ceph-osd: add dmcrypt scenario

add the ability to encrypt osd data store using dm-crypt

Signed-off-by: Sébastien Han <seb@redhat.com>
(cherry picked from commit 5978d55d221f435e052514dc328fb701783b2f18)

Resolves: rhbz#1373736 and rhbz#1366808

diff --git a/roles/ceph-osd/tasks/scenarios/dmcrypt.yml b/roles/ceph-osd/tasks/scenarios/dmcrypt.yml
new file mode 100644 (file)
index 0000000..835b7e4
--- /dev/null
+++ b/roles/ceph-osd/tasks/scenarios/dmcrypt.yml
@@ -0,0 +1,37 @@
+---
+## SCENARIO 5: DMCRYPT
+
+- include: ../check_devices.yml
+
+# NOTE (leseb): the prepare process must be parallelized somehow...
+# if you have 64 disks with 4TB each, this will take a while
+# since Ansible will sequential process the loop
+
+# NOTE (alahouze): if the device is a partition, the parted command below has
+# failed, this is why we check if the device is a partition too.
+- name: automatic prepare osd disk(s) without partitions
+  command: ceph-disk prepare --dmcrypt --cluster "{{ cluster }}" "/dev/{{ item.key }}"
+  register: prepared_osds
+  with_dict: ansible_devices
+  when:
+    - ansible_devices is defined
+    - item.value.removable == "0"
+    - item.value.partitions|count == 0
+    - bluestore
+    - osd_auto_discovery
+
+- name: manually prepare osd disk(s)
+  command: ceph-disk prepare --dmcrypt --cluster "{{ cluster }}" "{{ item.2 }}"
+  with_together:
+    - combined_parted_results.results
+    - combined_ispartition_results.results
+    - devices
+  when:
+    - not item.0.get("skipped")
+    - not item.1.get("skipped")
+    - item.0.get("rc", 0) != 0
+    - item.1.get("rc", 0) != 0
+    - bluestore
+    - not osd_auto_discovery
+
+- include: ../activate_osds.yml