We use the systemd_service role to load a drop-in for all
services which fall under the 'ceph-immutable-object-store'
banner, but this isn't a service in its own right.
Attempting to load the service on Ubuntu Jammy results in
an error, so we prevent loading it, and leave enabling of the
individual service up to an existing later task.
Change-Id: If9c46d22f42bc3765b217b0fbc736331bf337557
When placing ceph_extra_confs files to their destination, they're being
assigned mode 0644 with root:root ownership. However, when we're overriding
some sections in config files, we also accidentally change mode of these
files to 0640 which makes issues while reading them by clients and
makes role not idempotent.
This issue was introduced by this commit [1]
[1] https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/888216
Change-Id: I5fe0fff9616e0829b83f61bd1b062cfd978543d6
With [1] we have broken compatibility of potentially provided extra components
config without any notice.
In order to handle this now we fix backwards compatibility along with
adding a deprecation note on the format of ``client``.
[1] https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/882827
Closes-Bug: #2047783
Change-Id: I89b67f0f0545d799194d8486a6bb25227279af84
When Ceph read/write caching uses paths which aren't already
covered by the libvirt/qemu apparmor rules then additional
configuration is required to ensure VMs don't fail to boot.
Change-Id: I2dff4bf54191b763e25625aa7a10bceaa1f6e595
Right now we have quite strong assumption that `nova_ceph_client` should be
present among clients to fetch. At the same time, in case the role is
included outside of the OSA context, ceph_client_filtered_clients might
not contain all users we expect to see.
With that we alter the logic to fetch nova key not only when role is launched
against compute host, but also when the client is present in the list.
Change-Id: I7810881a01b9d2f3d98a6c3ad590b9ea63358011
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Ic3ca23b672414d1944069b274d709e3a3d94de43
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: Ic382ddfc0e79e3b9dfdeeaabdf131466127756f2
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Idb2dd6cd4bbf815e4b32c9bfbe9a66f33e1c4b97
With [1] usage of custom owner/group has been introduced. It
converted client to be a list of mappings but it was missed in 1 place.
[1] fdd2aaa00b
Closes-Bug: #2024339
Change-Id: Icfc16ca25f0b6b45a0de0bcdf4eac71ab302a120
See [1] for details of this ceph component. Optionally deployed
on nova-compute nodes to accellerate access to read-only data
for volumes created from snapshots.
[1] https://docs.ceph.com/en/latest/rbd/rbd-persistent-read-only-cache/
Change-Id: I34f2f403d03cc95f593f21c717609b9858b8d989
These jobs are run, but there is no actual test code executed other
than setting up the test environment them exiting success straight
away.
Change-Id: I1c3a3ef2584c65b9b4e7ee4c869d76c612c476d5
At the moment we do install EPEL repo in multiple other roles, like
lxc_hosts or systemd_mount. We're trying to be consistent in ways
of adding them, while ceph_client was slightly different, by carrying on
GPG keys in-repo instead of fetching them from `centos_epel_key` url.
With this patch we unify approach with other roles and reducing
maintenance costs of the repo when adding new distributions
Change-Id: I407256dc6eee3365c4f8c191a1f50717f0b35fa8
Related-Bug: #2013276
Latest ceph releases also require thrift package to be installed,
which is provided by EPEL. We add the package of allowed ones
to come from EPEL.
Change-Id: Id2cd34bf88efbda9ba37710d1052a6f54249b5bf
Closes-Bug: #2013276
We've missed adding a GPG key that's required for installing
packages for RHEL9 distros from EPEL.
Change-Id: I2bef98a695517c038cb9f0dcd09caa16611520b7
Closes-Bug: #2013276
At the moment regexp we have does require keyring to contain only
key option. If that is full ceph authx file that does also contain
caps, regexp will grab them as well, which will result in a play failure
This patch does improve regexp to grab only key regardless of all other
content that can be present in the file.
Change-Id: I176fbcd4901dfacd4b608fac4d4fbd256d263b2a
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: If194947d7929dd251113a0384a3bda3e5fde8915
Previously this required always access to the mon_host of the Ceph
cluster to fetch the key for volume access. Now this key can be defined
through Ceph keyring files.
Change-Id: Ib2c755d38038b14ca3803de1bb9cbcec122eaa83
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I534f5bdb19a1e1f75eeeeefbe01c8ec3bcdbe38f
This line snuck in with I0a8fda2e71e80624edbe271139675a71196b23ef
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Icf9258e9f7c37e7ae34f6924fae432f15487b260
At the moment if multiple clusters are used, like for AZ deployments
when cinder should connect to different ceph clusters, if
ceph_keyrings_dir defined per group_var or host_var, ceph_client_keys
will get defined multiple times each time overriding previous value,
as facts are delegated to the localhost. In order to avoid such
behaviour we define ceph_client_keys for host that delegates job
instead. This way value won't be overwriten and host_vars will be
respected.
Change-Id: I5109322a4ee805f9c0b53142a0e98d3f0aa2d3a5
In some cases, like AZ scenarios, deployments may interact with
several clusters at a time, while they will be distinguished by
the cluster_name. However, ceph_client role now assumes that
cluster name is `ceph` without any way to override such assumption.
Change-Id: I9dcad1e1c63294f4f59a1755507904808acb785e
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Iacff492513352324cc94535c756b220d4753541d
We missed upating ceph_client_package_state to use package_state
for default value, as other roles do.
So we're fixing it not to update ceph client packages every time, which
can lead to interesting consequences depending on the destination.
Change-Id: I0d6014649307bb6556cdc189cf8d749e1ec9b20a
Exact same tasks are define in tasks/ceph_auth.yml and should cover
needs.
So we can simply avoid running same set of tasks.
Change-Id: I30593660dc6ebab46e20b680b321e3c97315bff4
Currently we assume that there must be a services that needs to be
restarted. At same time it's not always the case, for example when
ceph_client role is used to prepare host for cephfs mount.
Change-Id: I6a5cf134a0117e6d8c12a339713ca425a31b907b