Merge "Add support for enable/disable of cephadm SSH user"

tripleo_ansible/playbooks/ceph-admin-user-disable.yml

@@ -0,0 +1,29 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- hosts: allovercloud
+  gather_facts: false
+  tasks:
+    - name: Remove id_rsa, id_rsa.pub and authorized_keys
+      become: true
+      ignore_errors: true
+      ansible.builtin.file:
+        path: "/home/{{ tripleo_cephadm_ssh_user }}/.ssh/{{ item }}"
+        state: absent
+      loop:
+        - "id_rsa"
+        - "id_rsa.pub"
+        - "authorized_keys"

tripleo_ansible/playbooks/cli-deployed-ceph.yaml

@@ -119,6 +119,8 @@
         tasks_from: enable_ceph_admin_user.yml
       vars:
         ceph_working_dir: "{{ working_dir }}"
+      tags:
+        - cephadm_ssh_user
 
 
 - name: Bootstrap Ceph and apply spec

tripleo_ansible/playbooks/disable_cephadm.yml

@@ -16,9 +16,10 @@
 # TODO: check the orchestrator is up
 
 - name: Pause cephadm
-  hosts: ceph_mon[0]
+  hosts: allovercloud
   tasks:
     - name: Pause cephadm
+      run_once: true
       import_role:
         name: tripleo_cephadm
         tasks_from: toggle_cephadm

tripleo_ansible/roles/tripleo_cephadm/tasks/toggle_cephadm.yml

@@ -14,16 +14,30 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+- name: Fail if FSID is missing
+  fail:
+    msg: "The Ceph FSID is required to use the Ceph CLI in admin mode"
+  when:
+    - (tripleo_cephadm_fsid is not defined) or
+      (tripleo_cephadm_fsid | length < 1)
+
 - name: Get ceph_cli
   include_tasks: ceph_cli.yaml
 
-- name: Reset the Ceph backend
-  command: "{{ tripleo_cephadm_ceph_cli }} orch set backend {{ tripleo_cephadm_backend|default('') }}"
-  register: ceph_orch_backend
-  become: true
+- name: Set tripleo_cephadm_toggle_cmds
+  set_fact:
+    tripleo_cephadm_toggle_cmds:
+      - "{{ tripleo_cephadm_ceph_cli }} orch set backend {{ tripleo_cephadm_backend|default('') }}"
+      - "{{ tripleo_cephadm_ceph_cli }} mgr module {{ tripleo_cephadm_action|default('disable') }} cephadm"
 
-- name: Start / Stop cephadm
-  command: |
-    {{ tripleo_cephadm_ceph_cli }} mgr module {{ tripleo_cephadm_action|default('disable') }} cephadm
+- name: Reverse the toggle command order when enabling
+  set_fact:
+    tripleo_cephadm_toggle_cmds: "{{ tripleo_cephadm_toggle_cmds | reverse | list }}"
+  when:
+    - tripleo_cephadm_action == 'enable'
+
+- name: Toggle Ceph
+  command: "{{ item }}"
   changed_when: false
   become: true
+  loop: "{{ tripleo_cephadm_toggle_cmds }}"

tripleo_ansible/roles/tripleo_run_cephadm/tasks/disable_cephadm.yml

@@ -26,6 +26,7 @@
       - '/usr/share/ansible/tripleo-playbooks/disable_cephadm.yml'
       - '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml'
       - '-e @{{ playbook_dir }}/global_vars.yaml'
+      - '--limit ceph_mon[0]'
 
 - name: Run disable_cephadm
   shell: "{{ (cephadm_disable_cephadm_command)|join(' ') }}"

tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml

@@ -70,7 +70,7 @@
       - '{{ inventory_file }}'
       - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}'
       - '/usr/share/ansible/tripleo-playbooks/ceph-admin-user-playbook.yml'
-      - '-e tripleo_admin_user=ceph-admin'
+      - "-e tripleo_admin_user={{ tripleo_cephadm_ssh_user|default('ceph-admin') }}"
     cephadm_public_private_ssh_list:
       - '-e distribute_private_key=true'
       - "--limit @{{ ceph_working_dir }}/cephadm_admin_limit.txt"