Merge "Add support for enable/disable of cephadm SSH user"

This commit is contained in:
Zuul 2021-12-18 00:42:50 +00:00 committed by Gerrit Code Review
commit 2f1a7b6199
6 changed files with 56 additions and 9 deletions

View File

@ -0,0 +1,29 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: allovercloud
gather_facts: false
tasks:
- name: Remove id_rsa, id_rsa.pub and authorized_keys
become: true
ignore_errors: true
ansible.builtin.file:
path: "/home/{{ tripleo_cephadm_ssh_user }}/.ssh/{{ item }}"
state: absent
loop:
- "id_rsa"
- "id_rsa.pub"
- "authorized_keys"

View File

@ -119,6 +119,8 @@
tasks_from: enable_ceph_admin_user.yml
vars:
ceph_working_dir: "{{ working_dir }}"
tags:
- cephadm_ssh_user
- name: Bootstrap Ceph and apply spec

View File

@ -16,9 +16,10 @@
# TODO: check the orchestrator is up
- name: Pause cephadm
hosts: ceph_mon[0]
hosts: allovercloud
tasks:
- name: Pause cephadm
run_once: true
import_role:
name: tripleo_cephadm
tasks_from: toggle_cephadm

View File

@ -14,16 +14,30 @@
# License for the specific language governing permissions and limitations
# under the License.
- name: Fail if FSID is missing
fail:
msg: "The Ceph FSID is required to use the Ceph CLI in admin mode"
when:
- (tripleo_cephadm_fsid is not defined) or
(tripleo_cephadm_fsid | length < 1)
- name: Get ceph_cli
include_tasks: ceph_cli.yaml
- name: Reset the Ceph backend
command: "{{ tripleo_cephadm_ceph_cli }} orch set backend {{ tripleo_cephadm_backend|default('') }}"
register: ceph_orch_backend
become: true
- name: Set tripleo_cephadm_toggle_cmds
set_fact:
tripleo_cephadm_toggle_cmds:
- "{{ tripleo_cephadm_ceph_cli }} orch set backend {{ tripleo_cephadm_backend|default('') }}"
- "{{ tripleo_cephadm_ceph_cli }} mgr module {{ tripleo_cephadm_action|default('disable') }} cephadm"
- name: Start / Stop cephadm
command: |
{{ tripleo_cephadm_ceph_cli }} mgr module {{ tripleo_cephadm_action|default('disable') }} cephadm
- name: Reverse the toggle command order when enabling
set_fact:
tripleo_cephadm_toggle_cmds: "{{ tripleo_cephadm_toggle_cmds | reverse | list }}"
when:
- tripleo_cephadm_action == 'enable'
- name: Toggle Ceph
command: "{{ item }}"
changed_when: false
become: true
loop: "{{ tripleo_cephadm_toggle_cmds }}"

View File

@ -26,6 +26,7 @@
- '/usr/share/ansible/tripleo-playbooks/disable_cephadm.yml'
- '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml'
- '-e @{{ playbook_dir }}/global_vars.yaml'
- '--limit ceph_mon[0]'
- name: Run disable_cephadm
shell: "{{ (cephadm_disable_cephadm_command)|join(' ') }}"

View File

@ -70,7 +70,7 @@
- '{{ inventory_file }}'
- '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}'
- '/usr/share/ansible/tripleo-playbooks/ceph-admin-user-playbook.yml'
- '-e tripleo_admin_user=ceph-admin'
- "-e tripleo_admin_user={{ tripleo_cephadm_ssh_user|default('ceph-admin') }}"
cephadm_public_private_ssh_list:
- '-e distribute_private_key=true'
- "--limit @{{ ceph_working_dir }}/cephadm_admin_limit.txt"