From 4d38019467694469c5df1e549e8a0be73b727814 Mon Sep 17 00:00:00 2001 From: John Fulton Date: Tue, 11 Jun 2019 21:34:56 +0000 Subject: [PATCH] Introduce ansible roles for ceph preparation Create five ansible roles prefixed with "tripleo-ceph-" to prepare the undercloud to run ceph-ansible. These roles were previously embedded as tasks in tripleo-heat-templates. ceph-ansible assumes its working directory persists and is configured by the user manually. TripleO integration requires that these steps be automated and these roles perform that automation. The roles may be used to create an ansible working directory with inventory, a ceph-ansible fetch directory, a system uuid map for node-specific-overrides, and runs ceph-ansible with the required options. Add ceph.yaml to the playbooks directory which can be used for development of these roles with --skip-tags run_ceph_ansible. Change-Id: I19cd58275a0b8f8f84776a98008cd9b10ceda908 --- tripleo_ansible/playbooks/ceph.yaml | 24 +++ .../tripleo-ceph-common/defaults/main.yml | 145 ++++++++++++++++++ .../roles/tripleo-ceph-fetch-dir/README.md | 44 ++++++ .../tripleo-ceph-fetch-dir/meta/main.yml | 43 ++++++ .../tasks/backup_and_clean.yml | 68 ++++++++ .../tripleo-ceph-fetch-dir/tasks/create.yml | 70 +++++++++ .../tripleo-ceph-fetch-dir/tasks/main.yml | 17 ++ .../tripleo-ceph-fetch-dir/vars/main.yml | 19 +++ .../roles/tripleo-ceph-run-ansible/README.md | 44 ++++++ .../tripleo-ceph-run-ansible/meta/main.yml | 45 ++++++ .../tripleo-ceph-run-ansible/tasks/main.yml | 79 ++++++++++ .../roles/tripleo-ceph-uuid/README.md | 30 ++++ .../roles/tripleo-ceph-uuid/meta/main.yml | 43 ++++++ .../roles/tripleo-ceph-uuid/tasks/gather.yml | 35 +++++ .../roles/tripleo-ceph-uuid/tasks/main.yml | 18 +++ .../roles/tripleo-ceph-uuid/tasks/prepare.yml | 49 ++++++ .../roles/tripleo-ceph-work-dir/README.md | 57 +++++++ .../roles/tripleo-ceph-work-dir/meta/main.yml | 42 +++++ .../tasks/get_ssh_private_key.yml | 25 +++ .../tripleo-ceph-work-dir/tasks/main.yml | 18 +++ .../tripleo-ceph-work-dir/tasks/prepare.yml | 46 ++++++ 21 files changed, 961 insertions(+) create mode 100644 tripleo_ansible/playbooks/ceph.yaml create mode 100644 tripleo_ansible/roles/tripleo-ceph-common/defaults/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-fetch-dir/README.md create mode 100644 tripleo_ansible/roles/tripleo-ceph-fetch-dir/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/backup_and_clean.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/create.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-fetch-dir/vars/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-run-ansible/README.md create mode 100644 tripleo_ansible/roles/tripleo-ceph-run-ansible/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-run-ansible/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-uuid/README.md create mode 100644 tripleo_ansible/roles/tripleo-ceph-uuid/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-uuid/tasks/gather.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-uuid/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-uuid/tasks/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-work-dir/README.md create mode 100644 tripleo_ansible/roles/tripleo-ceph-work-dir/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/get_ssh_private_key.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/prepare.yml diff --git a/tripleo_ansible/playbooks/ceph.yaml b/tripleo_ansible/playbooks/ceph.yaml new file mode 100644 index 000000000..7519a0423 --- /dev/null +++ b/tripleo_ansible/playbooks/ceph.yaml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- hosts: Undercloud + roles: + - role: tripleo-ceph-run-ansible + post_tasks: + - name: backup and clean fetch directory after ceph-ansible run + include_role: + name: tripleo-ceph-fetch-dir + tasks_from: backup_and_clean diff --git a/tripleo_ansible/roles/tripleo-ceph-common/defaults/main.yml b/tripleo_ansible/roles/tripleo-ceph-common/defaults/main.yml new file mode 100644 index 000000000..fe832b2c4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-common/defaults/main.yml @@ -0,0 +1,145 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# todo(fultonj): evolve this to derive more of these values from facts + +ceph_ansible_group_vars_all: + ceph_conf_overrides: + global: + osd_max_backfills: 1 + osd_pool_default_pg_num: 32 + osd_pool_default_pgp_num: 32 + osd_pool_default_size: 3 + osd_recovery_max_active: 3 + osd_recovery_op_priority: 3 + rgw_keystone_accepted_admin_roles: ResellerAdmin + rgw_keystone_accepted_roles: Member, admin + rgw_keystone_admin_domain: default + rgw_keystone_admin_password: fEoaZFe0C5ZQ1hvFo7yfxutan + rgw_keystone_admin_project: service + rgw_keystone_admin_user: swift + rgw_keystone_api_version: 3 + rgw_keystone_implicit_tenants: 'true' + rgw_keystone_revocation_interval: '0' + rgw_keystone_url: http://192.168.24.18:5000 + rgw_s3_auth_use_keystone: 'true' + rgw_swift_versioning_enabled: 'true' + ceph_docker_image: ceph/daemon + ceph_docker_image_tag: v4.0.0-stable-4.0-nautilus-centos-7-x86_64 + ceph_docker_registry: 192.168.24.1:8787 + ceph_origin: distro + ceph_stable: true + cluster: ceph + cluster_network: 192.168.24.0/24 + containerized_deployment: true + docker: true + fsid: b8df929e-7c29-11e9-b1bd-244253215215 + generate_fsid: false + ip_version: ipv4 + keys: + - caps: + mgr: allow * + mon: profile rbd + osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms, + profile rbd pool=images + key: AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q== + mode: '0600' + name: client.openstack + - caps: + mds: allow * + mgr: allow * + mon: allow r, allow command 'auth del', allow command 'auth caps', allow + command 'auth get', allow command 'auth get-or-create' + osd: allow rw + key: AQCwmeRcAAAAABAAiglHZveUQUmoSsYbZcbMEA== + mode: '0600' + name: client.manila + - caps: + mgr: allow * + mon: allow rw + osd: allow rwx + key: AQCwmeRcAAAAABAAvd9OK2qeXNaD4rL/wP7D0Q== + mode: '0600' + name: client.radosgw + monitor_address_block: 192.168.24.0/24 + ntp_service_enabled: false + openstack_config: true + openstack_keys: + - caps: + mgr: allow * + mon: profile rbd + osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms, + profile rbd pool=images + key: AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q== + mode: '0600' + name: client.openstack + - caps: + mds: allow * + mgr: allow * + mon: allow r, allow command 'auth del', allow command 'auth caps', allow + command 'auth get', allow command 'auth get-or-create' + osd: allow rw + key: AQCwmeRcAAAAABAAiglHZveUQUmoSsYbZcbMEA== + mode: '0600' + name: client.manila + - caps: + mgr: allow * + mon: allow rw + osd: allow rwx + key: AQCwmeRcAAAAABAAvd9OK2qeXNaD4rL/wP7D0Q== + mode: '0600' + name: client.radosgw + openstack_pools: + - application: rbd + name: images + pg_num: 32 + rule_name: replicated_rule + - application: rbd + name: backups + pg_num: 32 + rule_name: replicated_rule + - application: rbd + name: vms + pg_num: 32 + rule_name: replicated_rule + - application: rbd + name: volumes + pg_num: 32 + rule_name: replicated_rule + pools: [] + public_network: 192.168.24.0/24 + user_config: true +blacklisted_hostnames: [] +ceph_ansible_extra_vars: + ireallymeanit: 'yes' + container_binary: 'podman' +uuid_content: '' +ceph_ansible_playbook_verbosity: 3 +ceph_ansible_playbooks_param: ['default'] +local_ceph_ansible_fetch_directory_backup: "{{ playbook_dir }}/ceph-ansible/fetch_backup" +swift_get_url: '' +swift_put_url: '' +ceph_ansible_skip_tags: 'package-install,with_pkg' +ceph_ansible_environment_variables: {} +docker: true +containerized_deployment: true +user_config: true +ceph_stable: true +ceph_origin: distro +openstack_config: true +pools: [] +ntp_service_enabled: false +generate_fsid: false diff --git a/tripleo_ansible/roles/tripleo-ceph-fetch-dir/README.md b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/README.md new file mode 100644 index 000000000..11c4c33b6 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/README.md @@ -0,0 +1,44 @@ +Ansible Role to manage a ceph-ansible fetch directory +===================================================== + +When scaling Ceph monitors, ceph-ansible uses context from the +fetch_directory to prevent new monitors from trying to bootstrap +a new Ceph cluster + +This role saves the fetch_directory to either Swift or a local +directory after each ceph-ansible playbook run; and if there is +a backup of fetch directory in Swift or the specificied local +directory, restores it before each ceph-ansible playbook run. + +The main.yml does not include the backup_and_clean.yml because +that should be run separately as a post task as needed by a +separate import using tasks_from. + +Requirements +------------ + +None + +Role Variables +-------------- + +- ceph_ansible_tarball_name: The name of the file which will contain a + tar.gz backup of the ceph-ansible fetch directory. Used for both the + local and swift backup methods. (default: 'temporary_dir.tar.gz') + +- old_ceph_ansible_tarball_name: The name of the file which will be + saved in /tmp when the ceph-ansible fetch directory is downloaded + from Swift. Not used for local backups and only used for + Swift backups. (default: 'temporary_dir_old.tar.gz') + +- new_ceph_ansible_tarball_name: The name of the file which will be + saved in /tmp after ceph-ansible runs and then uploaded to Swift. + Not used for local backups only only used for Swift backups. + (default: 'temporary_dir_new.tar.gz') + + +Dependencies +------------ + +- tripleo-ceph-common +- tripleo-ceph-work-dir diff --git a/tripleo_ansible/roles/tripleo-ceph-fetch-dir/meta/main.yml b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/meta/main.yml new file mode 100644 index 000000000..e82e8d8c2 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/meta/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-ceph-fetch-dir + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + +dependencies: + - tripleo-ceph-common + - tripleo-ceph-work-dir diff --git a/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/backup_and_clean.yml b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/backup_and_clean.yml new file mode 100644 index 000000000..c35995408 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/backup_and_clean.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: register contents of fetch_directory after ceph-ansible run + find: + paths: "{{ playbook_dir }}/ceph-ansible/fetch_dir/" + recurse: true + register: ceph_ansible_fetch_dir_contents + +# backup to local directory +- name: create ceph-ansible fetch directory tarball in local backup + archive: + path: "{{ playbook_dir }}/ceph-ansible/fetch_dir/*" + dest: "{{ local_ceph_ansible_fetch_directory_backup }}/{{ ceph_ansible_tarball_name }}" + exclude_path: + - '{{ playbook_dir }}/ceph-ansible/fetch_dir/fetch_dir' + when: + - local_ceph_ansible_fetch_directory_backup | length > 0 + - ceph_ansible_fetch_dir_contents.matched|int != 0 + +# backup to swift +- when: + - local_ceph_ansible_fetch_directory_backup | length == 0 + - ceph_ansible_fetch_dir_contents.matched|int != 0 + block: + - name: create temporary ceph-ansible fetch directory tarball for swift backup + archive: + path: "{{ playbook_dir }}/ceph-ansible/fetch_dir/*" + dest: "/tmp/{{ new_ceph_ansible_tarball_name }}" + exclude_path: + - '{{ playbook_dir }}/ceph-ansible/fetch_dir/fetch_dir' + - name: backup temporary ceph-ansible fetch directory tarball in swift + shell: "curl -s -o /dev/null -w '%{http_code}' -X PUT -T /tmp/{{ new_ceph_ansible_tarball_name }} \"{{ swift_put_url }}\"" + register: curl_put_http_status + - fail: + msg: 'Received HTTP: {{ curl_put_http_status.stdout }} when attempting to PUT to {{ swift_put_url }}' + name: ensure we were able to backup temporary fetch directory to swift + when: + - curl_put_http_status is changed + - curl_put_http_status.stdout != "200" + - curl_put_http_status.stdout != "201" + - name: clean temporary fetch directory after swift backup + file: + path: "/tmp/{{ new_ceph_ansible_tarball_name }}" + state: absent + when: (curl_put_http_status is changed and + (curl_put_http_status.stdout == "200" or + curl_put_http_status.stdout == "201")) + +# remove copy of fetchdir in case another user unpacks it (LP #1823229) +- name: Remove ceph-ansible fetch directory + become: true + file: + path: "{{ playbook_dir }}/ceph-ansible/fetch_dir/" + state: absent diff --git a/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/create.yml b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/create.yml new file mode 100644 index 000000000..1a5d47368 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/create.yml @@ -0,0 +1,70 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# local backup +- when: local_ceph_ansible_fetch_directory_backup | length > 0 + block: + - name: look for requested ceph-ansible fetch directory for local backup + stat: path="{{ local_ceph_ansible_fetch_directory_backup }}" + register: local_backup_directory + ignore_errors: true + - name: autocreate new directory for ceph-ansible fetch directory backup + become: true + file: + path: "{{ local_ceph_ansible_fetch_directory_backup }}" + state: directory + owner: "{{ ansible_user }}" + mode: 0700 + when: not local_backup_directory.stat.exists + - name: look for tarball of ceph-ansible fetch directory in local backup + stat: path="{{ local_ceph_ansible_fetch_directory_backup }}/{{ ceph_ansible_tarball_name }}" + register: local_backup_file + ignore_errors: true + - name: untar local backup of ceph-ansible fetch directory + # unarchive module hit https://github.com/ansible/ansible/issues/35645 + shell: >- + /usr/bin/gtar --gzip --extract --file \ + {{ local_ceph_ansible_fetch_directory_backup }}/{{ ceph_ansible_tarball_name }} \ + -C {{ playbook_dir }}/ceph-ansible/fetch_dir + when: local_backup_file.stat.exists + +# swift backup +- when: local_ceph_ansible_fetch_directory_backup | length == 0 + block: + - name: attempt download of fetch directory tarball from swift backup + shell: "curl -s -o /tmp/{{ old_ceph_ansible_tarball_name }} -w '%{http_code}' -X GET \"{{ swift_get_url }}\"" + register: curl_get_http_status + ignore_errors: true + - name: ensure we create a new fetch_directory or use the old fetch_directory + fail: + msg: "Received HTTP: {{ curl_get_http_status.stdout }} when attempting to GET from {{ swift_get_url }}" + when: + - curl_get_http_status is changed + - curl_get_http_status.stdout != "200" # deployment update + - curl_get_http_status.stdout != "404" # new deployment + - name: unpack downloaded ceph-ansible fetch tarball to fetch directory + # unarchive module hit https://github.com/ansible/ansible/issues/35645 + shell: "/usr/bin/gtar --gzip --extract --file /tmp/{{ old_ceph_ansible_tarball_name }} -C {{ playbook_dir }}/ceph-ansible/fetch_dir" + when: + - curl_get_http_status is changed + - curl_get_http_status.stdout == "200" + - name: remove downloaded ceph-ansible fetch directory tarball from filesystem + file: + path: "/tmp/{{ old_ceph_ansible_tarball_name }}" + state: absent + when: + - curl_get_http_status is changed + - curl_get_http_status.stdout == "200" diff --git a/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/main.yml b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/main.yml new file mode 100644 index 000000000..677ec5ecb --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- import_tasks: create.yml diff --git a/tripleo_ansible/roles/tripleo-ceph-fetch-dir/vars/main.yml b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/vars/main.yml new file mode 100644 index 000000000..1917a7539 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-fetch-dir/vars/main.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +ceph_ansible_tarball_name: 'temporary_dir.tar.gz' +old_ceph_ansible_tarball_name: 'temporary_dir_old.tar.gz' +new_ceph_ansible_tarball_name: 'temporary_dir_new.tar.gz' diff --git a/tripleo_ansible/roles/tripleo-ceph-run-ansible/README.md b/tripleo_ansible/roles/tripleo-ceph-run-ansible/README.md new file mode 100644 index 000000000..1715244c0 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-run-ansible/README.md @@ -0,0 +1,44 @@ +Ansible Role to manage the exectution of ceph-ansible from within TripleO +========================================================================= + +Executes playbooks from ceph-ansible using parameters from TripleO. + +After the working directory is created by the tripleo-ceph-work-dir +role and the working directory has been populated with host_vars +mapping node specific overrides by the tripleo-ceph-uuid role, and +after the fetch directory is populated with context from previous +ceph-ansible runs, by the tripleo-ceph-fetch-dir role, the playbooks +from ceph-ansible may be executed. + +This role creates the shell script ceph_ansible_command.sh within +the ceph-ansible working directory and then executes the shell script. +If the shell script's return is non-zero, the deployment fails and an +error message from ansible is displayed. + +After this role is used, the tasks from backup_and_clean.yml from the +tripleo-ceph-work-dir role should be used to persist the ceph-ansible +fetch directory and then remove it so that future runs of ceph-ansible +by this role do not have permissions issues when the role is used by a +different user. + +Requirements +------------ + +None + +Role Variables +-------------- + +- ceph_ansible_playbooks_param: the list of ceph-ansible playbooks to + be run; e.g. ['/usr/share/ceph-ansible/site-container.yml.sample']) + is the default but any item in ceph-ansible/infrastructure-playbooks + may be passed. If the list contains more than one item, each + playbook is executed sequentially. + +Dependencies +------------ + +- tripleo-ceph-common +- tripleo-ceph-work-dir +- tripleo-ceph-fetch-dir +- tripleo-ceph-uuid diff --git a/tripleo_ansible/roles/tripleo-ceph-run-ansible/meta/main.yml b/tripleo_ansible/roles/tripleo-ceph-run-ansible/meta/main.yml new file mode 100644 index 000000000..9957bcdd6 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-run-ansible/meta/main.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-ceph-run-ansible + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + +dependencies: + - tripleo-ceph-common + - tripleo-ceph-work-dir + - tripleo-ceph-fetch-dir + - tripleo-ceph-uuid diff --git a/tripleo_ansible/roles/tripleo-ceph-run-ansible/tasks/main.yml b/tripleo_ansible/roles/tripleo-ceph-run-ansible/tasks/main.yml new file mode 100644 index 000000000..361aa67c7 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-run-ansible/tasks/main.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: set ceph-ansible playbook list + set_fact: + ceph_ansible_playbooks: > + {%- if ceph_ansible_playbooks_param != ['default'] -%} + {{ ceph_ansible_playbooks_param }} + {%- else -%} + {{ ceph_ansible_playbooks_default|default(['/usr/share/ceph-ansible/site-container.yml.sample']) }} + {%- endif -%} + +- name: set ceph-ansible command list + set_fact: + ceph_ansible_command_list: + - ANSIBLE_ACTION_PLUGINS=/usr/share/ceph-ansible/plugins/actions/ + - ANSIBLE_CALLBACK_PLUGINS=/usr/share/ceph-ansible/plugins/callback/ + - ANSIBLE_ROLES_PATH=/usr/share/ceph-ansible/roles/ + - ANSIBLE_LOG_PATH="{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.log" + - ANSIBLE_LIBRARY=/usr/share/ceph-ansible/library/ + - ANSIBLE_CONFIG=/usr/share/ceph-ansible/ansible.cfg + - ANSIBLE_REMOTE_TEMP=/tmp/ceph_ansible_tmp + - ANSIBLE_FORKS=25 + - ANSIBLE_GATHER_TIMEOUT=60 + - "{{ ceph_ansible_environment_variables|join(' ') }}" + - ansible-playbook + - '{% if ceph_ansible_private_key_file is defined %}--private-key {{ ceph_ansible_private_key_file }}{% endif %}' + - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' + - '-{%- for number in range(0, ceph_ansible_playbook_verbosity) -%}v{% endfor %}' + - '{% if ceph_ansible_skip_tags is defined %}--skip-tags {{ ceph_ansible_skip_tags }}{% endif %}' + - '-i' + - '{{ playbook_dir }}/ceph-ansible/inventory.yml' + - '--extra-vars' + - '@{{ playbook_dir }}/ceph-ansible/extra_vars.yml' + +- name: save ceph-ansible playbook command(s) to shell script + copy: + dest: "{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.sh" + mode: '0755' + content: | + #!/usr/bin/env bash + set -e + {% for playbook in ceph_ansible_playbooks %} + echo "Running ceph-ansible playbook {{ playbook }}" + {{ ceph_ansible_command_list|join(' ') }} {{ playbook }} 2>&1 + {% endfor %} + +- name: run ceph-ansible (immediate log at {{ playbook_dir }}/ceph-ansible/ceph_ansible_command.log) + # Needs become to be able to read the ssh private key + become: true + shell: "{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.sh" + # We want the output chunked into bits to prevent + # overflowing Zaqar message size + no_log: true + failed_when: false + register: outputs + tags: run_ceph_ansible + +- name: print ceph-ansible output in case of failure + debug: + var: outputs.stdout_lines | default([]) | union(outputs.stderr_lines | default([])) + failed_when: outputs.rc != 0 + when: + - outputs is changed + - outputs.rc != 0 + tags: run_ceph_ansible diff --git a/tripleo_ansible/roles/tripleo-ceph-uuid/README.md b/tripleo_ansible/roles/tripleo-ceph-uuid/README.md new file mode 100644 index 000000000..606da1ba2 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-uuid/README.md @@ -0,0 +1,30 @@ +Ansible Role to gather node UUIDs for node-specfic overrides +============================================================ + +Populates the host_vars of the ceph-ansible working directory, +as provided by the tripleo-ceph-work-dir role, by mapping each +hostname to its UUID. The UUID is determined by running the +`dmidecode -s system-uuid` command on each node with Ansible. +This role creates and executes its own playbook. This role +sets up the host_vars directory used by ceph-ansible so +that TripleO's "node specific overrides" can be used to +override a particular parameter for only a subset of hosts. +The most popular usecase for this role is to pass a different +list of block devices to be used as OSDs for a subset of servers +which differ from the majority of servers. + +Requirements +------------ + +None + +Role Variables +-------------- + +None + +Dependencies +------------ + +- tripleo-ceph-common +- tripleo-ceph-work-dir diff --git a/tripleo_ansible/roles/tripleo-ceph-uuid/meta/main.yml b/tripleo_ansible/roles/tripleo-ceph-uuid/meta/main.yml new file mode 100644 index 000000000..71ed278d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-uuid/meta/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-ceph-uuid + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + +dependencies: + - tripleo-ceph-common + - tripleo-ceph-work-dir diff --git a/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/gather.yml b/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/gather.yml new file mode 100644 index 000000000..8f9b8ae56 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/gather.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: build nodes-uuid command as list + set_fact: + nodes_uuid_list: + - ANSIBLE_LOG_PATH="{{ playbook_dir }}/ceph-ansible/nodes_uuid_command.log" + - ANSIBLE_SSH_CONTROL_PATH_DIR="{{ playbook_dir }}/ceph-ansible/" + - ANSIBLE_CONFIG="{{ playbook_dir }}/ansible.cfg" + - ANSIBLE_REMOTE_TEMP=/tmp/nodes_uuid_tmp + - "{{ ceph_ansible_environment_variables|join(' ') }}" + - ansible-playbook + - '{% if ceph_ansible_private_key_file is defined %}--private-key {{ ceph_ansible_private_key_file }}{% endif %}' + - '-i' + - '{{ playbook_dir }}/ceph-ansible/inventory.yml' + - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' + - '{{ playbook_dir }}/ceph-ansible/nodes_uuid_playbook.yml' + +- name: run nodes-uuid command + # needs become to be able to read the ssh private key + become: true + shell: "{{ nodes_uuid_list|join(' ') }}" diff --git a/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/main.yml b/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/main.yml new file mode 100644 index 000000000..6b6d36248 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- import_tasks: prepare.yml +- import_tasks: gather.yml diff --git a/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/prepare.yml b/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/prepare.yml new file mode 100644 index 000000000..94aa1668d --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-uuid/tasks/prepare.yml @@ -0,0 +1,49 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: generate nodes-uuid data file + copy: + dest: "{{ playbook_dir }}/ceph-ansible/nodes_uuid_data.json" + content: "{{ uuid_content }}" + +- name: generate nodes-uuid playbook + copy: + dest: "{{ playbook_dir }}/ceph-ansible/nodes_uuid_playbook.yml" + content: | + - hosts: all + gather_facts: no + tasks: + - name: set nodes data + set_fact: + nodes_data: "{% raw %}{{ lookup('file','./nodes_uuid_data.json') | from_json }}{% endraw %}" + - name: register machine id + become: true + # awk strips unwanted output, see LP bug #1762460 + shell: >- + dmidecode -s system-uuid | \ + awk 'match($0, /[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}/) \ + { print substr($0, RSTART, RLENGTH) }' | \ + tr A-F a-f + register: machine_uuid + # NOTE(tonyb): 0 == no error, 1 == -EPERM or bad data and 2 == Command not found + # 1 and 2 aren't great but shouldn't cause the deploy to fail. If we're using + # the node specific data we'll fail then. If we aren't then lets keep moving + failed_when: machine_uuid.rc not in [0, 1, 2] + - name: generate host vars from nodes data + copy: + content: "{% raw %}{{ nodes_data[machine_uuid.stdout|default('')]|default({})|to_nice_yaml }}{% endraw %}" + dest: "{{ playbook_dir }}/ceph-ansible/host_vars/{% raw %}{{ inventory_hostname }}{% endraw %}.yml" + delegate_to: localhost diff --git a/tripleo_ansible/roles/tripleo-ceph-work-dir/README.md b/tripleo_ansible/roles/tripleo-ceph-work-dir/README.md new file mode 100644 index 000000000..d9bf5d8bd --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-work-dir/README.md @@ -0,0 +1,57 @@ +Ansible Role to manage a ceph-ansible working directory +======================================================= + +The aim of this role and its supporting roles is to automate steps +that a ceph-ansible user normally does manually so that TripleO +may complete these steps for the user before and after ceph-ansible +runs. + +Creates a directory within config-download called "ceph-ansible" +which contains the following contents, which are prerequisites +for ceph-ansible to be used: + +- group_vars directory +- host_vars directory +- an inventory with the host groups ceph-ansible expects +- an extra_vars.yml file + +The group_vars directory will be populated with the file all.yml which +contains content from the ceph_ansible_group_vars_all variable. +Additional files in group_vars will be populated by config-download +external_deploy_tasks Ansible embdeded directly in TripleO Heat +Templates. + +The host_vars directory will be populated for each host based on +that host's UUID by the tripleo-ceph-uuid role. + +The extra_vars.yml file will be populated with content from the +ceph_ansible_extra_vars variable. + +This role also crecates an empty fetch_directory within the work +directory but the tripleo-ceph-fetch-dir role should be used to +populate and persist this fecth directory before the tripleo-run- +ceph-ansible role is used. + +Requirements +------------ + +None + +Role Variables +-------------- + +- ceph_ansible_group_vars_all: map containing all variables typically + found in ceph-ansible/group_vars/all.yml. + +- ceph_ansible_extra_vars: map containing all variables the user + wishes to pass to the ceph-ansible run using 'ansible-playbook + --extra-vars @extra_vars.yml' + +- ceph_ansible_private_key_file: The private SSH key that ceph-ansible + will use to connect to the nodes it will configure. (defaults to the + config-download "{{ playbook_dir }}/ssh_private_key") + +Dependencies +------------ + +- tripleo-ceph-common diff --git a/tripleo_ansible/roles/tripleo-ceph-work-dir/meta/main.yml b/tripleo_ansible/roles/tripleo-ceph-work-dir/meta/main.yml new file mode 100644 index 000000000..7c4ead768 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-work-dir/meta/main.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-ceph-work-dir + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + +dependencies: + - tripleo-ceph-common diff --git a/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/get_ssh_private_key.yml b/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/get_ssh_private_key.yml new file mode 100644 index 000000000..294369ce6 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/get_ssh_private_key.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: detect private key file + stat: + path: "{{ playbook_dir }}/ssh_private_key" + register: detect_private_key_file + +- name: set private key file + set_fact: + ceph_ansible_private_key_file: "{{ playbook_dir }}/ssh_private_key" + when: ceph_ansible_private_key_file is not defined and detect_private_key_file.stat.exists diff --git a/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/main.yml b/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/main.yml new file mode 100644 index 000000000..10bcea494 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- import_tasks: prepare.yml +- import_tasks: get_ssh_private_key.yml diff --git a/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/prepare.yml b/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/prepare.yml new file mode 100644 index 000000000..ebb53ca8e --- /dev/null +++ b/tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/prepare.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: create ceph-ansible temp dirs + become: true + file: + path: "{{ item }}" + state: directory + owner: "{{ ansible_user }}" + with_items: + - "{{ playbook_dir }}/ceph-ansible" + - "{{ playbook_dir }}/ceph-ansible/group_vars" + - "{{ playbook_dir }}/ceph-ansible/host_vars" + - "{{ playbook_dir }}/ceph-ansible/fetch_dir" + +- name: symbolic link to tripleo inventory from ceph-ansible work directory + # If we call ceph-ansible with the same inventory as the calling + # playbook, then config-download/groups_vars will be used instead + # of config-download/ceph-ansible/group_vars. + file: + src: "{{ inventory_file }}" + dest: "{{ playbook_dir }}/ceph-ansible/inventory.yml" + state: link + +- name: generate ceph-ansible group vars all + copy: + dest: "{{ playbook_dir }}/ceph-ansible/group_vars/all.yml" + content: "{{ ceph_ansible_group_vars_all|to_nice_yaml }}" + +- name: generate ceph-ansible extra vars + copy: + dest: "{{ playbook_dir }}/ceph-ansible/extra_vars.yml" + content: "{{ ceph_ansible_extra_vars|to_nice_yaml }}"