We use the systemd_service role to load a drop-in for all
services which fall under the 'ceph-immutable-object-store'
banner, but this isn't a service in its own right.
Attempting to load the service on Ubuntu Jammy results in
an error, so we prevent loading it, and leave enabling of the
individual service up to an existing later task.
Change-Id: If9c46d22f42bc3765b217b0fbc736331bf337557
When placing ceph_extra_confs files to their destination, they're being
assigned mode 0644 with root:root ownership. However, when we're overriding
some sections in config files, we also accidentally change mode of these
files to 0640 which makes issues while reading them by clients and
makes role not idempotent.
This issue was introduced by this commit [1]
[1] https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/888216
Change-Id: I5fe0fff9616e0829b83f61bd1b062cfd978543d6
When Ceph read/write caching uses paths which aren't already
covered by the libvirt/qemu apparmor rules then additional
configuration is required to ensure VMs don't fail to boot.
Change-Id: I2dff4bf54191b763e25625aa7a10bceaa1f6e595
Right now we have quite strong assumption that `nova_ceph_client` should be
present among clients to fetch. At the same time, in case the role is
included outside of the OSA context, ceph_client_filtered_clients might
not contain all users we expect to see.
With that we alter the logic to fetch nova key not only when role is launched
against compute host, but also when the client is present in the list.
Change-Id: I7810881a01b9d2f3d98a6c3ad590b9ea63358011
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: Ic382ddfc0e79e3b9dfdeeaabdf131466127756f2
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: Idb2dd6cd4bbf815e4b32c9bfbe9a66f33e1c4b97
With [1] usage of custom owner/group has been introduced. It
converted client to be a list of mappings but it was missed in 1 place.
[1] fdd2aaa00b
Closes-Bug: #2024339
Change-Id: Icfc16ca25f0b6b45a0de0bcdf4eac71ab302a120
See [1] for details of this ceph component. Optionally deployed
on nova-compute nodes to accellerate access to read-only data
for volumes created from snapshots.
[1] https://docs.ceph.com/en/latest/rbd/rbd-persistent-read-only-cache/
Change-Id: I34f2f403d03cc95f593f21c717609b9858b8d989
At the moment we do install EPEL repo in multiple other roles, like
lxc_hosts or systemd_mount. We're trying to be consistent in ways
of adding them, while ceph_client was slightly different, by carrying on
GPG keys in-repo instead of fetching them from `centos_epel_key` url.
With this patch we unify approach with other roles and reducing
maintenance costs of the repo when adding new distributions
Change-Id: I407256dc6eee3365c4f8c191a1f50717f0b35fa8
Related-Bug: #2013276
Latest ceph releases also require thrift package to be installed,
which is provided by EPEL. We add the package of allowed ones
to come from EPEL.
Change-Id: Id2cd34bf88efbda9ba37710d1052a6f54249b5bf
Closes-Bug: #2013276
At the moment regexp we have does require keyring to contain only
key option. If that is full ceph authx file that does also contain
caps, regexp will grab them as well, which will result in a play failure
This patch does improve regexp to grab only key regardless of all other
content that can be present in the file.
Change-Id: I176fbcd4901dfacd4b608fac4d4fbd256d263b2a
Previously this required always access to the mon_host of the Ceph
cluster to fetch the key for volume access. Now this key can be defined
through Ceph keyring files.
Change-Id: Ib2c755d38038b14ca3803de1bb9cbcec122eaa83
This line snuck in with I0a8fda2e71e80624edbe271139675a71196b23ef
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Icf9258e9f7c37e7ae34f6924fae432f15487b260
At the moment if multiple clusters are used, like for AZ deployments
when cinder should connect to different ceph clusters, if
ceph_keyrings_dir defined per group_var or host_var, ceph_client_keys
will get defined multiple times each time overriding previous value,
as facts are delegated to the localhost. In order to avoid such
behaviour we define ceph_client_keys for host that delegates job
instead. This way value won't be overwriten and host_vars will be
respected.
Change-Id: I5109322a4ee805f9c0b53142a0e98d3f0aa2d3a5
In some cases, like AZ scenarios, deployments may interact with
several clusters at a time, while they will be distinguished by
the cluster_name. However, ceph_client role now assumes that
cluster name is `ceph` without any way to override such assumption.
Change-Id: I9dcad1e1c63294f4f59a1755507904808acb785e
Exact same tasks are define in tasks/ceph_auth.yml and should cover
needs.
So we can simply avoid running same set of tasks.
Change-Id: I30593660dc6ebab46e20b680b321e3c97315bff4
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I0a8fda2e71e80624edbe271139675a71196b23ef
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Iee883f6d9240918c9168a7cd7c6b9dbce02eabfc
Currently we do not check if mon_host is defined and part of
ceph_extra_confs while attempting to remove files created by previous
steps. This causes failure since keys are not defined and are not required
Change-Id: Id41f9eef3408b75dc1b58a94442910b0394be062
Closes-Bug: #1939454
Ceph requires fmt package to be installed for CentOS, which is provided
by EPEL nowadays. So we extend list of packages that needs
to be installed from EPEL.
Change-Id: Idabce1111690b74617f825dfa843c835f53db368
Closes-Bug: #1936182
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I8ccd8ef5cbb4a29b782418ffa33e635962f0941e
when running the playbook it does appens that the apt_key task fails.
let's retry in case of failure to mimic the apt-key add that runs later.
Change-Id: Ie745496f515af1461bb8d03ba6b5c7cac5e71150
We shouldn't stop role execution if ceph_mons is an epty list, since
deployer can provide ceph_conf_file and keys instead.
Change-Id: I35b23e266aa9c5e29e79ea040994039e47242c9c
This little trailing '/' results in a duplicate entry for ceph packages
if the repository has already been set up by ceph-ansible. This patch
removes the entry with the trailing '/' (for convenience) and matches
what ceph-ansible does.
Change-Id: I445a3fcc5cec1234c2282eacf1e0704c5a0df11b
We shouldn't try to access monitors in case deployer has provided both
ceph config and ceph auth.
So that deployers wouldn't have to provide access to their ceph clusters
to the deploy host.
Change-Id: If0b4319826abd8991a81d39ca049e8063a667685
Since python3 may be used as default bython and symlinked to
/usr/bin/python we should be more specific about what python to use.
Change-Id: I293c4e0bb6d7ede80c3f879f26fa005f75f2c33a
delegate_facts should be used as futher we're asking these facts from
localhost, while they will be assigned to original host.
Also _keys are supposed to be dict, but defined as list and `client`
is expected instead of `item`
Change-Id: I719016f454427fcc751d872408c44d665278a0d0
Closes-Bug: 1860572
In py3 usage of print as a fucntion instead of a stetement is a
hard requirement. This patch fixes symlink of python ceph libraries.
Change-Id: I07db988f607b8f4ab041437edff2903a8e07e381
This change permits users to specify a directory where the keyrings are
located.
It is useful when openstack-ansible have no ssh access to the ceph
cluster.
Change-Id: I6693a7f9d0bc7fe1e20eee53a96de8df8985e148
This commit implements option to partially override ceph.conf with regular
config_template action plugin.
Change-Id: I60cc9d3a4dde0483aa92714a521675a26ad9cd78
Several different libraries are linked and some had hardcoded python2.7
paths, which are now auto-detected.
In addition, the detected python interpreter is always used rather than
sometimes being hardcoded to 'python'.
Change-Id: Ibe512c614e1a830b7b160e45c970b953a4d08e23