Sébastien Han [Fri, 16 Dec 2016 13:53:14 +0000 (14:53 +0100)]
docker: only use systemd to manage containers
Prior to this patch we had several ways to runs containers, we could use
ansible's docker module on some distro and on containers distros we were
using systemd. We strongly believe threating containers as services with
systemd is the right approach so this patch generalizes to all the
distros. These days most of the distros are running systemd so it's fair
assumption.
Sébastien Han [Fri, 16 Dec 2016 10:42:17 +0000 (11:42 +0100)]
mon: add the initial mon keyring to the mon store
Once we have our first monitor up and running we need to add it to the
monitor store as a safety measure. Just in case the local file gets
deleted and you need to add a new monitor. Now you can retrieve this key
like this:
ceph config-key get initial_mon_keyring > initial_mon_keyring.txt
Sébastien Han [Fri, 16 Dec 2016 10:36:42 +0000 (11:36 +0100)]
common: do not become root on local task
There is no need to become root on local_action. This will event trigger
an error on some systems as it will try to run a sudo command. If the
current user does not have passwordless sudo, Ansible will fail. Anyway
using the current user is perfectly fine and no elevation privilege is
needed.
Logan V [Thu, 14 Jul 2016 19:27:03 +0000 (14:27 -0500)]
Add support for Keystone v3 API
The Keystone v2 APIs are deprecated and scheduled to be removed in
Q release of Openstack. This adds support for configuring RGW to
use the current Keystone v3 API.
Logan V [Thu, 14 Jul 2016 19:09:31 +0000 (14:09 -0500)]
Add a switch to disable nss PKI database initialization
The PKI keys are used to decrypt the Keystone revocation list when
PKI tokens are used. When UUID or Fernet token providers are used in
Keystone, PKI certs may not exist, so we now accommodate this scenario
by allowing the operator to disable the PKI tasks.
Logan V [Mon, 11 Jul 2016 12:52:11 +0000 (07:52 -0500)]
Add support for Keystone user authentication with RGW
Jewel added support for user/pass authentication with Keystone,
allowing deployers to disable Keystone admin token as required
for production deployments.
This implements configuration for the new RGW Keystone user/pass
authentication feature added in Jewel.
See docs here: http://docs.ceph.com/docs/master/radosgw/keystone/
Sébastien Han [Tue, 6 Dec 2016 10:20:23 +0000 (11:20 +0100)]
test: add cluster name support test scenario
We need to test the cluster name support in this CI as well. This
commit might be prone to debate because it tests 2 things in a single
scenario. We first test our ability to deploy a cluster AND the cluster
name support. However it's easier to do it this way and will reduce the
amount of time for testingg. If we don't do this we will have a
duplicate those 2 existing tests into new ones 'only' to test the
cluster name support.
common: do not regenerate initial mon keyring if cluster exists
This commit solves the situation where you lost your fetch directory and
you are running ansible against an existing cluster. Since no fetch
directory is present the file containing the initial mon keyring
doesn't exist so we are generating a new one.
Sébastien Han [Wed, 14 Dec 2016 18:03:04 +0000 (19:03 +0100)]
common: remove uncessary conditions and spell red hat entirely
We do not need to run another condition for 'ceph_rhcs' since the
include we came from already has it, so we are already inside this
condition.
We also spell red hat entirely instead of rh and we remove capital
letters.
Andrew Schoen [Wed, 14 Dec 2016 15:13:55 +0000 (09:13 -0600)]
ensure site.yml.sample always gathers facts and installs python2
Then avoids an issue where if you're using tags to run the playbook then
no facts are gathered, resulting in subsequent tasks failing that depend
on them.
Ken Dreyer [Mon, 12 Dec 2016 21:20:47 +0000 (14:20 -0700)]
Makefile: improve version detection
Prior to this change, if there was a stray tag in the repository that
did not start with a "v", the Makefile would still try to use that tag
as a version tag when constructing the RPMs.
Only use the tags that start with "v", in this case.
Sébastien Han [Fri, 9 Dec 2016 13:51:35 +0000 (14:51 +0100)]
common: do not run tasks in main.yml, use include
For readibility and clarity we do not run any tasks directly in the
main.yml file. This file should only contain include, which helps us
later to apply conditionnals if we want to.
Sébastien Han [Tue, 6 Dec 2016 16:28:30 +0000 (17:28 +0100)]
docker: consolidate ceph-ansible and ceph-docker varible
This commit re-uses some of the existing ceph-ansible variables for a
containirzed deployment. There is no reasons why we should add new
variables for the containerized deployment.
Logan V [Thu, 8 Dec 2016 19:16:02 +0000 (13:16 -0600)]
Fix the mons running check to use group name var
mon_group_name variable can be used to override mons group, but
this task assumes the group is always 'mons'. So we need to use
the var to find the group name instead.
- Add option to configure default pool size
- Add option not to install MDS and RGW
- Improve ssh_setup to check if file and key already exist
- Improve populate_vars for safety rerun for idempotent
- Change path of inventory file to where ansible run. So this won't pollute the system
Sébastien Han [Wed, 7 Dec 2016 13:36:24 +0000 (14:36 +0100)]
mon: remove collect keys
Once the monitor process starts it will also trigger `ceph-create-keys`
which will collect the admin key and bootstrap keys. We used to force
this command because we were having issues on some distros like centos
7.0 and 7.1 not triggering this. This is fixed on centos 7.2 and not an
issue on ubuntu 14.04 or 16.04 so we can remove this task. If the
monitor hangs or fails to start the playbook will fail right after at
the "wait for client.admin key exists" task after 300sec.
Closes: #1161 Signed-off-by: Sébastien Han <seb@redhat.com>
Sébastien Han [Tue, 6 Dec 2016 14:59:49 +0000 (15:59 +0100)]
common: do not regenerate a cluster fsid if cluster exists
This commit solves the situation where you lost your fetch directory and
you are running ansible against an existing cluster. Since no fetch
directory is present the file containing the fsid doesn't exist so we
are creating a new one. Later the ceph.conf gets updated with a wrong
fsid which causes problems for clients and ceph processes.
Closes: #1148 Signed-off-by: Sébastien Han <seb@redhat.com>
projects / ceph-ansible.git / log