From 970c6a4ee6923588adb81d8c49185ff8e340d52e Mon Sep 17 00:00:00 2001 From: Guillaume Abrioux Date: Tue, 24 Nov 2020 11:33:46 +0100 Subject: [PATCH] mon: refact initial keyring generation adding monitor is no longer possible because we generate a new mon keyring each time the playbook is run. Fixes: #5864 Signed-off-by: Guillaume Abrioux --- infrastructure-playbooks/add-mon.yml | 3 +++ library/ceph_key.py | 15 ++++++++++----- roles/ceph-mon/tasks/deploy_monitors.yml | 21 ++++++++------------- tests/library/test_ceph_key.py | 12 ++++++++++++ 4 files changed, 33 insertions(+), 18 deletions(-) diff --git a/infrastructure-playbooks/add-mon.yml b/infrastructure-playbooks/add-mon.yml index c74c89589..0d1859545 100644 --- a/infrastructure-playbooks/add-mon.yml +++ b/infrastructure-playbooks/add-mon.yml @@ -68,6 +68,9 @@ name: ceph-config - import_role: name: ceph-mon + - import_role: + name: ceph-crash + when: containerized_deployment | bool # update config files on OSD nodes - hosts: osds diff --git a/library/ceph_key.py b/library/ceph_key.py index 5e3092eb5..6b98e075c 100644 --- a/library/ceph_key.py +++ b/library/ceph_key.py @@ -83,8 +83,9 @@ options: return a json output. If 'info' is used, the module will return in a json format the description of a given keyring. + If 'generate_secret' is used, the module will simply output a cephx keyring. required: false - choices: ['present', 'update', 'absent', 'list', 'info', 'fetch_initial_keys'] + choices: ['present', 'update', 'absent', 'list', 'info', 'fetch_initial_keys', 'generate_secret'] default: present caps: description: @@ -491,7 +492,8 @@ def run_module(): module_args = dict( cluster=dict(type='str', required=False, default='ceph'), name=dict(type='str', required=False), - state=dict(type='str', required=False, default='present', choices=['present', 'update', 'absent', 'list', 'info', 'fetch_initial_keys']), + state=dict(type='str', required=False, default='present', choices=['present', 'update', 'absent', + 'list', 'info', 'fetch_initial_keys', 'generate_secret']), caps=dict(type='dict', required=False, default=None), secret=dict(type='str', required=False, default=None, no_log=True), import_key=dict(type='bool', required=False, default=True), @@ -677,9 +679,12 @@ def run_module(): file_args = module.load_file_common_arguments(module.params) file_args['path'] = key_path module.set_fs_attributes_if_different(file_args, False) - else: - module.fail_json( - msg='State must either be "present" or "absent" or "list" or "info" or "fetch_initial_keys".', changed=False, rc=1) # noqa E501 + elif state == "generate_secret": + out = generate_secret().decode() + cmd = '' + rc = 0 + err = '' + changed = True endd = datetime.datetime.now() delta = endd - startd diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml index 607435a12..a8d713758 100644 --- a/roles/ceph-mon/tasks/deploy_monitors.yml +++ b/roles/ceph-mon/tasks/deploy_monitors.yml @@ -4,7 +4,7 @@ name: mon. cluster: "{{ cluster }}" user: mon. - user_key: "/var/lib/ceph/mon/{{ cluster }}-{{ hostvars[groups[mon_group_name][0] if running_mon is undefined else running_mon]['ansible_hostname'] }}/keyring" + user_key: "/var/lib/ceph/mon/{{ cluster }}-{{ hostvars[running_mon]['ansible_hostname'] }}/keyring" output_format: json state: info environment: @@ -12,26 +12,21 @@ CEPH_CONTAINER_BINARY: "{{ container_binary }}" register: initial_mon_key run_once: True - delegate_to: "{{ groups[mon_group_name][0] if running_mon is undefined else running_mon }}" - when: ceph_current_status.fsid is defined + delegate_to: "{{ running_mon }}" + when: running_mon is defined - name: generate monitor initial keyring - command: > - {{ hostvars[groups[mon_group_name][0] if running_mon is undefined else running_mon]['discovered_interpreter_python'] }} -c "import os ; import struct ; - import time; import base64 ; key = os.urandom(16) ; - header = struct.pack('