Docker: split the task 'copy ceph configs&keys'

All keys are copied to all nodes.
This commit split that task in each roles so keys are copied to their
respective nodes.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1488999
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>

diff --git a/roles/ceph-docker-common/tasks/main.yml b/roles/ceph-docker-common/tasks/main.yml
index 73003ed87205ff240b6c1c14fcfe14f39daab859..24f76b2a760f59435a1170533286682ee686e776 100644 (file)
--- a/roles/ceph-docker-common/tasks/main.yml
+++ b/roles/ceph-docker-common/tasks/main.yml
@@ -89,19 +89,5 @@
 
 - include: create_configs.yml
 
-# Only include 'fetch_configs.yml' when:
-# - we are deploying containers without kv AND host is either a mon OR a nfs OR an osd
-# OR
-# - host is either a mdss OR mgrs OR rgws
-- include: fetch_configs.yml
-  when:
-    - (not containerized_deployment_with_kv and
-        ((inventory_hostname in groups.get(mon_group_name, [])) or
-          (inventory_hostname in groups.get(nfs_group_name, [])) or
-          (inventory_hostname in groups.get(osd_group_name, [])))) or
-      (inventory_hostname in groups.get('mdss', [])) or
-      (inventory_hostname in groups.get('mgrs', [])) or
-      (inventory_hostname in groups.get('rgws', []))
-
 - include: selinux.yml
   when: ansible_os_family == 'RedHat'

diff --git a/roles/ceph-docker-common/tasks/selinux.yml b/roles/ceph-docker-common/tasks/selinux.yml
index 648d9e7ad8ec7d927f338702fce2c6efbd42ced9..8e74a6375c0fb61e92030f4d868dbbfb90d9f4d0 100644 (file)
--- a/roles/ceph-docker-common/tasks/selinux.yml
+++ b/roles/ceph-docker-common/tasks/selinux.yml
@@ -4,12 +4,3 @@
   register: sestatus
   changed_when: false
   always_run: true
-
-- name: set selinux permissions
-  shell: |
-    chcon -Rt svirt_sandbox_file_t {{ item }}
-  with_items:
-    - "{{ ceph_conf_key_directory }}"
-    - /var/lib/ceph
-  changed_when: false
-  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-mds/tasks/docker/copy_configs.yml b/roles/ceph-mds/tasks/docker/copy_configs.yml
new file mode 100644 (file)
index 0000000..074f878
--- /dev/null
+++ b/roles/ceph-mds/tasks/docker/copy_configs.yml
@@ -0,0 +1,38 @@
+---
+- name: set config and keys paths
+  set_fact:
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /etc/ceph/{{ cluster }}.client.admin.keyring
+      - /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
+
+- name: stat for ceph config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ ceph_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  always_run: true
+  register: statconfig
+
+- name: try to fetch ceph config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
+  with_together:
+    - "{{ ceph_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == true
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-mds/tasks/docker/main.yml b/roles/ceph-mds/tasks/docker/main.yml
index a7faad24dc00b1af011cdbe849cb0c963f81a51a..4a45f03d4526c2bface1434e5c168e0bf7931b21 100644 (file)
--- a/roles/ceph-mds/tasks/docker/main.yml
+++ b/roles/ceph-mds/tasks/docker/main.yml
@@ -3,5 +3,6 @@
   set_fact:
     docker_exec_cmd: "docker exec ceph-mds-{{ ansible_hostname }}"
 
+- include: copy_configs.yml
 - include: start_docker_mds.yml
 - include: enable_multimds.yml

diff --git a/roles/ceph-mgr/tasks/docker/copy_configs.yml b/roles/ceph-mgr/tasks/docker/copy_configs.yml
new file mode 100644 (file)
index 0000000..0d3822c
--- /dev/null
+++ b/roles/ceph-mgr/tasks/docker/copy_configs.yml
@@ -0,0 +1,52 @@
+---
+- name: set config and keys paths
+  set_fact:
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring
+
+- name: stat for ceph config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ ceph_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  always_run: true
+  register: statconfig
+
+- name: try to fetch ceph config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
+  with_together:
+    - "{{ ceph_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == true
+
+- name: "copy mgr key to /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
+  command: cp /etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring
+  changed_when: false
+  always_run: true
+  with_items: "{{ statconfig.results }}"
+  when: item.stat.exists == true
+
+- name: set ceph mgr key permission
+  file:
+    path: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
+    owner: "{{ bootstrap_dirs_owner }}"
+    group: "{{ bootstrap_dirs_group }}"
+    mode: "0600"
+  when: cephx
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-mgr/tasks/docker/main.yml b/roles/ceph-mgr/tasks/docker/main.yml
index 1f72d3635ae8cc4e66dd90df1ad7686a27e397b4..81590ce01cf2b33b2aeee62ad315e85f38a0bd86 100644 (file)
--- a/roles/ceph-mgr/tasks/docker/main.yml
+++ b/roles/ceph-mgr/tasks/docker/main.yml
@@ -1,2 +1,19 @@
 ---
+- name: create mgr directory
+  file:
+    path: /var/lib/ceph/mgr/
+    state: directory
+    owner: "root"
+    group: "root"
+    mode: "0755"
+
+- name: create mgr directory
+  file:
+    path: /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}
+    state: directory
+    owner: "root"
+    group: "root"
+    mode: "0755"
+
+- include: copy_configs.yml
 - include: start_docker_mgr.yml

diff --git a/roles/ceph-mon/tasks/docker/copy_configs.yml b/roles/ceph-mon/tasks/docker/copy_configs.yml
index 53076e859eabce70bdf94d682fa8896dc5f0c1be..4121743c4c783cb38fadc6921c267c45f9d8d74c 100644 (file)
--- a/roles/ceph-mon/tasks/docker/copy_configs.yml
+++ b/roles/ceph-mon/tasks/docker/copy_configs.yml
@@ -1,10 +1,59 @@
 ---
-- name: push ceph files to the ansible server
-  fetch:
-    src: "{{ item.0 }}"
-    dest: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
-    flat: yes
+- name: set config and keys paths
+  set_fact:
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /etc/ceph/{{ cluster }}.client.admin.keyring
+      - /etc/ceph/monmap-{{ cluster }}
+      - /etc/ceph/{{ cluster }}.mon.keyring
+      - /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
+      - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
+      - /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
+
+- name: add mgr keys to config and keys paths
+  set_fact:
+    tmp_ceph_mgr_keys: /etc/ceph/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring
+  with_items: "{{ groups.get(mgr_group_name, []) }}"
+  register: tmp_ceph_mgr_keys_result
+  when: "{{ groups.get(mgr_group_name, []) | length > 0 }}"
+
+- name: convert mgr keys to an array
+  set_fact:
+    ceph_mgr_keys: "{{ tmp_ceph_mgr_keys_result.results | map(attribute='ansible_facts.tmp_ceph_mgr_keys') | list }}"
+  when: "{{ groups.get(mgr_group_name, []) | length > 0 }}"
+
+- name: merge mgr keys to config and keys paths
+  set_fact:
+    ceph_config_keys: "{{ ceph_config_keys + ceph_mgr_keys }}"
+  when: "{{ groups.get(mgr_group_name, []) | length > 0 }}"
+
+- name: stat for ceph config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ ceph_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  register: statconfig
+  always_run: true
+
+- name: try to copy ceph config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
   with_together:
     - "{{ ceph_config_keys }}"
     - "{{ statconfig.results }}"
-  when: item.1.stat.exists == false
+  when: item.1.stat.exists == true
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-mon/tasks/docker/fetch_configs.yml b/roles/ceph-mon/tasks/docker/fetch_configs.yml
new file mode 100644 (file)
index 0000000..53076e8
--- /dev/null
+++ b/roles/ceph-mon/tasks/docker/fetch_configs.yml
@@ -0,0 +1,10 @@
+---
+- name: push ceph files to the ansible server
+  fetch:
+    src: "{{ item.0 }}"
+    dest: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    flat: yes
+  with_together:
+    - "{{ ceph_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == false

diff --git a/roles/ceph-mon/tasks/docker/main.yml b/roles/ceph-mon/tasks/docker/main.yml
index b3c46f55cc75c92ebf93b31a623bc9f61fcb5008..ac93146632d6f1440ea630f91284399ede0b1a03 100644 (file)
--- a/roles/ceph-mon/tasks/docker/main.yml
+++ b/roles/ceph-mon/tasks/docker/main.yml
@@ -1,4 +1,7 @@
 ---
+- include: copy_configs.yml
+  when: not containerized_deployment_with_kv
+
 - include: start_docker_monitor.yml
 
 - name: wait for monitor socket to exist
@@ -68,7 +71,7 @@
     - hostvars[groups[mon_group_name][0]]['monitor_address_block'] is defined
     - hostvars[groups[mon_group_name][0]]['monitor_address_block'] | length > 0
 
-- include: copy_configs.yml
+- include: ./fetch_configs.yml
   when: not containerized_deployment_with_kv
 
 - name: create ceph rest api keyring when mon is containerized
@@ -116,7 +119,7 @@
     when:
       - "{{ groups.get(mgr_group_name, []) | length > 0 }}"
 
-  - name: push ceph mgr key(s)
+  - name: fetch ceph mgr key(s)
     fetch:
       src: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item.item]['ansible_hostname'] }}.keyring"
       dest: "{{ fetch_directory }}/{{ fsid }}/{{ item.stat.path }}"

diff --git a/roles/ceph-nfs/tasks/docker/copy_configs.yml b/roles/ceph-nfs/tasks/docker/copy_configs.yml
index 21d2f86c231c2213ee62520ec2e1fddea422f421..ed69e2cb6172db043a84cf7bd11f9c2502ec396b 100644 (file)
--- a/roles/ceph-nfs/tasks/docker/copy_configs.yml
+++ b/roles/ceph-nfs/tasks/docker/copy_configs.yml
@@ -27,3 +27,12 @@
     - "{{ ceph_config_keys }}"
     - "{{ statconfig.results }}"
   when: item.1.stat.exists == true
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-nfs/tasks/docker/copy_ganesha_configs.yml b/roles/ceph-nfs/tasks/docker/copy_ganesha_configs.yml
new file mode 100644 (file)
index 0000000..50de38e
--- /dev/null
+++ b/roles/ceph-nfs/tasks/docker/copy_ganesha_configs.yml
@@ -0,0 +1,37 @@
+---
+- name: set config paths
+  set_fact:
+    nfs_config_keys:
+      - /etc/ganesha/ganesha.conf
+
+- name: stat for config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ nfs_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  always_run: true
+  register: statconfig
+
+- name: try to fetch config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
+  with_together:
+    - "{{ nfs_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == true
+
+- name: push ganesha files to the ansible server
+  fetch:
+    src: "{{ item.0 }}"
+    dest: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    flat: yes
+  with_together:
+    - "{{ nfs_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == false

diff --git a/roles/ceph-nfs/tasks/docker/main.yml b/roles/ceph-nfs/tasks/docker/main.yml
index 30da2f32411e4d32e8645dc8c3d2070646f1946d..4bc05c95ade93e998c4198a42aff1041a3d24956 100644 (file)
--- a/roles/ceph-nfs/tasks/docker/main.yml
+++ b/roles/ceph-nfs/tasks/docker/main.yml
@@ -1,6 +1,9 @@
 ---
 # Copy Ceph configs to host
 - include: copy_configs.yml
+# Copy Ganesha Ceph configs to host
+- include: copy_ganesha_configs.yml
+  when: not containerized_deployment_with_kv
 
 - include: start_docker_nfs.yml
 

diff --git a/roles/ceph-osd/tasks/copy_configs.yml b/roles/ceph-osd/tasks/copy_configs.yml
new file mode 100644 (file)
index 0000000..29d365b
--- /dev/null
+++ b/roles/ceph-osd/tasks/copy_configs.yml
@@ -0,0 +1,39 @@
+---
+- name: set config and keys paths
+  set_fact:
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
+
+- name: wait for ceph.conf and keys
+  local_action: wait_for path={{ fetch_directory }}/{{ fsid }}/{{ item.0 }}
+  become: false
+  with_items: "{{ ceph_config_keys }}"
+
+- name: stat for ceph config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ ceph_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  always_run: true
+  register: statconfig
+
+- name: try to copy ceph config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
+  with_items: "{{ ceph_config_keys }}"
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-osd/tasks/main.yml b/roles/ceph-osd/tasks/main.yml
index c74487dd2ed2da2ead8228edab219fe83d2c3e2a..d4f39c9d28cd77855db9d24737ccea5cd6a9c947 100644 (file)
--- a/roles/ceph-osd/tasks/main.yml
+++ b/roles/ceph-osd/tasks/main.yml
@@ -21,6 +21,11 @@
 
 - include: check_devices.yml
 
+- include: copy_configs.yml
+  when:
+    - containerized_deployment
+    - not containerized_deployment_with_kv
+
 - include: ./scenarios/collocated.yml
   when:
     - osd_scenario == 'collocated'

diff --git a/roles/ceph-rbd-mirror/tasks/docker/copy_configs.yml b/roles/ceph-rbd-mirror/tasks/docker/copy_configs.yml
new file mode 100644 (file)
index 0000000..2d81ce1
--- /dev/null
+++ b/roles/ceph-rbd-mirror/tasks/docker/copy_configs.yml
@@ -0,0 +1,43 @@
+---
+- name: register rbd bootstrap key
+  set_fact:
+    bootstrap_rbd_keyring: "/var/lib/ceph/bootstrap-rbd/{{ cluster }}.keyring"
+  when: ceph_release_num.{{ ceph_release }} >= ceph_release_num.luminous
+
+- name: set config and keys paths
+  set_fact:
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /etc/ceph/{{ cluster }}.client.admin.keyring
+      - "{{ bootstrap_rbd_keyring | default([]) }}"
+
+- name: stat for ceph config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ ceph_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  always_run: true
+  register: statconfig
+
+- name: try to fetch ceph config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
+  with_together:
+    - "{{ ceph_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == true
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-rbd-mirror/tasks/docker/main.yml b/roles/ceph-rbd-mirror/tasks/docker/main.yml
index 04ef970173b9b98610b20ff440cd5e1cf1574a31..fa221177e9f1d31002343346aa4f9ebd43bddaa3 100644 (file)
--- a/roles/ceph-rbd-mirror/tasks/docker/main.yml
+++ b/roles/ceph-rbd-mirror/tasks/docker/main.yml
@@ -1,2 +1,3 @@
 ---
+- include: copy_configs.yml
 - include: start_docker_rbd_mirror.yml

diff --git a/roles/ceph-restapi/tasks/docker/copy_configs.yml b/roles/ceph-restapi/tasks/docker/copy_configs.yml
new file mode 100644 (file)
index 0000000..8af8300
--- /dev/null
+++ b/roles/ceph-restapi/tasks/docker/copy_configs.yml
@@ -0,0 +1,37 @@
+---
+- name: set config and keys paths
+  set_fact:
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /etc/ceph/{{ cluster }}.client.admin.keyring
+
+- name: stat for ceph config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ ceph_config_keys }}"
+  changed_when: false
+  become: false
+  ignore_errors: true
+  register: statconfig
+  always_run: true
+
+- name: try to fetch ceph config and keys
+  copy:
+    src: "{{ playbook_dir }}/{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
+  with_together:
+    - "{{ ceph_config_keys }}"
+    - "{{ statconfig.results }}"
+  when: item.1.stat.exists == true
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-restapi/tasks/docker/main.yml b/roles/ceph-restapi/tasks/docker/main.yml
index 9a09e14a8be99d99f32ccc769306c82f832ddd34..a571bbcc680dee04d87fb80c93d85d50da23dfc7 100644 (file)
--- a/roles/ceph-restapi/tasks/docker/main.yml
+++ b/roles/ceph-restapi/tasks/docker/main.yml
@@ -1,2 +1,3 @@
 ---
+- include: copy_configs.yml
 - include: start_docker_restapi.yml

diff --git a/roles/ceph-rgw/tasks/docker/copy_configs.yml b/roles/ceph-rgw/tasks/docker/copy_configs.yml
index fb5eee6aeeefb68e36e14bcb9eb76b7c662f9581..ef01f913d4bb237cec37b9e2947179dd9729a670 100644 (file)
--- a/roles/ceph-rgw/tasks/docker/copy_configs.yml
+++ b/roles/ceph-rgw/tasks/docker/copy_configs.yml
@@ -1,37 +1,37 @@
 ---
 - name: set config and keys paths
   set_fact:
-    rgw_config_keys:
-      - "/var/lib/ceph/radosgw/{{ ansible_hostname }}/keyring"
-  when: nfs_obj_gw
+    ceph_config_keys:
+      - /etc/ceph/{{ cluster }}.conf
+      - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
 
-- name: wait for rgw keyring
-  wait_for: path="/var/lib/ceph/radosgw/{{ ansible_hostname }}/keyring"
-  when:
-    - nfs_obj_gw
-    - inventory_hostname == groups[rgw_group_name][0]
-
-- name: stat for config and keys
+- name: stat for ceph config and keys
   local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
-  with_items: "{{ rgw_config_keys }}"
+  with_items: "{{ ceph_config_keys }}"
   changed_when: false
   become: false
-  failed_when: false
+  ignore_errors: true
   always_run: true
   register: statconfig
-  when:
-    - nfs_obj_gw
-    - inventory_hostname == groups[rgw_group_name][0]
 
-- name: push ceph files to the ansible server
-  fetch:
-    src: "{{ item.0 }}"
-    dest: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/radosgw/keyring"
-    flat: yes
+- name: try to fetch ceph config and keys
+  copy:
+    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
+    dest: "{{ item.0 }}"
+    owner: root
+    group: root
+    mode: 0644
+  changed_when: false
   with_together:
-    - "{{ rgw_config_keys }}"
+    - "{{ ceph_config_keys }}"
     - "{{ statconfig.results }}"
-  when:
-    - nfs_obj_gw
-    - item.1.stat.exists == false
-    - inventory_hostname == groups[rgw_group_name][0]
+  when: item.1.stat.exists == true
+
+- name: set selinux permissions
+  shell: |
+    chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - "{{ ceph_conf_key_directory }}"
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'

diff --git a/roles/ceph-rgw/tasks/docker/copy_rgw_configs.yml b/roles/ceph-rgw/tasks/docker/copy_rgw_configs.yml
new file mode 100644 (file)
index 0000000..f2124a1
--- /dev/null
+++ b/roles/ceph-rgw/tasks/docker/copy_rgw_configs.yml
@@ -0,0 +1,38 @@
+---
+- name: set config and keys paths
+  set_fact:
+    rgw_config_keys:
+      - "/var/lib/ceph/radosgw/{{ ansible_hostname }}/keyring"
+  when: nfs_obj_gw
+
+- name: wait for rgw keyring
+  wait_for:
+    path: "/var/lib/ceph/radosgw/{{ ansible_hostname }}/keyring"
+  when:
+    - nfs_obj_gw
+    - inventory_hostname == groups[rgw_group_name][0]
+
+- name: stat for config and keys
+  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
+  with_items: "{{ rgw_config_keys }}"
+  changed_when: false
+  become: false
+  failed_when: false
+  always_run: true
+  register: statconfig
+  when:
+    - nfs_obj_gw
+    - inventory_hostname == groups[rgw_group_name][0]
+
+- name: push ceph files to the ansible server
+  fetch:
+    src: "{{ item.0 }}"
+    dest: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/radosgw/keyring"
+    flat: yes
+  with_together:
+    - "{{ rgw_config_keys }}"
+    - "{{ statconfig.results }}"
+  when:
+    - nfs_obj_gw
+    - item.1.stat.exists == false
+    - inventory_hostname == groups[rgw_group_name][0]

diff --git a/roles/ceph-rgw/tasks/docker/main.yml b/roles/ceph-rgw/tasks/docker/main.yml
index 71e2c652c899dcf454d278b02b8c1092327e0ac9..7012c42a88f8e41874b4406a0ac76e14a47c0618 100644 (file)
--- a/roles/ceph-rgw/tasks/docker/main.yml
+++ b/roles/ceph-rgw/tasks/docker/main.yml
@@ -1,4 +1,5 @@
 ---
+- include: copy_configs.yml
 - include: start_docker_rgw.yml
 
-- include: copy_configs.yml
+- include: copy_rgw_configs.yml