git-server-git.apps.pok.os.sepia.ceph.com Git

roles: remove leftover from pr #4319

pr #4319 introduced some uesless `become: true` on systemd tasks.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 1db8fa89895546571a831289ebbe0f83d02b1e0a)

Vagrantfile: fallback on 'varant_variables.yml.sample'

When using a vagrant command from the root directory of the repo, it
throws an error if no 'vagrant_variables.yml' file is present.

```
Message: Errno::ENOENT: No such file or directory @ rb_sysopen - /home/guits/workspaces/ceph-ansible/vagrant_variables.yml
```

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 3d27f9e7dc7ee775be57c27c3620009f9935ddcc)

update: gather facts only one time

this play doesn't need to gather facts from localhost

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit c14e9114baebd155996b42b18744567698178836)

ceph-mon: do not log monitor keyring

We don't want to display the keyring in the ansible log.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit e44075abd607648da88b4e3555353a99ecb171a6)

common: do not log keyring secret

let's not display any keyring secret by default in ansible log.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1980744
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 7511195738e9d1e8f3d3ec77ad4473fa90d17d22)

ceph-rgw: Work around Jinja2 < 2.8 missng eq test

EL7 ships with Jinja2 version 2.7, which is missing the `eq` test.

Work around this by using `match` instead.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>

ceph-rgw: Set pg_num on RGW pool if required

If the `pg_num` value specified in `rgw_create_pools` is different from the
actual value in the cluster, apply it with `ceph osd pool set`.

This corresponds to the behavior of the `ceph_pool` module used in Ceph Ansible
5.0 onward.

Also avoid setting the pool application if it's already done.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>

switch2container: fix mon quorum check

This was reverted by 7ddbe74

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1990733
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

ceph-dashboard: fix TLS cert openssl generation

With OpenSSL version prior 1.1.1 (like CentOS 7 with 1.0.2k), the -addext
doesn't exist.
As a solution, this uses the default openssl.cnf configuration file as a
template and add the subjectAltName in the v3_ca section. This temp openssl
configuration file is removed after the TLS certificate creation.
This patch also move the run_once statement at the block level.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 5e0ace7e5493f7d8299155e915435691a0f1a007)

dashboard: subj_alt_names fact refactor

the current way the variable is built results in:

```
2021-08-03 04:18:23,020 - ceph.ceph - INFO - ok: [ceph-sangadi-4x-indpt6-node1-installer] => changed=false
  ansible_facts:
    subj_alt_names: |-
      subjectAltName=ceph-sangadi-4x-indpt6-node1-installer/subjectAltName=10.0.210.223/subjectAltName=ceph-sangadi-4x-indpt6-node1-installersubjectAltName=ceph-sangadi-4x-indpt6-node2/subjectAltName=10.0.210.252/subjectAltName=ceph-sangadi-4x-indpt6-node2/
```

which is incorrect.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 6f1a0634f73ad1f41af613a9452dc9c5f70b2702)

Fixes typo in rgw-add-users-buckets playbook

Signed-off-by: VasishtaShastry <vipin.indiasmg@gmail.com>
(cherry picked from commit 478d9fdcb6fe6fb6ef7d00c9fe09dd48acd345cd)

add-osd: use container_exec_cmd fact from mon host

Because we're delegating the task to the first monitor node, we need to be
sure that the container_exec_cmd fact is the one from that node too otherwise
we could have a mismatch on the ceph-mon container name.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1990772
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

podman pids.max default value is 2048, docker's one is 4096 which are
sufficient for the default value (512) of rgw thread pool size.
But if its value is increased near to the pids-limit value,
it does not leave place for the other processes to spawn and run within
the container and the container crashes.

pids-limit set to unlimited regardless of the container engine.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987041
Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 9b5d97adb95a788bc1fdedbba562a9c71a1808be)

infra: use dedicated variables for balancer status

The balancer status is registered during the cephadm-adopt, rolling_update
and swith2container playbooks. But it is also used in the ceph-handler role
which is included in those playbooks too.
Even if the ceph-handler tasks are skipped for rolling_update and
switch2container, the balancer_status variable is erased with the skip task
result.

play1:
  register: balancer_status
play2:
  register: balancer_status <-- skipped
play3:
  when: (balancer_status.stdout | from_json)['active'] | bool

This leads to issue like:

The conditional check '(balancer_status.stdout | from_json)['active'] | bool'
failed. The error was: Unexpected templating type error occurred on
({% if (balancer_status.stdout | from_json)['active'] | bool %} True
{% else %} False {% endif %}): expected string or buffer.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1982054
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 386661699bcfe05a220de6d58b9d50baa7eb6dc1)

osds: use osd pool ls instead of osd dump command

The ceph osd pool ls detail command is a subset of the ceph osd dump
command.

$ ceph osd dump --format json|wc -c
10117
$ ceph osd pool ls detail --format json|wc -c
4740

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 06471a4b82d63ebb35f80d45aa6ae629a4daeedc)

rolling_update: get ceph version when mons exist

eec3878 introduced a regression for upgrade scenarios where there's no
monitor nodes at all (like ganesha standalone, external clients, etc..)

TASK [get the ceph release being deployed] ************************************
task path: infrastructure-playbooks/rolling_update.yml:121
Thursday 29 July 2021 15:55:29 +0000 (0:00:00.484) 0:00:15.802 *********
fatal: [client0]: FAILED! =>
msg: '''dict object'' has no attribute ''mons'''

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit e87a47cf0cc0d01050d0cb94cabbb8bc42db0c57)

infrastructure-playbooks: Get Ceph info in check mode

In the `set osd flags` block, run the Ceph commands that gather information
from the cluster (and don't make any changes to it) even when running in check
mode.

This allows the tasks that depend on the variables set by those tasks to
succeed in check mode.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit d7653dca95247e52c4a6821c1eec00748263082a)

ceph-handler: Fix osd handler in check mode

Run the Ceph commands that only gather information (without making any changes
to the cluster) when running Ansible in check mode.

This allows the tasks that depend on the variables set by those tasks to
succeed in check mode.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 498acd7527410f7f359b2b0181e83ca39c682ec0)

library: remove unused module import

Move the import at the top of the file and remove unused module import.

- E402 module level import not at top of file
- F401 'xxxx' imported but unused

This also removes the '# noqa E402' statement from the code.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 2138a00a3294b222d5e8325495300841ed5a7f5f)

library: flake8 ceph-ansible modules

This commit ensure all ceph-ansible modules pass flake8 properly.

Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit beda1fe77381fbacb40fb75e5c06f36fbbad4a4a)

ceph-defaults: add missing grafana dashboards

The radosgw-sync-overview and rbd-details grafana dashboars were missing
from the list.

Closes: #6758
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit f0ccf3ebf0b1ad6737f0d65174c0024b49db00a4)

update: check the ceph release

Check early which Ceph release is going to be deployed and fail if it
doesn't correspond to the ceph-ansible version being used.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978643
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit eec38784ecfaae6bf51af6cc5e3aea934d1d3d58)

alertmanager: allow disable dashboard tls verify

When using self-signed/untrusted CA certificates, alertmanager displays
an error in logs. With this commit this should make those messages
disappear.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1936299
Co-authored-by: Guillaume Abrioux <gabrioux@redhat.com>
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 9f77b929d145512e0d8886b96caf6047c5072a68)

dashboard: support dedicated network for the dashboard

This introduces a new variable `dashboard_network` in order to support
deploying the dashboard on a different subnet.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f4f73b61972f416db9fe6ec305de282094581e07)

multisite: use node fqdn for endpoints when https

When the rgw_multisite_proto variable is set to https then we shoudn't use
the IP address in the zone endpoints list but the node FQDN to match the
TLS certificate CN.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1965504
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit ad05a0816048a69adba0e9b27683ed799e3c40bd)

purge: support osd_auto_discovery

This adds a task that zaps by osd id so we can support the scenario
where osds were deployed with `osd_auto_discovery` is true.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1876860
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 4144074a50ffd1e8893e3af2242fc44a23fd9c3e)

purge: merge playbooks

This refactor merges the two playbooks so we only have to maintain 1
playbook.
(Symlink the old purge-container-cluster.yml playbook for backward
compatibility).

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 17cd83bf3a35b482fa453b6bef8445e5e1ad8bce)

purge: drop variables from 'hosts' sections

Those variables are useless given this is not possible to override them.
Let's replace them with the hardcoded name instead.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 6b50401d0c2021fe691ee4f2be083b059d991c8b)

purge: reindent playbook

This commit reindents the playbook.
Also improve readability by adding an extra line between plays.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 60aa70a12820835412835063972c34a1c93cac7d)

ceph-mgr: don't install dashboard pkg by default

This is a partial backport of 2547ab60.

We are currently installing the ceph-mgr-dashboard package even if the
dashboard_enabled variable is set to false.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

ceph-mgr: move mgr module list to common

Populating the ceph_mgr_modules list in the mgr_modules doesn't make sense
since that file is only executed if the list isn't empty or we're using the
dashboard.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit cd06e7c046b3e56920b1f9bdc1907429382bee5c)

ceph-nfs: allow overriding NFS_CORE_PARAM

We already have config override variables for existing block (like
ganesha_ceph_export_overrides, ganesha_log_overrides, etc...) or a
global one (ganesha_conf_overrides) but redefining the NFS_CORE_PARAM
block in that variable will erase all previous values (currently only
Bind_Addr).

ganesha_core_param_overrides: |
Enable_UDP = false;
NFS_Port = 2050;

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1941775
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 9817d29543099ca640ce8b23da2ab9f26179cba5)

lib/ceph-volume: support zapping by osd_id

This commit adds the support for zapping an osd by osd_id in the
ceph_volume module.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 70f1d6e2cd9ed4abb4db599f9faa816703430d80)

rolling_update: check quorum state before upgrade

If one a the monitor is out of the quorum then nothing prevents the upgrade
playbook to run.
We only check if we have at least three monitor nodes but we should also
check if those monitor nodes are correctly present in the quorum.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1952571
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 97148dd58c77a84aff1235dc9be3cb8c9d73cc09)

ceph-facts: move device facts to its own file

Instead of reusing the condition 'inventory_hostname in groups[osds]'
on each device facts tasks then we can move all the tasks into a
dedicated file and set the condition on the import_tasks statement.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit d704b05e52d10910cd68c49033933bd7e6ded268)

ceph-validate: check logical volumes

We currently don't check if the logical volume used in lvm_volumes list
for either bluestore data/db/wal or filestore data/journal exist.
We're only doing this on raw devices for batch scenario.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 55bca07cb612b766bc099e14e0a5661185a7f9a6)

ceph-validate: check db/journal/wal devices too

When using dedicated devices for db/journal/wal objecstore with
ceph-volume lvm batch then we should also validate that those devices
exist and don't use a gpt partition table in addition of the devices
and lvm_volume.data variables.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 808e7106dec5f3f7a743fe343ba3023c9390a1ba)

ceph-validate: use root device from ansible_mounts

Instead of using findmnt command to find the device associated to the
root mount point then we can use the ansible_mounts fact.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 7e50380f7fc101bf3533fff2d9c3082a59c54399)

ceph-validate: do not resolve devices

This is already done in the ceph-facts role.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 0df99dda8d8c5e1e9ce4384b480401043eaad07e)

ceph-validate: check block presence first

Instead of doing two parted calls we can check first if the device exist
and then test the partition table.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 14d458b3b41ef5fe1ebdb8a70e52a65ff28b42f2)

ceph-validate: check devices from lvm_volumes

2888c08 introduced a regression as the check_devices tasks file was
only included based on the devices variable.
But that file also validate some devices from the lvm_volumes variable.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1906022
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit ac0342b72e045b96a31bed23c6baeceeecca7f23)

infra: add playbook to purge dashboard/monitoring

The dashboard/monitoring stack can be deployed via the dashboard_enabled
variable. But there's nothing similar if we can to remove that part only
and keep the ceph cluster up and running.
The current purge playbooks remove everything.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1786691
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 8e4ef7d6da5bc73d47be93281ecae2b3c6fa826f)

monitoring: use config_template module for config

The alertmanager, grafana and prometheus configuration file are
generated with the template module which doesn't allow for using
config overrides.
Instead we could use the config_template plugin action and add a
new variable for overrides (one for each component).

With this patch, one should be able to add configuration to
prometheus with the following:

---
alertmanager_conf_overrides:
global:
smtp_smarthost: 'localhost:25'
...

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1902999
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 5a410263470932f2f1a22572e0f2c42939591402)

common: remove unnecessary run_once statements

1303611 introduced tasks for disabling the pg_autoscaler on pools and
the balancer but thoses tasks are already executed on the first monitor
node so we don't need to add the run_once statement.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 738fa9428a3c0c9ed0dd1aec566e807ad072daad)

common: fix py2 pool_list from_json when skipped

When using python 2 and the task with a loop is skipped then it generates
an error.

Unexpected templating type error occurred on
({{ (pool_list.stdout | from_json)['pools'] }}): expected string or buffer

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit cf6e33346e09e680d9b69cafdc24fdd8801cdbf4)

common: disable/enable pg_autoscaler

The PG autoscaler can disrupt the PG checks so the idea here is to
disable it and re-enable it back after the restart is done.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 13036115e2862fc8ca9c04e1379fd793e0e7036a)

Sensitive key data now hidden in output log

Fixes: #6529
Signed-off-by: Neelaksh Singh <neelaksh48@gmail.com>
(cherry picked from commit d18a9860cde2981bcd71198f152924cc6cf05932)

update: fail the playbook if straw2 conversion failed

It's better to fail the playbook so the user is aware the straw2
migration has failed.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit c396122ad9acda19462c7da363696e174b8162d1)

update: followup on pr #6689

add mising 'osd' command.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 4eb4268deea262d09898d21fa815912439cecfa5)

update: convert straw bucket

After an upgrade, the presence of straw buckets will produce the
following warning (HEALTH_WARN):

```
crush map has legacy tunables (require firefly, min is hammer)
```

because straw bucket is a firefly feature it needs to be converted to
straw2.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967964
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit eee576477c73d2585a824814e3b4d85f0c12e8fd)

Revert "ceph-validate: check devices from lvm_volumes"

This reverts commit 3557497336338ab2227bcb7c2373047291b4bc73.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

Revert "ceph-validate: check block presence first"

This reverts commit 4f89cdcd457debac5fbcd4e4e8ed22f6fb20e771.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

Revert "ceph-validate: do not resolve devices"

This reverts commit 2020b1310c1717c807a9baf9ef7be92bdc9c6a11.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

Revert "ceph-validate: use root device from ansible_mounts"

This reverts commit b1542fd3403b18eaeba7b336d5225047b1560027.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

Revert "ceph-validate: check db/journal/wal devices too"

This reverts commit d6f3e6eac35a604a41fc397fdb1c4aaca27b4749.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

Revert "ceph-validate: check logical volumes"

This reverts commit d7cefe0536f4ac3c1dd9010904afa5f3ebb852d4.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

Revert "ceph-facts: move device facts to its own file"

This reverts commit 9f1ec38bbf9fbc341f53c080f6cec7a268cc13b1.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

dashboard: remove "certificate is valid for" error

When deploying dashboard with ssl certificates generated by
ceph-ansible, we enforce the CN to 'ceph-dashboard' which can makes
application such alertmanager complain like following:

`err="Post https://mgr0:8443/api/prometheus_receiver: x509: certificate is valid for ceph-dashboard, not mgr0" context_err="context deadline exceeded"`

The idea here is to add alternative names matching all mgr/mon instances
in the certificate so this error won't appear in logs.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1978869
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 72a0336c71cee8bd0a375ac47cb45a292844edc8)

ceph-crash: add install checkpoint

The ceph crash insatll checkpoint callback was missing in the main
playbooks.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 993d06c4d92f8a0be6441dd7647a27d6b58bcb9b)

ceph-facts: move device facts to its own file

Instead of reusing the condition 'inventory_hostname in groups[osds]'
on each device facts tasks then we can move all the tasks into a
dedicated file and set the condition on the import_tasks statement.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit d704b05e52d10910cd68c49033933bd7e6ded268)

ceph-validate: check logical volumes

We currently don't check if the logical volume used in lvm_volumes list
for either bluestore data/db/wal or filestore data/journal exist.
We're only doing this on raw devices for batch scenario.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 55bca07cb612b766bc099e14e0a5661185a7f9a6)

ceph-validate: check db/journal/wal devices too

When using dedicated devices for db/journal/wal objecstore with
ceph-volume lvm batch then we should also validate that those devices
exist and don't use a gpt partition table in addition of the devices
and lvm_volume.data variables.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 808e7106dec5f3f7a743fe343ba3023c9390a1ba)

ceph-validate: use root device from ansible_mounts

Instead of using findmnt command to find the device associated to the
root mount point then we can use the ansible_mounts fact.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 7e50380f7fc101bf3533fff2d9c3082a59c54399)

ceph-validate: do not resolve devices

This is already done in the ceph-facts role.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 0df99dda8d8c5e1e9ce4384b480401043eaad07e)

ceph-validate: check block presence first

Instead of doing two parted calls we can check first if the device exist
and then test the partition table.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 14d458b3b41ef5fe1ebdb8a70e52a65ff28b42f2)

ceph-validate: check devices from lvm_volumes

2888c08 introduced a regression as the check_devices tasks file was
only included based on the devices variable.
But that file also validate some devices from the lvm_volumes variable.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1906022
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit ac0342b72e045b96a31bed23c6baeceeecca7f23)

prometheus: fix prometheus target url

The prometheus service isn't binding on localhost.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1933560
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 1d56818658ebba36cce5f93fa4c5e2bcac310561)

purge: add monitoring group in final cleanup play

This adds the monitoring group in the "final cleanup play" so any cid
files generated are well removed when purging the cluster.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1974536
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 037d8cd05e012dd71a6c0aedbdfcf4aa1c15b992)

ceph_key: handle error in a better way

When calling the `ceph_key` module with `state: info`, if the ceph
command called fails, the actual error is hidden by the module which
makes it pretty difficult to troubleshoot.

The current code always states that if rc is not equal to 0 the keyring
doesn't exist.

`state: info` should always return the actual rc, stdout and stderr.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1964889
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit d58500ade01c7c4cc20b6bbaf8f5789d825b8d1b)

container: set tcmalloc value by default

All ceph daemons need to have the TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES
environment variable set to 128MB by default in container setup.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1970913
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 9758e3c51303faf89d5c489f04539e278c49477e)

dashboard: Add new prometheus alert

It was requested for us to update our alerting definitions to include a
slow OSD Ops health check.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1951664
Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit 2491d4e004c7b162216bc17e2288f05d0b049a87)

update: do not gather facts on each play

There's no benefit to gather facts again on each play in
rolling_update.yml

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 2c77d0094c9bab02dee32a144faf5168262049df)

tests: remove legacy file

This inventory isn't used anywhere.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 304d1cbb97e52f1546f98171ba7b7b6a658c85c1)

shrink-mgr: modify existing mgr check

Do not rely on the inventory aliases in order to check if the selected
manager to be removed is present.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967897
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 26a7256c4cec17fc9bc20a239c112cbf8584be09)

workflows: add signed-off check

This adds a github workflow for checking the signed off line in commit
messages.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 8c09497567308bac75212be77cdb7b1928d2d9a2)

workflow: add group_vars/defaults checks

let's use github workflow for checking defaults values.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit d71db816c6d393d6a42b934912f4f47a290c91fe)

workflow: add syntax check

This adds the ansible --syntax-check test in the ansible-lint workflow

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 5ed423ad8886a8985a4aa6424930f812864845bc)

workflow/lint: pin ruamel.yaml.clib to 0.2.2

Recent release is broken with py27.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

tox: add ceph_stable_release to switch2container

We need to set the ceph_stable_release variable during the switch2container
playbook.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>

switch2container: run ceph-validate role

This adds the ceph-validate role before starting the switch to a containerized
deployment.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1968177
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit fc160b3be18edd1615ebb2b813a8468748f6d7d3)

nfs: do no copy client.bootstrap-rgw when using mds

There's no need to copy this keyring when using nfs with mds

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 8dbee99882968005e744d3c8199dbfdea17495cc)

Container: Fixing service name lvm2-lvmetad

Playbook failing saying:

msg: 'Could not find the requested service lvmetad: host'

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1955040
Signed-off-by: VasishtaShastry <vipin.indiasmg@gmail.com>
(cherry picked from commit e49c38f8b7fc7c6c8ef06173874ece802d58102d)

multisite: fix bug during switch2containers

When running the switch-to-containers playbook with multisite enabled,
the fact "rgw_instances" is only set for the node being processed
(serial: 1), the consequence of that is that the set_fact of
'rgw_instances_all' can't iterate over all rgw node in order to look up
each 'rgw_instances_host'.

Adding a condition checking whether hostvars[item]["rgw_instances_host"]
is defined fixes this issue.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1967926
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 8279d14d328ad4bacafc01847f3ad9f385b4a3d5)

rolling_update: fix mon+rgw/multisite collocation

When monitors and rgw are collocated with multisite enabled, the
rolling_update playbook fails because during the workflow, we run some
radosgw-admin commands very early on the first mon even though this is
the monitor being upgraded, it means the container doesn't exist since
it was stopped.

This block is relevant only for scaling out rgw daemons or initial
deployment. In rolling_update workflow, it is not needed so let's skip
it.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1970232
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f7166cccbfa206f07a1ecca8d3eba0fe9d396c3a)

tests: disable test_mgr_dashboard_is_listening

Due to a recent commit that has introduced a regression in ceph, this
test is failing.
Temporarily disabling it to unblock the CI.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 2e19d1705efa8ef247eecb540357195d5142da77)

dashboard: set cookie_secure in grafana

When using grafana behind https `cookie_secure` should be set to `true`.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1966880
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 4daed1f137a4c61940abd9ae2db179fafd8de17a)

dashboard: fix rgw user creation

When deploying dashboard in a cluster with rgw multisite deployed.
Due to the last rgw multisite refactor, we now expect the variable
`rgw_zonemaster` to be defined in the dict `rgw_instances`.
The idea here is to create that user on the cluster as soon as we have 1
`rgw_zonemaster` set to `true` in `rgw_instances`.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1964995
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>

crash: fix --limit deployments (containers)

ceph-crash deployments is broken when ceph-ansible playbook is called
with --limit in containerized contexts since we don't set
`container_exec_cmd` on the first monitor.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1964835
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 10ed26f14dc38211d4c77cbeeeb681d215a351b7)

dashboard: fix typo introduced during backport

during backport of c8b92deba10c0b6e0ebcb0e31315b1e6174fdc0c the pattern
should have been s/monitoring_group_name/grafana_server_group_name/

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1964907
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit ac0a5c1e682e0a6e6c67d7c3c630b1da110785bb)

prometheus: enforce osd nodes in templates

When osd nodes are collocated in the clients group (HCI context for
instance), the current logic will exclude osd nodes since they are
present in the client group.

The best fix would be to exclude clients node only when they are not
member of another group but for now, as a workaround, we can enforce
the addition of osd nodes to fix this specific case.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1947695
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 664dae0564d54d6df873b96264e59fa38c8280a4)

fs2bs: use match filter in selectattr()

0990ae41099d8b9d678f546fc8790033f421711f changed the filter in
selectattr() from 'match' to 'equalto' but due to an incompatibility with
the Jinja2 version for python 2.7 on el7 we must stick to using 'match'
filter.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit d6745e9cd9c2b5f0e20280e4ae0fe1b125287b0c)

fs2bs: fix wrong filter when setting osd_ids

using 'match' filter in that task will lead to bad behavior if I have
the following node names for instance:

- node1
- node11
- node111

with `selectattr('name', 'match', inventory_hostname)` it will match
'node1' along with 'node11' and 'node111'.

using 'equalto' filter will make sure we only match the target node.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1963066
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 0990ae41099d8b9d678f546fc8790033f421711f)

container: conditionnally disable lvmetad

Enabling lvmetad in containerized deployments on el7 based OS might
cause issues.
This commit make it possible to disable this service if needed.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1955040
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>

Make sure the repo url contains the correct arch

We can end up with an arm only repo unless we are specific about the
architecture we require. Brings the deb code in line with the rpm
equivalent.

Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
(cherry picked from commit 267cce9e8360fc8cb9c192fde2406e5dca724610)

validate: check virtual_ips variable

This commit checks the length of `virtual_ips` doesn't exceed the length
of `groups[rgwloadbalancer_group_name]`.
It also ensure this variable is defined when
`groups[rgwloadbalancer_group_name]` contains at least one node.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 3b63e0649cdaf322af1ad5a5b5b276ec9085d2d5)

ceph-rgw-loadbalancer: Fix keepalived master selection

While 2ca33641 fixed a bug in the way the `keepalived.conf.j2` template matched
hostnames to set the VRRP `MASTER`/`BACKUP` states, it also introduced a
regression in the case where `virtual_ips` is a list of more than one IP
address.

The previous behavior would result in each host in the `rgwloadbalancers` group
to be `MASTER` for one of the `virtual_ips`, but the new behavior caused the
first host to be `MASTER` for all the IP address in `virtual_ips`.

This commit restores the original behavior.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 2bede4762efaf566a7da689dd1021ee66c0c94eb)

update: fix ceph-crash stop task

This is a workaround for an issue in ansible.
When trying to stop/mask/disable this service in one task, the stop
didn't actually happen, the task doesn't fail but for some reason the
container is still present and running.
Then the task starting the service in the role ceph-crash fails because
it can't start the container since it's already running with the same
name.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1955393
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 3db1ea7ec41475243559beff50b7011773c021e5)

ceph-osd: allow to use ceph_tcmalloc_max_total_thread_cache for bluestore

TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES is for both bluestore and filestore

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 41295f0ef661511953be607d44d82a80f5656d2e)

ceph-mon: Fix check mode for deploy monitor tasks

Skip the `get initial keyring when it already exists` task when both commands
whose `stdout` output it requires have been skipped (e.g. when running in check
mode).

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit e98d9b70bd2d272385519efdefe776c4abc00f0a)

fs2bs: add a final play

This removes the fact `skipped_nodes` which is useless when we run with
`--limit` since it gets reset when a new iteration is made.

Instead, let's print within a final play which node has been skipped
reusing the `skip_this_node` fact.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 3d4267051f03c053dcd7d3f6f381988be0b2939d)