
- service: nfs
- zone: "{{ ceph_nfs_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - nfs_group_name is defined
- - nfs_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open nfs ports (portmapper)
- firewalld:
- port: "111/tcp"
- zone: "{{ ceph_nfs_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - nfs_group_name is defined
- - nfs_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open restapi ports
- firewalld:
- port: "{{ restapi_port }}/tcp"
- zone: "{{ ceph_restapi_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - restapi_group_name is defined
- - restapi_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open rbdmirror ports
- firewalld:
- service: ceph
- zone: "{{ ceph_rbdmirror_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - rbdmirror_group_name is defined
- - rbdmirror_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- name: open iscsi ports
- firewalld:
- port: "5001/tcp"
- zone: "{{ ceph_iscsi_firewall_zone }}"
- permanent: true
- immediate: false # if true then fails in case firewalld is stopped
- state: enabled
- notify: restart firewalld
- when:
- - iscsi_group_name is defined
- - iscsi_group_name in group_names
- - firewalld_pkg_query.rc == 0
- tags:
- - firewall
-
-- meta: flush_handlers
+++ /dev/null
----
-- name: setup ntpd
- block:
- - command: timedatectl set-ntp no
- - package:
- name: ntp
- state: present
- - service:
- name: ntp
- enabled: yes
- state: started
- when: ntp_daemon_type == "ntpd"
-
-- name: setup chrony
- block:
- - command: timedatectl set-ntp no
- - package:
- name: chrony
- state: present
- - service:
- name: chronyd
- enabled: yes
- state: started
- when: ntp_daemon_type == "chronyd"
-
-- name: setup timesyncd
- block:
- - command: timedatectl set-ntp on
- when: ntp_daemon_type == "timesyncd"
+++ /dev/null
----
-- name: setup ntpd
- block:
- - command: timedatectl set-ntp no
- - package:
- name: ntp
- state: present
- - service:
- name: ntpd
- enabled: yes
- state: started
- when: ntp_daemon_type == "ntpd"
-
-- name: setup chrony
- block:
- - command: timedatectl set-ntp no
- - package:
- name: chrony
- state: present
- - service:
- name: chronyd
- enabled: yes
- state: started
- when: ntp_daemon_type == "chronyd"
-
-- name: setup timesyncd
- block:
- - command: timedatectl set-ntp on
- when: ntp_daemon_type == "timesyncd"
--- /dev/null
+---
+galaxy_info:
+ author: Guillaume Abrioux
+ description: Handles ceph infra requirements (ntp, firewall, ...)
+ license: Apache
+ min_ansible_version: 2.3
+ platforms:
+ - name: Ubuntu
+ versions:
+ - xenial
+ - name: EL
+ versions:
+ - 7
+ - name: opensuse
+ versions:
+ - 42.3
+ categories:
+ - system
+dependencies: []
--- /dev/null
+---
+- name: check firewalld installation on redhat or suse
+ command: rpm -q firewalld
+ args:
+ warn: no
+ register: firewalld_pkg_query
+ ignore_errors: true
+ check_mode: no
+ changed_when: false
+ tags:
+ - firewall
+
+- name: start firewalld
+ service:
+ name: firewalld
+ state: started
+ enabled: yes
+ when:
+ - firewalld_pkg_query.rc == 0
+
+- name: open monitor ports
+ firewalld:
+ service: ceph-mon
+ zone: "{{ ceph_mon_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - mon_group_name is defined
+ - mon_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open manager ports
+ firewalld:
+ service: ceph
+ zone: "{{ ceph_mgr_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - ceph_release_num[ceph_release] >= ceph_release_num.luminous
+ - mgr_group_name is defined
+ - mgr_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open osd ports
+ firewalld:
+ service: ceph
+ zone: "{{ ceph_osd_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - osd_group_name is defined
+ - osd_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open rgw ports
+ firewalld:
+ port: "{{ radosgw_frontend_port }}/tcp"
+ zone: "{{ ceph_rgw_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - rgw_group_name is defined
+ - rgw_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open mds ports
+ firewalld:
+ service: ceph
+ zone: "{{ ceph_mds_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - mds_group_name is defined
+ - mds_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open nfs ports
+ firewalld:
+ service: nfs
+ zone: "{{ ceph_nfs_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - nfs_group_name is defined
+ - nfs_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open nfs ports (portmapper)
+ firewalld:
+ port: "111/tcp"
+ zone: "{{ ceph_nfs_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - nfs_group_name is defined
+ - nfs_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open restapi ports
+ firewalld:
+ port: "{{ restapi_port }}/tcp"
+ zone: "{{ ceph_restapi_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - restapi_group_name is defined
+ - restapi_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open rbdmirror ports
+ firewalld:
+ service: ceph
+ zone: "{{ ceph_rbdmirror_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - rbdmirror_group_name is defined
+ - rbdmirror_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- name: open iscsi ports
+ firewalld:
+ port: "5001/tcp"
+ zone: "{{ ceph_iscsi_firewall_zone }}"
+ permanent: true
+ immediate: false # if true then fails in case firewalld is stopped
+ state: enabled
+ notify: restart firewalld
+ when:
+ - iscsi_group_name is defined
+ - iscsi_group_name in group_names
+ - firewalld_pkg_query.rc == 0
+ tags:
+ - firewall
+
+- meta: flush_handlers
--- /dev/null
+---
+- name: include_tasks configure_firewall_rpm.yml
+ include_tasks: configure_firewall_rpm.yml
+ when:
+ - configure_firewall
+ - ansible_os_family in ['RedHat', 'Suse']
+
+- name: include_tasks "ntp_debian.yml"
+ include_tasks: "ntp_debian.yml"
+ when:
+ - ansible_os_family == 'Debian'
+ - ntp_service_enabled
+
+- name: include_tasks "ntp_rpm.yml"
+ include_tasks: "ntp_rpm.yml"
+ when:
+ - ansible_os_family in ['RedHat', 'Suse']
+ - ntp_service_enabled
\ No newline at end of file
--- /dev/null
+---
+- name: setup ntpd
+ block:
+ - command: timedatectl set-ntp no
+ - package:
+ name: ntp
+ state: present
+ - service:
+ name: ntp
+ enabled: yes
+ state: started
+ when: ntp_daemon_type == "ntpd"
+
+- name: setup chrony
+ block:
+ - command: timedatectl set-ntp no
+ - package:
+ name: chrony
+ state: present
+ - service:
+ name: chronyd
+ enabled: yes
+ state: started
+ when: ntp_daemon_type == "chronyd"
+
+- name: setup timesyncd
+ block:
+ - command: timedatectl set-ntp on
+ when: ntp_daemon_type == "timesyncd"
--- /dev/null
+---
+- name: setup ntpd
+ block:
+ - command: timedatectl set-ntp no
+ - package:
+ name: ntp
+ state: present
+ - service:
+ name: ntpd
+ enabled: yes
+ state: started
+ when: ntp_daemon_type == "ntpd"
+
+- name: setup chrony
+ block:
+ - command: timedatectl set-ntp no
+ - package:
+ name: chrony
+ state: present
+ - service:
+ name: chronyd
+ enabled: yes
+ state: started
+ when: ntp_daemon_type == "chronyd"
+
+- name: setup timesyncd
+ block:
+ - command: timedatectl set-ntp on
+ when: ntp_daemon_type == "timesyncd"
roles:
- ceph-defaults
- ceph-validate
+ - ceph-infra
- hosts: mons
projects / ceph-ansible.git / commitdiff