From cc28d9ec2669f14fa2e75627093aa65905af969f Mon Sep 17 00:00:00 2001 From: Guillaume Abrioux Date: Thu, 19 Mar 2020 20:44:20 +0100 Subject: [PATCH] nfs: fix nfs with external ceph cluster support This commit refact and fix the nfs deployment with external ceph cluster support. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1814942 Signed-off-by: Guillaume Abrioux --- group_vars/clients.yml.sample | 2 - roles/ceph-client/defaults/main.yml | 2 - roles/ceph-client/tasks/create_users_keys.yml | 1 - roles/ceph-nfs/tasks/main.yml | 30 ++++++++++---- roles/ceph-validate/tasks/main.yml | 9 ----- site-container.yml.sample | 40 +++++++++---------- site.yml.sample | 36 ++++++++--------- 7 files changed, 60 insertions(+), 60 deletions(-) diff --git a/group_vars/clients.yml.sample b/group_vars/clients.yml.sample index c565f048b..f65f15f9f 100644 --- a/group_vars/clients.yml.sample +++ b/group_vars/clients.yml.sample @@ -75,5 +75,3 @@ dummy: # - { name: client.test, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test" }, mode: "{{ ceph_keyring_permissions }}" } # - { name: client.test2, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test2" }, mode: "{{ ceph_keyring_permissions }}" } -#ceph_nfs_ceph_user: { name: client.rgw.nfs0, key: 'SECRET==', caps: { mon: "allow rw", osd: "allow rwx" }, mode: "{{ ceph_keyring_permissions }}" } - diff --git a/roles/ceph-client/defaults/main.yml b/roles/ceph-client/defaults/main.yml index 20662f9ad..6cb86448c 100644 --- a/roles/ceph-client/defaults/main.yml +++ b/roles/ceph-client/defaults/main.yml @@ -66,5 +66,3 @@ pools: keys: - { name: client.test, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test" }, mode: "{{ ceph_keyring_permissions }}" } - { name: client.test2, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool=test2" }, mode: "{{ ceph_keyring_permissions }}" } - -#ceph_nfs_ceph_user: { name: client.rgw.nfs0, key: 'SECRET==', caps: { mon: "allow rw", osd: "allow rwx" }, mode: "{{ ceph_keyring_permissions }}" } diff --git a/roles/ceph-client/tasks/create_users_keys.yml b/roles/ceph-client/tasks/create_users_keys.yml index 99d5913ee..a43d260d8 100644 --- a/roles/ceph-client/tasks/create_users_keys.yml +++ b/roles/ceph-client/tasks/create_users_keys.yml @@ -47,7 +47,6 @@ CEPH_CONTAINER_BINARY: "{{ container_binary }}" with_items: - "{{ keys }}" - - "{{ ceph_nfs_ceph_user | default([]) }}" delegate_to: "{{ delegated_node }}" when: - cephx | bool diff --git a/roles/ceph-nfs/tasks/main.yml b/roles/ceph-nfs/tasks/main.yml index a2b18fd39..94e0923f9 100644 --- a/roles/ceph-nfs/tasks/main.yml +++ b/roles/ceph-nfs/tasks/main.yml @@ -26,17 +26,31 @@ - not containerized_deployment | bool - ansible_os_family == 'RedHat' -- name: copy rgw keyring when deploying internal ganesha with external ceph cluster - copy: - src: "/etc/ceph/{{ cluster }}.{{ ceph_nfs_ceph_user }}.keyring" - dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring" - mode: '0600' - owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" - group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" - remote_src: true +- name: nfs with external ceph cluster task related when: - groups.get(mon_group_name, []) | length == 0 - ceph_nfs_ceph_user is defined + block: + - name: create keyring directory + file: + path: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}" + state: directory + owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" + group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" + mode: "0755" + when: + + - name: get client cephx keys + copy: + dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring" + content: "{{ item.content | b64decode }}" + mode: "{{ item.item.get('mode', '0600') }}" + owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" + group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" + with_items: "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] | default([]) }}" + when: + - not item.get('skipped', False) + - item.item.name == 'client.' + ceph_nfs_ceph_user - name: include start_nfs.yml import_tasks: start_nfs.yml diff --git a/roles/ceph-validate/tasks/main.yml b/roles/ceph-validate/tasks/main.yml index 58c080422..b1be04b10 100644 --- a/roles/ceph-validate/tasks/main.yml +++ b/roles/ceph-validate/tasks/main.yml @@ -261,12 +261,3 @@ - keys | length > 0 - item.key is defined - item.key is not match("^[a-zA-Z0-9+/]{38}==$") - -- name: validate ceph_nfs_ceph_user key format - fail: - msg: '{{ ceph_nfs_ceph_user.name }} key format invalid' - when: - - client_group_name in group_names - - ceph_nfs_ceph_user is defined - - ceph_nfs_ceph_user.key is defined - - ceph_nfs_ceph_user.key is not match("^[a-zA-Z0-9+/]{38}==$") diff --git a/site-container.yml.sample b/site-container.yml.sample index 098cce826..ccbe14f9e 100644 --- a/site-container.yml.sample +++ b/site-container.yml.sample @@ -258,17 +258,17 @@ status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- hosts: nfss +- hosts: clients become: True gather_facts: false any_errors_fatal: true tasks: # pre-tasks for following imports - - - name: set ceph nfs install 'In Progress' + - name: set ceph client install 'In Progress' run_once: true set_stats: data: - installer_phase_ceph_nfs: + installer_phase_ceph_client: status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" @@ -285,28 +285,28 @@ name: ceph-config tags: ['ceph_update_config'] - import_role: - name: ceph-nfs + name: ceph-client - # post-tasks for following imports - - - name: set ceph nfs install 'Complete' + # post-tasks for preceding imports - + - name: set ceph client install 'Complete' run_once: true set_stats: data: - installer_phase_ceph_nfs: + installer_phase_ceph_client: status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- hosts: rbdmirrors +- hosts: nfss become: True gather_facts: false any_errors_fatal: true tasks: # pre-tasks for following imports - - - name: set ceph rbd mirror install 'In Progress' + - name: set ceph nfs install 'In Progress' run_once: true set_stats: data: - installer_phase_ceph_rbdmirror: + installer_phase_ceph_nfs: status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" @@ -323,28 +323,28 @@ name: ceph-config tags: ['ceph_update_config'] - import_role: - name: ceph-rbd-mirror + name: ceph-nfs - # post-tasks for preceding imports - - - name: set ceph rbd mirror install 'Complete' + # post-tasks for following imports - + - name: set ceph nfs install 'Complete' run_once: true set_stats: data: - installer_phase_ceph_rbdmirror: + installer_phase_ceph_nfs: status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- hosts: clients +- hosts: rbdmirrors become: True gather_facts: false any_errors_fatal: true tasks: # pre-tasks for following imports - - - name: set ceph client install 'In Progress' + - name: set ceph rbd mirror install 'In Progress' run_once: true set_stats: data: - installer_phase_ceph_client: + installer_phase_ceph_rbdmirror: status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" @@ -361,14 +361,14 @@ name: ceph-config tags: ['ceph_update_config'] - import_role: - name: ceph-client + name: ceph-rbd-mirror # post-tasks for preceding imports - - - name: set ceph client install 'Complete' + - name: set ceph rbd mirror install 'Complete' run_once: true set_stats: data: - installer_phase_ceph_client: + installer_phase_ceph_rbdmirror: status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/site.yml.sample b/site.yml.sample index ea5fbfd6e..c29fc581b 100644 --- a/site.yml.sample +++ b/site.yml.sample @@ -248,16 +248,16 @@ status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- hosts: nfss +- hosts: clients gather_facts: false become: True any_errors_fatal: true pre_tasks: - - name: set ceph nfs install 'In Progress' + - name: set ceph client install 'In Progress' run_once: true set_stats: data: - installer_phase_ceph_nfs: + installer_phase_ceph_client: status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" @@ -275,27 +275,27 @@ name: ceph-config tags: ['ceph_update_config'] - import_role: - name: ceph-nfs + name: ceph-client post_tasks: - - name: set ceph nfs install 'Complete' + - name: set ceph client install 'Complete' run_once: true set_stats: data: - installer_phase_ceph_nfs: + installer_phase_ceph_client: status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- hosts: rbdmirrors +- hosts: nfss gather_facts: false become: True any_errors_fatal: true pre_tasks: - - name: set ceph rbd mirror install 'In Progress' + - name: set ceph nfs install 'In Progress' run_once: true set_stats: data: - installer_phase_ceph_rbdmirror: + installer_phase_ceph_nfs: status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" @@ -313,27 +313,27 @@ name: ceph-config tags: ['ceph_update_config'] - import_role: - name: ceph-rbd-mirror + name: ceph-nfs post_tasks: - - name: set ceph rbd mirror install 'Complete' + - name: set ceph nfs install 'Complete' run_once: true set_stats: data: - installer_phase_ceph_rbdmirror: + installer_phase_ceph_nfs: status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- hosts: clients +- hosts: rbdmirrors gather_facts: false become: True any_errors_fatal: true pre_tasks: - - name: set ceph client install 'In Progress' + - name: set ceph rbd mirror install 'In Progress' run_once: true set_stats: data: - installer_phase_ceph_client: + installer_phase_ceph_rbdmirror: status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" @@ -351,14 +351,14 @@ name: ceph-config tags: ['ceph_update_config'] - import_role: - name: ceph-client + name: ceph-rbd-mirror post_tasks: - - name: set ceph client install 'Complete' + - name: set ceph rbd mirror install 'Complete' run_once: true set_stats: data: - installer_phase_ceph_client: + installer_phase_ceph_rbdmirror: status: "Complete" end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- 2.39.5