diff --git a/defaults/main.yml b/defaults/main.yml index def8d8c..0c83202 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -132,6 +132,7 @@ ceph_centos_epel_key: >- ceph_immutable_object_cache_enabled: False ceph_immutable_object_cache_service_name: "ceph-immutable-object-cache@" ceph_immutable_object_cache_dir: "/ceph-immutable-object-cache" +ceph_immutable_object_cache_socket: "/run/ceph/immutable_object_cache_sock" ceph_immutable_object_cache_umask: "0002" ceph_immutable_object_cache_owner: "ceph" ceph_immutable_object_cache_group: "libvirt-qemu" diff --git a/tasks/main.yml b/tasks/main.yml index ab504a8..79c36ad 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -113,6 +113,20 @@ tags: - ceph-config +- name: Write AppArmor configuration for ceph immutable object caching + ansible.builtin.blockinfile: + path: /etc/apparmor.d/local/abstractions/libvirt-qemu + marker: "### {mark} OSA CEPH_CLIENT IMMUTABLE OBJECT CACHE BLOCK ###" + block: | + {{ ceph_immutable_object_cache_dir }}/** r, + {{ ceph_immutable_object_cache_socket }} rw, + state: "{{ ceph_immutable_object_cache_enabled | bool | ternary('present', 'absent') }}" + when: + - ansible_facts['os_family'] == "Debian" + - "'nova_compute' in group_names" + tags: + - ceph-config + - name: Set permissions on persistent write log cache directory file: path: "{{ ceph_persistent_write_log_cache_dir }}" @@ -122,3 +136,16 @@ when: ceph_persistent_write_log_cache_enabled | bool tags: - ceph-config + +- name: Write AppArmor configuration for ceph write log caching + ansible.builtin.blockinfile: + path: /etc/apparmor.d/local/abstractions/libvirt-qemu + marker: "### {mark} OSA CEPH_CLIENT WRITE LOG CACHE BLOCK ###" + block: | + {{ ceph_persistent_write_log_cache_dir }}/** rwk, + state: "{{ ceph_persistent_write_log_cache_enabled | bool | ternary('present', 'absent') }}" + when: + - ansible_facts['os_family'] == "Debian" + - "'nova_compute' in group_names" + tags: + - ceph-config