From: leseb Date: Fri, 24 Jul 2015 16:14:59 +0000 (+0200) Subject: Modify the repo to host reoles on the galaxy X-Git-Tag: v1.0.0~161^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=08add29d92641d1011893f703af9f9147be3fbbe;p=ceph-ansible.git Modify the repo to host reoles on the galaxy Signed-off-by: leseb --- diff --git a/contrib/splitup.yml b/contrib/splitup.yml index 4129faeb1..0940343b2 100644 --- a/contrib/splitup.yml +++ b/contrib/splitup.yml @@ -15,21 +15,20 @@ gather_facts: False vars: - github: False + github: ceph/ansible roles: - ceph-common - ceph-mon - ceph-osd - ceph-mds - - ceph-radosgw - - haproxy + - ceph-rgw tasks: - name: check for github prefix option on commandline tags: split fail: > - msg='github prefix missing! e.g: (--extra-vars github=mhubig/ansible).' + msg='github prefix missing! e.g: (--extra-vars github=ceph/ansible).' when: github == False - name: split the repo in seperate branches @@ -63,4 +62,3 @@ git subtree push --prefix=roles/{{ item }} {{ item }} master chdir=../ with_items: roles - diff --git a/group_vars/all.sample b/group_vars/all.sample index aa87b7257..e6da18694 100644 --- a/group_vars/all.sample +++ b/group_vars/all.sample @@ -161,7 +161,7 @@ dummy: # Rados Gateway options # #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls -#radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-radosgw/defaults/main.yml +#radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-rgw/defaults/main.yml #radosgw_civetweb_port: 80 #radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/ #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357 diff --git a/roles/ceph-common/defaults/main.yml b/roles/ceph-common/defaults/main.yml index 181c8f993..301520f9f 100644 --- a/roles/ceph-common/defaults/main.yml +++ b/roles/ceph-common/defaults/main.yml @@ -169,7 +169,7 @@ osd_deep_scrub_stride: 1048576 ## Rados Gateway options # #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls -radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-radosgw/defaults/main.yml +radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-rgw/defaults/main.yml radosgw_civetweb_port: 80 radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/ #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357 diff --git a/roles/ceph-radosgw/defaults/main.yml b/roles/ceph-radosgw/defaults/main.yml deleted file mode 100644 index 6bb65fe4f..000000000 --- a/roles/ceph-radosgw/defaults/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# You can override vars by using host or group vars - -## Ceph options -# -cephx: true - -# Used for the sudo exception while starting the radosgw process -# a new entry /etc/sudoers.d/ceph will be created -# allowing root to not require tty -radosgw_user: root - -# Toggle 100-continue support for Apache and FastCGI -# WARNING: Changing this value will cause an outage of Apache while it is reinstalled on RGW nodes -http_100_continue: false - -# Rados Gateway options -redhat_distro_ceph_extra: centos6.4 # supported distros are centos6.3, centos6.4, centos6, fedora18, fedora19, opensuse12.2, rhel6.3, rhel6.4, rhel6.5, rhel6, sles11sp2 -email_address: foo@bar.com -radosgw_frontend: civetweb # we currently only support a single backend - - -########## -# DOCKER # -########## - -ceph_containerized_deployment: false -ceph_rgw_civetweb_port: 80 -ceph_rgw_docker_username: ceph -ceph_rgw_docker_imagename: daemon diff --git a/roles/ceph-radosgw/files/cephdev.asc b/roles/ceph-radosgw/files/cephdev.asc deleted file mode 100644 index e43bd6c6e..000000000 --- a/roles/ceph-radosgw/files/cephdev.asc +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.10 (GNU/Linux) - -mQGiBE1Rr28RBADCxdpLV3ea9ocpS/1+UCvHqD5xjmlw/9dmji4qrUX0+IhPMNuA -GBBt2CRaR7ygMF5S0NFXooegph0/+NT0KisLIuhUI3gde4SWb5jsb8hpGUse9MC5 -DN39P46zZSpepIMlQuQUkge8W/H2qBu10RcwQhs7o2fZ1zK9F3MmRCkBqwCggpap -GsOgE2IlWjcztmE6xcPO0wED/R4BxTaQM+jxIjylnHgn9PYy6795yIc/ZoYjNnIh -QyjqbLWnyzeTmjPBwcXNljKqzEoA/Cjb2gClxHXrYAw7bGu7wKbnqhzdghSx7ab+ -HwIoy/v6IQqv+EXZgYHonqQwqtgfAHp5ON2gWu03cHoGkXfmA4qZIoowqMolZhGo -cF30A/9GotDdnMlqh8bFBOCMuxfRow7H8RpfL0fX7VHA0knAZEDk2rNFeebL5QKH -GNJm9Wa6JSVj1NUIaz4LHyravqXi4MXzlUqauhLHw1iG+qwZlPM04z+1Dj6A+2Hr -b5UxI/I+EzmO5OYa38YWOqybNVBH0wO+sMCpdBq0LABa8X29LbRPQ2VwaCBhdXRv -bWF0ZWQgcGFja2FnZSBidWlsZCAoQ2VwaCBhdXRvbWF0ZWQgcGFja2FnZSBidWls -ZCkgPHNhZ2VAbmV3ZHJlYW0ubmV0PohgBBMRAgAgAhsDBgsJCAcDAgQVAggDBBYC -AwECHgECF4AFAlEUm1YACgkQbq6uIgPDlRqTUACeMqJ+vwatwb+y/KWeNfmgtQ8+ -kDwAn0MHwY42Wmb7FA891j88enooCdxRuQQNBE1Rr28QEACKG04kxGY1cwGoInHV -P6z1+8oqGiaiYWFflYRtSiwoUVtl30T1sMOSzoEvmauc+rmBBfsyaBb8DLDUIgGK -v1FCOY/tfqnOyQXotPjgaLeCtK5A5Z5D212wbskf5fRHAxiychwKURiEeesRa7EW -rF6ohFxOTy9NOlFi7ctusShw6Q2kUtN7bQCX9hJdYs7PYQXvCXvW8DNt7IitF7Mp -gMHNcj0wik6p38I4s7pqK6mqP4AXVVSWbJKr/LSz8bI8KhWRAT7erVAZf6FElR2x -ZVr3c4zsE2HFpnZTsM5y/nj8fUkgKGl8OfBuUoh+MCVfnPmE6sgWfDTKkwWtUcmL -6V9UQ1INUJ3sk+XBY9SMNbOn04su9FjQyNEMI/3VK7yuyKBRAN7IIVgP2ch499m6 -+YFV9ZkG3JSTovNiqSpQouW7YPkS+8mxlPo03LQcU5bHeacBl0T8Xjlvqu6q279E -liHul4huKL0+myPN4DtmOTh/kwgSy3BGCBdS+wfAJSZcuKI7pk7pHGCdUjNMHQZm -PFbwzp33bVLd16gnAx0OW5DOn6l0VfgIQNSJ2rn7WZ5jdyg/Flp2VlWVtAHFLzkC -a+LvQ5twSuzrV/VipSr3xz3pTDLY+ZxDztvrgA6AST8+sdq6uQTYjwUQV0wzanvp -9hkC5eqRY6YlzcgMkWFv8DCIEwADBQ//ZQaeVmG6T5vyfXf2JrCipmI4MAdO+ezE -tWE82wgixlCvvm26UmUejCYgtD6DmwY/7/bIjvJDhUwP0+hAHHOpR62gncoMtbMr -yHpm3FvYH58JNk5gx8ZA322WEc2GCRCQzrMQoMKBcpZY/703GpQ4l3RZ7/25gq7A -NohV5zeddFQftc05PMBBJLU3U+lrnahJS1WaOXNQzS6oVj9jNda1jkgcQni6QssS -IMT6rAPsVbGJhe9mxr2VWdQ90QlubpszIeSJuqqJxLwqH8XHXZmQOYxmyVP9a3pF -qWDmsNxDA8ttYnMIc+nUAgCDJ84ScwQ1GvoCUD1b1cFNzvvhEHsNb4D/XbdrFcFG -wEkeyivUsojdq2YnGjYSgauqyNWbeEgBrWzUe5USYysmziL/KAubcUjIbeRGxyPS -6iQ2kbvfEJJPgocWTfLs5j61FObO+MVlj+PEmxWbcsIRv/pnG2V2FPJ8evhzgvp7 -cG9imZPM6dWHzc/ZFdi3Bcs51RtStsvPqXv4icKIi+01h1MLHNBqwuUkIiiK7ooM -lvnp+DiEsVSuYYKBdGTi+4+nduuYL2g8CTNJKZuC46dY7EcE3lRYZlxl7dwN3jfL -PRlnNscs34dwhZa+b70Flia0U1DNF4jrIFFBSHD3TqMg0Z6kxp1TfxpeGOLOqnBW -rr0GKehu9CGISQQYEQIACQIbDAUCURSbegAKCRBurq4iA8OVGv9TAJ9EeXVrRS3p -PZkT1R21FszUc9LvmgCeMduh5IPGFWSx9MjUc7/j1QKYm7g= -=per8 ------END PGP PUBLIC KEY BLOCK----- diff --git a/roles/ceph-radosgw/handlers/main.yml b/roles/ceph-radosgw/handlers/main.yml deleted file mode 100644 index 06c73989a..000000000 --- a/roles/ceph-radosgw/handlers/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: restart apache2 - service: > - name=apache2 - state=restarted - enabled=yes - when: ansible_os_family == 'Debian' - -- name: restart apache2 - service: > - name=httpd - state=restarted - enabled=yes - when: ansible_os_family == 'RedHat' diff --git a/roles/ceph-radosgw/meta/main.yml b/roles/ceph-radosgw/meta/main.yml deleted file mode 100644 index 9fc270d3b..000000000 --- a/roles/ceph-radosgw/meta/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -galaxy_info: - author: Sébastien Han - description: Installs Ceph Rados Gateway - license: Apache - min_ansible_version: 1.7 - platforms: - - name: Ubuntu - versions: - - trusty - categories: - - system -dependencies: - - { role: ceph-common, when: not docker } diff --git a/roles/ceph-radosgw/tasks/docker.yml b/roles/ceph-radosgw/tasks/docker.yml deleted file mode 100644 index fae1aaa23..000000000 --- a/roles/ceph-radosgw/tasks/docker.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: set config and keys paths - set_fact: - ceph_config_keys: - - /etc/ceph/ceph.client.admin.keyring - - /etc/ceph/ceph.conf - - /etc/ceph/monmap - - /etc/ceph/ceph.mon.keyring - - /var/lib/ceph/bootstrap-rgw/ceph.keyring - -- name: install docker-py - pip: > - name=docker-py - version=1.1.0 # https://github.com/ansible/ansible-modules-core/issues/1227 - -- name: stat for ceph config and keys - stat: > - path={{ item }} - with_items: ceph_config_keys - ignore_errors: true - register: statconfig - -- name: try to fetch ceph config and keys - copy: > - src=fetch/docker_mon_files/"{{ item }}" - dest=/etc/ceph/ - owner=root - group=root - mode=600 - with_together: - - ceph_config_keys - - statconfig.results - when: item.1.stat.exists == False - -- name: run the rados gateway docker image - docker: > - image="{{ ceph_rgw_docker_username }}/{{ ceph_rgw_docker_imagename }}" - name=ceph-{{ ansible_hostname }}-rgw - expose={{ ceph_rgw_civetweb_port }} - state=running - env="RGW_CIVETWEB_PORT={{ ceph_rgw_civetweb_port }},CEPH_DAEMON=RGW" - volumes="/var/lib/ceph:/var/lib/ceph,/etc/ceph:/etc/ceph" - -- name: ensure ceph_rgw service is running - docker: > - image="{{ ceph_rgw_docker_username }}/{{ ceph_rgw_docker_imagename }}" - name="ceph-{{ ansible_hostname }}-rgw" - detach=yes - state=running diff --git a/roles/ceph-radosgw/tasks/installs/install_debian.yml b/roles/ceph-radosgw/tasks/installs/install_debian.yml deleted file mode 100644 index 6d39a4490..000000000 --- a/roles/ceph-radosgw/tasks/installs/install_debian.yml +++ /dev/null @@ -1,144 +0,0 @@ ---- -- name: add ceph extra - apt_repository: > - repo="deb http://ceph.com/packages/ceph-extras/debian {{ ansible_lsb.codename }} main" - state=present - when: ansible_lsb.codename in ['natty', 'oneiric', 'precise', 'quantal', 'raring', 'sid', 'squeeze', 'wheezy'] - -# NOTE (leseb): needed for Ubuntu 12.04 to have access to libapache2-mod-fastcgi if 100-continue isn't being used -- name: enable multiverse repo for precise - apt_repository: > - repo="{{ item }}" - state=present - with_items: - - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }} multiverse - - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-updates multiverse - - deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security multiverse - when: - ansible_lsb.codename in ['precise'] and not - http_100_continue - -# NOTE (leseb): disable the repo when we are using the Ceph repo for 100-continue packages -- name: disable multiverse repo for precise - apt_repository: > - repo="{{ item }}" - state=absent - with_items: - - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }} multiverse - - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-updates multiverse - - deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security multiverse - when: - ansible_lsb.codename in ['precise'] and - http_100_continue - -# NOTE (leseb): needed for Ubuntu 14.04 to have access to libapache2-mod-fastcgi if 100-continue isn't being used -- name: enable multiverse repo for trusty - command: "apt-add-repository multiverse" - changed_when: false - when: - ansible_lsb.codename in ['trusty'] and not - http_100_continue - -# NOTE (leseb): disable the repo when we are using the Ceph repo for 100-continue packages -- name: disable multiverse repo for trusty - command: "apt-add-repository -r multiverse" - changed_when: false - when: - ansible_lsb.codename in ['trusty'] and - http_100_continue - -# NOTE (leseb): if using 100-continue, add Ceph dev key -- name: install the ceph development repository key - apt_key: > - data="{{ lookup('file', 'cephdev.asc') }}" - state=present - when: http_100_continue - -# NOTE (leseb): if using 100-continue, add Ceph sources and update -- name: add ceph apache and fastcgi sources - apt_repository: > - repo="{{ item }}" - state=present - with_items: - - deb http://gitbuilder.ceph.com/apache2-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main - - deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main - register: purge_default_apache - when: http_100_continue - -# NOTE (leseb): else remove them to ensure you use the default packages -- name: remove ceph apache and fastcgi sources - apt_repository: > - repo="{{ item }}" - state=absent - with_items: - - deb http://gitbuilder.ceph.com/apache2-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main - - deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main - register: purge_ceph_apache - when: not http_100_continue - -# NOTE (leseb): purge Ceph Apache and FastCGI packages if needed -- name: purge ceph apache and fastcgi packages - apt: > - pkg="{{ item }}" - state=absent - purge=yes - with_items: - - apache2 - - apache2-bin - - apache2-data - - apache2-mpm-worker - - apache2-utils - - apache2.2-bin - - apache2.2-common - - libapache2-mod-fastcgi - when: - purge_default_apache.changed or - purge_ceph_apache.changed - -- name: install apache and fastcgi - apt: > - pkg={{ item }} - state=present - update_cache=yes - with_items: - - apache2 - - libapache2-mod-fastcgi - -- name: install default httpd.conf - template: > - src=httpd.conf - dest=/etc/apache2/httpd.conf - owner=root - group=root - -- name: enable some apache mod rewrite and fastcgi - command: "{{ item }}" - with_items: - - a2enmod rewrite - - a2enmod fastcgi - changed_when: false - -- name: install rados gateway vhost - template: > - src=rgw.conf - dest=/etc/apache2/sites-available/rgw.conf - owner=root - group=root - -- name: enable rados gateway vhost and disable default site - command: "{{ item }}" - with_items: - - a2ensite rgw.conf - - a2dissite *default - changed_when: false - ignore_errors: true - notify: - - restart apache2 - -- name: install s3gw.fcgi script - template: > - src=s3gw.fcgi.j2 - dest=/var/www/s3gw.fcgi - mode=0555 - owner=root - group=root diff --git a/roles/ceph-radosgw/tasks/installs/install_redhat.yml b/roles/ceph-radosgw/tasks/installs/install_redhat.yml deleted file mode 100644 index 7531d10b3..000000000 --- a/roles/ceph-radosgw/tasks/installs/install_redhat.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: add ceph extra - template: > - src=ceph-extra.repo - dest=/etc/yum.repos.d - owner=root - group=root - -- name: add special fastcgi repository key - rpm_key: key=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt - -- name: add special fastcgi repository - command: rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm - changed_when: false - -- name: install apache and fastcgi - yum: > - name={{ item }} - state=present - with_items: - - httpd - - mod_fastcgi - - mod_fcgid - -- name: install rados gateway vhost - template: > - src=rgw.conf - dest=/etc/httpd/conf.d/rgw.conf - owner=root - group=root - -- name: install s3gw.fcgi script - template: > - src=s3gw.fcgi.j2 - dest=/var/www/s3gw.fcgi - mode=0555 - owner=root - group=root - -- name: disable default site - shell: sed -i "s/^[^+#]/#/g" /etc/httpd/conf.d/welcome.conf - changed_when: false - notify: - - restart apache2 diff --git a/roles/ceph-radosgw/tasks/main.yml b/roles/ceph-radosgw/tasks/main.yml deleted file mode 100644 index 0ce9168c7..000000000 --- a/roles/ceph-radosgw/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- include: pre_requisite.yml - when: not ceph_containerized_deployment - -- include: ./installs/install_redhat.yml - when: - ansible_os_family == 'RedHat' and - radosgw_frontend == 'apache' and not - ceph_containerized_deployment - -- include: ./installs/install_debian.yml - when: - ansible_os_family == 'Debian' and - radosgw_frontend == 'apache' and not - ceph_containerized_deployment - -- name: install rados gateway - apt: > - pkg=radosgw - state=present - update_cache=yes - when: - ansible_os_family == 'Debian' and not - ceph_containerized_deployment - -- name: install rados gateway - yum: > - name=ceph-radosgw - state=present - when: - ansible_os_family == 'RedHat' and not - ceph_containerized_deployment - -- include: openstack-keystone.yml - when: radosgw_keystone - -- include: start_radosgw.yml - when: not ceph_containerized_deployment - -- include: docker.yml - when: ceph_containerized_deployment diff --git a/roles/ceph-radosgw/tasks/openstack-keystone.yml b/roles/ceph-radosgw/tasks/openstack-keystone.yml deleted file mode 100644 index 24306c2d8..000000000 --- a/roles/ceph-radosgw/tasks/openstack-keystone.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: create nss directory for keystone certificates - file: > - path={{ radosgw_nss_db_path }} - state=directory - owner=root - group=root - mode=0644 - -- name: create nss entries for keystone certificates - shell: "{{ item }}" - with_items: - - "openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey |certutil -d {{ radosgw_nss_db_path }} -A -n ca -t 'TCu,Cu,Tuw'" - - "openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | certutil -A -d {{ radosgw_nss_db_path }} -n signing_cert -t 'P,P,P'" diff --git a/roles/ceph-radosgw/tasks/pre_requisite.yml b/roles/ceph-radosgw/tasks/pre_requisite.yml deleted file mode 100644 index 7710546b3..000000000 --- a/roles/ceph-radosgw/tasks/pre_requisite.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- name: create rados gateway directories - file: > - path={{ item }} - state=directory - owner=root - group=root - mode=0644 - with_items: - - /var/lib/ceph/bootstrap-rgw - - /var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }} - -- name: copy rados gateway bootstrap key - copy: > - src=fetch/{{ fsid }}/var/lib/ceph/bootstrap-rgw/ceph.keyring - dest=/var/lib/ceph/bootstrap-rgw/ceph.keyring - owner=root - group=root - mode=600 - when: cephx - -- name: create rados gateway keyring - command: > - ceph --cluster ceph --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/ceph.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring - creates=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring - changed_when: false - when: cephx - -- name: set rados gateway key permissions - file: > - path=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring - mode=0600 - owner=root - group=root - when: cephx - -- name: activate rados gateway with upstart - file: > - path=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/{{ item }} - state=touch - owner=root - group=root - mode=0644 - with_items: - - done - - upstart - changed_when: false - when: ansible_distribution == "Ubuntu" - -- name: activate rados gateway with sysvinit - file: > - path=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/{{ item }} - state=touch - owner=root - group=root - mode=0644 - with_items: - - done - - sysvinit - changed_when: false - when: ansible_distribution != "Ubuntu" - -- name: generate rados gateway sudoers file - template: > - src=ceph.j2 - dest=/etc/sudoers.d/ceph - owner=root - group=root - mode=0400 - when: ansible_distribution != "Ubuntu" diff --git a/roles/ceph-radosgw/tasks/start_radosgw.yml b/roles/ceph-radosgw/tasks/start_radosgw.yml deleted file mode 100644 index b9c34cc1b..000000000 --- a/roles/ceph-radosgw/tasks/start_radosgw.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: check if rgw is started - command: /etc/init.d/radosgw status - register: rgwstatus - ignore_errors: true - -- name: start rgw - command: /etc/init.d/radosgw start - when: - rgwstatus.rc != 0 and - ansible_distribution != "Ubuntu" and - ansible_os_family != 'RedHat' - -- name: start rgw on ubuntu - service: > - name=radosgw-all - state=started - when: ansible_distribution == 'Ubuntu' - -- name: start rgw on red hat - service: > - name=ceph-radosgw - state=started - enabled=yes - when: ansible_distribution == 'RedHat' diff --git a/roles/ceph-radosgw/templates/ceph-extra.repo b/roles/ceph-radosgw/templates/ceph-extra.repo deleted file mode 100644 index 84a863b7f..000000000 --- a/roles/ceph-radosgw/templates/ceph-extra.repo +++ /dev/null @@ -1,30 +0,0 @@ -# {{ ansible_managed }} - -[ceph-extras] -name=Ceph Extras Packages -baseurl=http://ceph.com/packages/ceph-extras/rpm/{{ redhat_distro_ceph_extra }}/$basearch -enabled=1 -priority=2 -gpgcheck=1 -type=rpm-md -gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc - -{% if (redhat_distro_ceph_extra != "centos6.4" and redhat_distro_ceph_extra != "rhel6.4" and redhat_distro_ceph_extra != "rhel6.5") %} -[ceph-extras-noarch] -name=Ceph Extras noarch -baseurl=http://ceph.com/packages/ceph-extras/rpm/{{ redhat_distro_ceph_extra }}/noarch -enabled=1 -priority=2 -gpgcheck=1 -type=rpm-md -gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc -{% endif %} - -[ceph-extras-source] -name=Ceph Extras Sources -baseurl=http://ceph.com/packages/ceph-extras/rpm/{{ redhat_distro_ceph_extra }}/SRPMS -enabled=1 -priority=2 -gpgcheck=1 -type=rpm-md -gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc diff --git a/roles/ceph-radosgw/templates/ceph.j2 b/roles/ceph-radosgw/templates/ceph.j2 deleted file mode 100644 index d0d31dc00..000000000 --- a/roles/ceph-radosgw/templates/ceph.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -Defaults:{{ radosgw_user }} !requiretty diff --git a/roles/ceph-radosgw/templates/httpd.conf b/roles/ceph-radosgw/templates/httpd.conf deleted file mode 100644 index d82d98aa5..000000000 --- a/roles/ceph-radosgw/templates/httpd.conf +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -ServerName {{ ansible_hostname }} diff --git a/roles/ceph-radosgw/templates/rgw.conf b/roles/ceph-radosgw/templates/rgw.conf deleted file mode 100644 index f934d3adc..000000000 --- a/roles/ceph-radosgw/templates/rgw.conf +++ /dev/null @@ -1,23 +0,0 @@ -# {{ ansible_managed }} - -FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw-{{ ansible_hostname }}.sock - - ServerName {{ ansible_hostname }} - ServerAdmin {{ email_address }}@{{ ansible_fqdn }} - DocumentRoot /var/www - - - - Options +ExecCGI - AllowOverride All - SetHandler fastcgi-script - Order allow,deny - Allow from all - AuthBasicAuthoritative Off - - - - RewriteEngine On - RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] - - diff --git a/roles/ceph-radosgw/templates/s3gw.fcgi.j2 b/roles/ceph-radosgw/templates/s3gw.fcgi.j2 deleted file mode 100644 index f309fff7f..000000000 --- a/roles/ceph-radosgw/templates/s3gw.fcgi.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} -#!/bin/sh -exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.{{ ansible_hostname }} diff --git a/roles/ceph-rgw/defaults/main.yml b/roles/ceph-rgw/defaults/main.yml new file mode 100644 index 000000000..6bb65fe4f --- /dev/null +++ b/roles/ceph-rgw/defaults/main.yml @@ -0,0 +1,30 @@ +--- +# You can override vars by using host or group vars + +## Ceph options +# +cephx: true + +# Used for the sudo exception while starting the radosgw process +# a new entry /etc/sudoers.d/ceph will be created +# allowing root to not require tty +radosgw_user: root + +# Toggle 100-continue support for Apache and FastCGI +# WARNING: Changing this value will cause an outage of Apache while it is reinstalled on RGW nodes +http_100_continue: false + +# Rados Gateway options +redhat_distro_ceph_extra: centos6.4 # supported distros are centos6.3, centos6.4, centos6, fedora18, fedora19, opensuse12.2, rhel6.3, rhel6.4, rhel6.5, rhel6, sles11sp2 +email_address: foo@bar.com +radosgw_frontend: civetweb # we currently only support a single backend + + +########## +# DOCKER # +########## + +ceph_containerized_deployment: false +ceph_rgw_civetweb_port: 80 +ceph_rgw_docker_username: ceph +ceph_rgw_docker_imagename: daemon diff --git a/roles/ceph-rgw/files/cephdev.asc b/roles/ceph-rgw/files/cephdev.asc new file mode 100644 index 000000000..e43bd6c6e --- /dev/null +++ b/roles/ceph-rgw/files/cephdev.asc @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +mQGiBE1Rr28RBADCxdpLV3ea9ocpS/1+UCvHqD5xjmlw/9dmji4qrUX0+IhPMNuA +GBBt2CRaR7ygMF5S0NFXooegph0/+NT0KisLIuhUI3gde4SWb5jsb8hpGUse9MC5 +DN39P46zZSpepIMlQuQUkge8W/H2qBu10RcwQhs7o2fZ1zK9F3MmRCkBqwCggpap +GsOgE2IlWjcztmE6xcPO0wED/R4BxTaQM+jxIjylnHgn9PYy6795yIc/ZoYjNnIh +QyjqbLWnyzeTmjPBwcXNljKqzEoA/Cjb2gClxHXrYAw7bGu7wKbnqhzdghSx7ab+ +HwIoy/v6IQqv+EXZgYHonqQwqtgfAHp5ON2gWu03cHoGkXfmA4qZIoowqMolZhGo +cF30A/9GotDdnMlqh8bFBOCMuxfRow7H8RpfL0fX7VHA0knAZEDk2rNFeebL5QKH +GNJm9Wa6JSVj1NUIaz4LHyravqXi4MXzlUqauhLHw1iG+qwZlPM04z+1Dj6A+2Hr +b5UxI/I+EzmO5OYa38YWOqybNVBH0wO+sMCpdBq0LABa8X29LbRPQ2VwaCBhdXRv +bWF0ZWQgcGFja2FnZSBidWlsZCAoQ2VwaCBhdXRvbWF0ZWQgcGFja2FnZSBidWls +ZCkgPHNhZ2VAbmV3ZHJlYW0ubmV0PohgBBMRAgAgAhsDBgsJCAcDAgQVAggDBBYC +AwECHgECF4AFAlEUm1YACgkQbq6uIgPDlRqTUACeMqJ+vwatwb+y/KWeNfmgtQ8+ +kDwAn0MHwY42Wmb7FA891j88enooCdxRuQQNBE1Rr28QEACKG04kxGY1cwGoInHV +P6z1+8oqGiaiYWFflYRtSiwoUVtl30T1sMOSzoEvmauc+rmBBfsyaBb8DLDUIgGK +v1FCOY/tfqnOyQXotPjgaLeCtK5A5Z5D212wbskf5fRHAxiychwKURiEeesRa7EW +rF6ohFxOTy9NOlFi7ctusShw6Q2kUtN7bQCX9hJdYs7PYQXvCXvW8DNt7IitF7Mp +gMHNcj0wik6p38I4s7pqK6mqP4AXVVSWbJKr/LSz8bI8KhWRAT7erVAZf6FElR2x +ZVr3c4zsE2HFpnZTsM5y/nj8fUkgKGl8OfBuUoh+MCVfnPmE6sgWfDTKkwWtUcmL +6V9UQ1INUJ3sk+XBY9SMNbOn04su9FjQyNEMI/3VK7yuyKBRAN7IIVgP2ch499m6 ++YFV9ZkG3JSTovNiqSpQouW7YPkS+8mxlPo03LQcU5bHeacBl0T8Xjlvqu6q279E +liHul4huKL0+myPN4DtmOTh/kwgSy3BGCBdS+wfAJSZcuKI7pk7pHGCdUjNMHQZm +PFbwzp33bVLd16gnAx0OW5DOn6l0VfgIQNSJ2rn7WZ5jdyg/Flp2VlWVtAHFLzkC +a+LvQ5twSuzrV/VipSr3xz3pTDLY+ZxDztvrgA6AST8+sdq6uQTYjwUQV0wzanvp +9hkC5eqRY6YlzcgMkWFv8DCIEwADBQ//ZQaeVmG6T5vyfXf2JrCipmI4MAdO+ezE +tWE82wgixlCvvm26UmUejCYgtD6DmwY/7/bIjvJDhUwP0+hAHHOpR62gncoMtbMr +yHpm3FvYH58JNk5gx8ZA322WEc2GCRCQzrMQoMKBcpZY/703GpQ4l3RZ7/25gq7A +NohV5zeddFQftc05PMBBJLU3U+lrnahJS1WaOXNQzS6oVj9jNda1jkgcQni6QssS +IMT6rAPsVbGJhe9mxr2VWdQ90QlubpszIeSJuqqJxLwqH8XHXZmQOYxmyVP9a3pF +qWDmsNxDA8ttYnMIc+nUAgCDJ84ScwQ1GvoCUD1b1cFNzvvhEHsNb4D/XbdrFcFG +wEkeyivUsojdq2YnGjYSgauqyNWbeEgBrWzUe5USYysmziL/KAubcUjIbeRGxyPS +6iQ2kbvfEJJPgocWTfLs5j61FObO+MVlj+PEmxWbcsIRv/pnG2V2FPJ8evhzgvp7 +cG9imZPM6dWHzc/ZFdi3Bcs51RtStsvPqXv4icKIi+01h1MLHNBqwuUkIiiK7ooM +lvnp+DiEsVSuYYKBdGTi+4+nduuYL2g8CTNJKZuC46dY7EcE3lRYZlxl7dwN3jfL +PRlnNscs34dwhZa+b70Flia0U1DNF4jrIFFBSHD3TqMg0Z6kxp1TfxpeGOLOqnBW +rr0GKehu9CGISQQYEQIACQIbDAUCURSbegAKCRBurq4iA8OVGv9TAJ9EeXVrRS3p +PZkT1R21FszUc9LvmgCeMduh5IPGFWSx9MjUc7/j1QKYm7g= +=per8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/roles/ceph-rgw/handlers/main.yml b/roles/ceph-rgw/handlers/main.yml new file mode 100644 index 000000000..06c73989a --- /dev/null +++ b/roles/ceph-rgw/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: restart apache2 + service: > + name=apache2 + state=restarted + enabled=yes + when: ansible_os_family == 'Debian' + +- name: restart apache2 + service: > + name=httpd + state=restarted + enabled=yes + when: ansible_os_family == 'RedHat' diff --git a/roles/ceph-rgw/meta/main.yml b/roles/ceph-rgw/meta/main.yml new file mode 100644 index 000000000..9fc270d3b --- /dev/null +++ b/roles/ceph-rgw/meta/main.yml @@ -0,0 +1,14 @@ +--- +galaxy_info: + author: Sébastien Han + description: Installs Ceph Rados Gateway + license: Apache + min_ansible_version: 1.7 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - system +dependencies: + - { role: ceph-common, when: not docker } diff --git a/roles/ceph-rgw/tasks/docker.yml b/roles/ceph-rgw/tasks/docker.yml new file mode 100644 index 000000000..fae1aaa23 --- /dev/null +++ b/roles/ceph-rgw/tasks/docker.yml @@ -0,0 +1,49 @@ +--- +- name: set config and keys paths + set_fact: + ceph_config_keys: + - /etc/ceph/ceph.client.admin.keyring + - /etc/ceph/ceph.conf + - /etc/ceph/monmap + - /etc/ceph/ceph.mon.keyring + - /var/lib/ceph/bootstrap-rgw/ceph.keyring + +- name: install docker-py + pip: > + name=docker-py + version=1.1.0 # https://github.com/ansible/ansible-modules-core/issues/1227 + +- name: stat for ceph config and keys + stat: > + path={{ item }} + with_items: ceph_config_keys + ignore_errors: true + register: statconfig + +- name: try to fetch ceph config and keys + copy: > + src=fetch/docker_mon_files/"{{ item }}" + dest=/etc/ceph/ + owner=root + group=root + mode=600 + with_together: + - ceph_config_keys + - statconfig.results + when: item.1.stat.exists == False + +- name: run the rados gateway docker image + docker: > + image="{{ ceph_rgw_docker_username }}/{{ ceph_rgw_docker_imagename }}" + name=ceph-{{ ansible_hostname }}-rgw + expose={{ ceph_rgw_civetweb_port }} + state=running + env="RGW_CIVETWEB_PORT={{ ceph_rgw_civetweb_port }},CEPH_DAEMON=RGW" + volumes="/var/lib/ceph:/var/lib/ceph,/etc/ceph:/etc/ceph" + +- name: ensure ceph_rgw service is running + docker: > + image="{{ ceph_rgw_docker_username }}/{{ ceph_rgw_docker_imagename }}" + name="ceph-{{ ansible_hostname }}-rgw" + detach=yes + state=running diff --git a/roles/ceph-rgw/tasks/installs/install_debian.yml b/roles/ceph-rgw/tasks/installs/install_debian.yml new file mode 100644 index 000000000..6d39a4490 --- /dev/null +++ b/roles/ceph-rgw/tasks/installs/install_debian.yml @@ -0,0 +1,144 @@ +--- +- name: add ceph extra + apt_repository: > + repo="deb http://ceph.com/packages/ceph-extras/debian {{ ansible_lsb.codename }} main" + state=present + when: ansible_lsb.codename in ['natty', 'oneiric', 'precise', 'quantal', 'raring', 'sid', 'squeeze', 'wheezy'] + +# NOTE (leseb): needed for Ubuntu 12.04 to have access to libapache2-mod-fastcgi if 100-continue isn't being used +- name: enable multiverse repo for precise + apt_repository: > + repo="{{ item }}" + state=present + with_items: + - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }} multiverse + - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-updates multiverse + - deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security multiverse + when: + ansible_lsb.codename in ['precise'] and not + http_100_continue + +# NOTE (leseb): disable the repo when we are using the Ceph repo for 100-continue packages +- name: disable multiverse repo for precise + apt_repository: > + repo="{{ item }}" + state=absent + with_items: + - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }} multiverse + - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-updates multiverse + - deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security multiverse + when: + ansible_lsb.codename in ['precise'] and + http_100_continue + +# NOTE (leseb): needed for Ubuntu 14.04 to have access to libapache2-mod-fastcgi if 100-continue isn't being used +- name: enable multiverse repo for trusty + command: "apt-add-repository multiverse" + changed_when: false + when: + ansible_lsb.codename in ['trusty'] and not + http_100_continue + +# NOTE (leseb): disable the repo when we are using the Ceph repo for 100-continue packages +- name: disable multiverse repo for trusty + command: "apt-add-repository -r multiverse" + changed_when: false + when: + ansible_lsb.codename in ['trusty'] and + http_100_continue + +# NOTE (leseb): if using 100-continue, add Ceph dev key +- name: install the ceph development repository key + apt_key: > + data="{{ lookup('file', 'cephdev.asc') }}" + state=present + when: http_100_continue + +# NOTE (leseb): if using 100-continue, add Ceph sources and update +- name: add ceph apache and fastcgi sources + apt_repository: > + repo="{{ item }}" + state=present + with_items: + - deb http://gitbuilder.ceph.com/apache2-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main + - deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main + register: purge_default_apache + when: http_100_continue + +# NOTE (leseb): else remove them to ensure you use the default packages +- name: remove ceph apache and fastcgi sources + apt_repository: > + repo="{{ item }}" + state=absent + with_items: + - deb http://gitbuilder.ceph.com/apache2-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main + - deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main + register: purge_ceph_apache + when: not http_100_continue + +# NOTE (leseb): purge Ceph Apache and FastCGI packages if needed +- name: purge ceph apache and fastcgi packages + apt: > + pkg="{{ item }}" + state=absent + purge=yes + with_items: + - apache2 + - apache2-bin + - apache2-data + - apache2-mpm-worker + - apache2-utils + - apache2.2-bin + - apache2.2-common + - libapache2-mod-fastcgi + when: + purge_default_apache.changed or + purge_ceph_apache.changed + +- name: install apache and fastcgi + apt: > + pkg={{ item }} + state=present + update_cache=yes + with_items: + - apache2 + - libapache2-mod-fastcgi + +- name: install default httpd.conf + template: > + src=httpd.conf + dest=/etc/apache2/httpd.conf + owner=root + group=root + +- name: enable some apache mod rewrite and fastcgi + command: "{{ item }}" + with_items: + - a2enmod rewrite + - a2enmod fastcgi + changed_when: false + +- name: install rados gateway vhost + template: > + src=rgw.conf + dest=/etc/apache2/sites-available/rgw.conf + owner=root + group=root + +- name: enable rados gateway vhost and disable default site + command: "{{ item }}" + with_items: + - a2ensite rgw.conf + - a2dissite *default + changed_when: false + ignore_errors: true + notify: + - restart apache2 + +- name: install s3gw.fcgi script + template: > + src=s3gw.fcgi.j2 + dest=/var/www/s3gw.fcgi + mode=0555 + owner=root + group=root diff --git a/roles/ceph-rgw/tasks/installs/install_redhat.yml b/roles/ceph-rgw/tasks/installs/install_redhat.yml new file mode 100644 index 000000000..7531d10b3 --- /dev/null +++ b/roles/ceph-rgw/tasks/installs/install_redhat.yml @@ -0,0 +1,44 @@ +--- +- name: add ceph extra + template: > + src=ceph-extra.repo + dest=/etc/yum.repos.d + owner=root + group=root + +- name: add special fastcgi repository key + rpm_key: key=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt + +- name: add special fastcgi repository + command: rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm + changed_when: false + +- name: install apache and fastcgi + yum: > + name={{ item }} + state=present + with_items: + - httpd + - mod_fastcgi + - mod_fcgid + +- name: install rados gateway vhost + template: > + src=rgw.conf + dest=/etc/httpd/conf.d/rgw.conf + owner=root + group=root + +- name: install s3gw.fcgi script + template: > + src=s3gw.fcgi.j2 + dest=/var/www/s3gw.fcgi + mode=0555 + owner=root + group=root + +- name: disable default site + shell: sed -i "s/^[^+#]/#/g" /etc/httpd/conf.d/welcome.conf + changed_when: false + notify: + - restart apache2 diff --git a/roles/ceph-rgw/tasks/main.yml b/roles/ceph-rgw/tasks/main.yml new file mode 100644 index 000000000..0ce9168c7 --- /dev/null +++ b/roles/ceph-rgw/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- include: pre_requisite.yml + when: not ceph_containerized_deployment + +- include: ./installs/install_redhat.yml + when: + ansible_os_family == 'RedHat' and + radosgw_frontend == 'apache' and not + ceph_containerized_deployment + +- include: ./installs/install_debian.yml + when: + ansible_os_family == 'Debian' and + radosgw_frontend == 'apache' and not + ceph_containerized_deployment + +- name: install rados gateway + apt: > + pkg=radosgw + state=present + update_cache=yes + when: + ansible_os_family == 'Debian' and not + ceph_containerized_deployment + +- name: install rados gateway + yum: > + name=ceph-radosgw + state=present + when: + ansible_os_family == 'RedHat' and not + ceph_containerized_deployment + +- include: openstack-keystone.yml + when: radosgw_keystone + +- include: start_radosgw.yml + when: not ceph_containerized_deployment + +- include: docker.yml + when: ceph_containerized_deployment diff --git a/roles/ceph-rgw/tasks/openstack-keystone.yml b/roles/ceph-rgw/tasks/openstack-keystone.yml new file mode 100644 index 000000000..24306c2d8 --- /dev/null +++ b/roles/ceph-rgw/tasks/openstack-keystone.yml @@ -0,0 +1,14 @@ +--- +- name: create nss directory for keystone certificates + file: > + path={{ radosgw_nss_db_path }} + state=directory + owner=root + group=root + mode=0644 + +- name: create nss entries for keystone certificates + shell: "{{ item }}" + with_items: + - "openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey |certutil -d {{ radosgw_nss_db_path }} -A -n ca -t 'TCu,Cu,Tuw'" + - "openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | certutil -A -d {{ radosgw_nss_db_path }} -n signing_cert -t 'P,P,P'" diff --git a/roles/ceph-rgw/tasks/pre_requisite.yml b/roles/ceph-rgw/tasks/pre_requisite.yml new file mode 100644 index 000000000..7710546b3 --- /dev/null +++ b/roles/ceph-rgw/tasks/pre_requisite.yml @@ -0,0 +1,70 @@ +--- +- name: create rados gateway directories + file: > + path={{ item }} + state=directory + owner=root + group=root + mode=0644 + with_items: + - /var/lib/ceph/bootstrap-rgw + - /var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }} + +- name: copy rados gateway bootstrap key + copy: > + src=fetch/{{ fsid }}/var/lib/ceph/bootstrap-rgw/ceph.keyring + dest=/var/lib/ceph/bootstrap-rgw/ceph.keyring + owner=root + group=root + mode=600 + when: cephx + +- name: create rados gateway keyring + command: > + ceph --cluster ceph --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/ceph.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring + creates=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring + changed_when: false + when: cephx + +- name: set rados gateway key permissions + file: > + path=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring + mode=0600 + owner=root + group=root + when: cephx + +- name: activate rados gateway with upstart + file: > + path=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/{{ item }} + state=touch + owner=root + group=root + mode=0644 + with_items: + - done + - upstart + changed_when: false + when: ansible_distribution == "Ubuntu" + +- name: activate rados gateway with sysvinit + file: > + path=/var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/{{ item }} + state=touch + owner=root + group=root + mode=0644 + with_items: + - done + - sysvinit + changed_when: false + when: ansible_distribution != "Ubuntu" + +- name: generate rados gateway sudoers file + template: > + src=ceph.j2 + dest=/etc/sudoers.d/ceph + owner=root + group=root + mode=0400 + when: ansible_distribution != "Ubuntu" diff --git a/roles/ceph-rgw/tasks/start_radosgw.yml b/roles/ceph-rgw/tasks/start_radosgw.yml new file mode 100644 index 000000000..b9c34cc1b --- /dev/null +++ b/roles/ceph-rgw/tasks/start_radosgw.yml @@ -0,0 +1,25 @@ +--- +- name: check if rgw is started + command: /etc/init.d/radosgw status + register: rgwstatus + ignore_errors: true + +- name: start rgw + command: /etc/init.d/radosgw start + when: + rgwstatus.rc != 0 and + ansible_distribution != "Ubuntu" and + ansible_os_family != 'RedHat' + +- name: start rgw on ubuntu + service: > + name=radosgw-all + state=started + when: ansible_distribution == 'Ubuntu' + +- name: start rgw on red hat + service: > + name=ceph-radosgw + state=started + enabled=yes + when: ansible_distribution == 'RedHat' diff --git a/roles/ceph-rgw/templates/ceph-extra.repo b/roles/ceph-rgw/templates/ceph-extra.repo new file mode 100644 index 000000000..84a863b7f --- /dev/null +++ b/roles/ceph-rgw/templates/ceph-extra.repo @@ -0,0 +1,30 @@ +# {{ ansible_managed }} + +[ceph-extras] +name=Ceph Extras Packages +baseurl=http://ceph.com/packages/ceph-extras/rpm/{{ redhat_distro_ceph_extra }}/$basearch +enabled=1 +priority=2 +gpgcheck=1 +type=rpm-md +gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc + +{% if (redhat_distro_ceph_extra != "centos6.4" and redhat_distro_ceph_extra != "rhel6.4" and redhat_distro_ceph_extra != "rhel6.5") %} +[ceph-extras-noarch] +name=Ceph Extras noarch +baseurl=http://ceph.com/packages/ceph-extras/rpm/{{ redhat_distro_ceph_extra }}/noarch +enabled=1 +priority=2 +gpgcheck=1 +type=rpm-md +gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc +{% endif %} + +[ceph-extras-source] +name=Ceph Extras Sources +baseurl=http://ceph.com/packages/ceph-extras/rpm/{{ redhat_distro_ceph_extra }}/SRPMS +enabled=1 +priority=2 +gpgcheck=1 +type=rpm-md +gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc diff --git a/roles/ceph-rgw/templates/ceph.j2 b/roles/ceph-rgw/templates/ceph.j2 new file mode 100644 index 000000000..d0d31dc00 --- /dev/null +++ b/roles/ceph-rgw/templates/ceph.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +Defaults:{{ radosgw_user }} !requiretty diff --git a/roles/ceph-rgw/templates/httpd.conf b/roles/ceph-rgw/templates/httpd.conf new file mode 100644 index 000000000..d82d98aa5 --- /dev/null +++ b/roles/ceph-rgw/templates/httpd.conf @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +ServerName {{ ansible_hostname }} diff --git a/roles/ceph-rgw/templates/rgw.conf b/roles/ceph-rgw/templates/rgw.conf new file mode 100644 index 000000000..f934d3adc --- /dev/null +++ b/roles/ceph-rgw/templates/rgw.conf @@ -0,0 +1,23 @@ +# {{ ansible_managed }} + +FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw-{{ ansible_hostname }}.sock + + ServerName {{ ansible_hostname }} + ServerAdmin {{ email_address }}@{{ ansible_fqdn }} + DocumentRoot /var/www + + + + Options +ExecCGI + AllowOverride All + SetHandler fastcgi-script + Order allow,deny + Allow from all + AuthBasicAuthoritative Off + + + + RewriteEngine On + RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] + + diff --git a/roles/ceph-rgw/templates/s3gw.fcgi.j2 b/roles/ceph-rgw/templates/s3gw.fcgi.j2 new file mode 100644 index 000000000..f309fff7f --- /dev/null +++ b/roles/ceph-rgw/templates/s3gw.fcgi.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} +#!/bin/sh +exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.{{ ansible_hostname }} diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml deleted file mode 100644 index 1e9098816..000000000 --- a/roles/haproxy/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# You can override vars by using host or group vars - -rgw_group_name: rgws - -# Rados Gateway options -radosgw_interface: eth1 # the public interface which the radosgw talks to the world with, this variable is used in the haproxy role, this does not need to be set if haproxy is not used. diff --git a/roles/haproxy/files/precise/haproxy b/roles/haproxy/files/precise/haproxy deleted file mode 100644 index 9a2ee791c..000000000 --- a/roles/haproxy/files/precise/haproxy +++ /dev/null @@ -1,4 +0,0 @@ -# Set ENABLED to 1 if you want the init script to start haproxy. -ENABLED=1 -# Add extra flags here. -#EXTRAOPTS="-de -m 16" diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml deleted file mode 100644 index bbc920704..000000000 --- a/roles/haproxy/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -## Check distribution release -# - -- include: precise.yml - when: ansible_distribution_release == 'precise' diff --git a/roles/haproxy/handlers/precise.yml b/roles/haproxy/handlers/precise.yml deleted file mode 100644 index f2e666cf5..000000000 --- a/roles/haproxy/handlers/precise.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart haproxy - service: > - name=haproxy - state=restarted diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml deleted file mode 100644 index bbc920704..000000000 --- a/roles/haproxy/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -## Check distribution release -# - -- include: precise.yml - when: ansible_distribution_release == 'precise' diff --git a/roles/haproxy/tasks/precise.yml b/roles/haproxy/tasks/precise.yml deleted file mode 100644 index 428b054e9..000000000 --- a/roles/haproxy/tasks/precise.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Add repository - apt_repository: > - repo=ppa:vbernat/haproxy-1.5 - state=present - -- name: Install haproxy - apt: > - name={{ item }} - state=present - with_items: - - haproxy - - socat - -- name: Copy default configuration - copy: > - src=precise/haproxy - dest=/etc/default/haproxy - notify: restart haproxy - -- name: Create configuration - template: > - src=precise/haproxy.cfg - dest=/etc/haproxy/haproxy.cfg - backup=yes - notify: restart haproxy - -- name: Start and enable haproxy - service: > - name=haproxy - state=started - enabled=yes diff --git a/roles/haproxy/templates/precise/haproxy.cfg b/roles/haproxy/templates/precise/haproxy.cfg deleted file mode 100644 index 1bbd32534..000000000 --- a/roles/haproxy/templates/precise/haproxy.cfg +++ /dev/null @@ -1,58 +0,0 @@ -# -# {{ ansible_managed }} -# -global - log /dev/log local0 - log /dev/log local1 notice - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - stats socket /var/lib/haproxy/stats level admin - -defaults - log global - mode http - option httplog - option dontlognull - contimeout 5000 - clitimeout 50000 - srvtimeout 50000 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - -frontend http_frontend - bind *:80 - mode http - option httpclose - option forwardfor - default_backend rgw - -frontend https_frontend - bind *:443 ssl crt /etc/ceph/radosgw-key-cert.pem - mode http - option httpclose - option forwardfor - reqadd X-Forwarded-Proto:\ https - default_backend rgw - -backend rgw - mode http - balance roundrobin - cookie RADOSGWLB insert indirect nocache -{% for host in groups[rgw_group_name] %} - server {{ hostvars[host].ansible_hostname }} {{ hostvars[host]['ansible_' + radosgw_interface ].ipv4.address }}:80 check cookie {{ hostvars[host].ansible_hostname }} -{% endfor %} - -listen stats :8080 - mode http - stats enable - stats hide-version - stats realm Haproxy\ Statistics - stats uri / - #stats auth Username:Password diff --git a/rolling_update.yml b/rolling_update.yml index fbc5c091c..5465d3ebe 100644 --- a/rolling_update.yml +++ b/rolling_update.yml @@ -170,7 +170,7 @@ roles: - ceph-common - - ceph-radosgw + - ceph-rgw post_tasks: - name: restart rados gateway server(s) diff --git a/site.yml b/site.yml index faaeab4f1..411b4787d 100644 --- a/site.yml +++ b/site.yml @@ -20,4 +20,4 @@ - hosts: rgws sudo: True roles: - - ceph-radosgw + - ceph-rgw diff --git a/test.yml b/test.yml index 7b94da40e..28dbfdcb9 100644 --- a/test.yml +++ b/test.yml @@ -6,5 +6,4 @@ - ceph-mon - ceph-osd - ceph-mds - - ceph-radosgw - - haproxy + - ceph-rgw