openstack
/
tripleo-ansible
Code Issues Proposed changes

Introduce ansible roles for ceph preparation 

Create five ansible roles prefixed with "tripleo-ceph-" to
prepare the undercloud to run ceph-ansible. These roles were
previously embedded as tasks in tripleo-heat-templates.
ceph-ansible assumes its working directory persists and is
configured by the user manually. TripleO integration requires
that these steps be automated and these roles perform that
automation.

The roles may be used to create an ansible working directory
with inventory, a ceph-ansible fetch directory, a system uuid
map for node-specific-overrides, and runs ceph-ansible with
the required options.

Add ceph.yaml to the playbooks directory which can be used for
development of these roles with --skip-tags run_ceph_ansible.

Change-Id: I19cd58275a0b8f8f84776a98008cd9b10ceda908
This commit is contained in:
John Fulton 2019-06-11 21:34:56 +00:00
parent 87e94e7ebb
commit 4d38019467
21 changed files with 961 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tripleo_ansible/playbooks/ceph.yaml Normal file
View File

@ -0,0 +1,24 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: Undercloud
roles:
- role: tripleo-ceph-run-ansible
post_tasks:
- name: backup and clean fetch directory after ceph-ansible run
include_role:
name: tripleo-ceph-fetch-dir
tasks_from: backup_and_clean

145
tripleo_ansible/roles/tripleo-ceph-common/defaults/main.yml Normal file
View File

@ -0,0 +1,145 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# todo(fultonj): evolve this to derive more of these values from facts
ceph_ansible_group_vars_all:
ceph_conf_overrides:
global:
osd_max_backfills: 1
osd_pool_default_pg_num: 32
osd_pool_default_pgp_num: 32
osd_pool_default_size: 3
osd_recovery_max_active: 3
osd_recovery_op_priority: 3
rgw_keystone_accepted_admin_roles: ResellerAdmin
rgw_keystone_accepted_roles: Member, admin
rgw_keystone_admin_domain: default
rgw_keystone_admin_password: fEoaZFe0C5ZQ1hvFo7yfxutan
rgw_keystone_admin_project: service
rgw_keystone_admin_user: swift
rgw_keystone_api_version: 3
rgw_keystone_implicit_tenants: 'true'
rgw_keystone_revocation_interval: '0'
rgw_keystone_url: http://192.168.24.18:5000
rgw_s3_auth_use_keystone: 'true'
rgw_swift_versioning_enabled: 'true'
ceph_docker_image: ceph/daemon
ceph_docker_image_tag: v4.0.0-stable-4.0-nautilus-centos-7-x86_64
ceph_docker_registry: 192.168.24.1:8787
ceph_origin: distro
ceph_stable: true
cluster: ceph
cluster_network: 192.168.24.0/24
containerized_deployment: true
docker: true
fsid: b8df929e-7c29-11e9-b1bd-244253215215
generate_fsid: false
ip_version: ipv4
keys:
- caps:
mgr: allow *
mon: profile rbd
osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms,
profile rbd pool=images
key: AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q==
mode: '0600'
name: client.openstack
- caps:
mds: allow *
mgr: allow *
mon: allow r, allow command 'auth del', allow command 'auth caps', allow
command 'auth get', allow command 'auth get-or-create'
osd: allow rw
key: AQCwmeRcAAAAABAAiglHZveUQUmoSsYbZcbMEA==
mode: '0600'
name: client.manila
- caps:
mgr: allow *
mon: allow rw
osd: allow rwx
key: AQCwmeRcAAAAABAAvd9OK2qeXNaD4rL/wP7D0Q==
mode: '0600'
name: client.radosgw
monitor_address_block: 192.168.24.0/24
ntp_service_enabled: false
openstack_config: true
openstack_keys:
- caps:
mgr: allow *
mon: profile rbd
osd: profile rbd pool=volumes, profile rbd pool=backups, profile rbd pool=vms,
profile rbd pool=images
key: AQCwmeRcAAAAABAA6SQU/bGqFjlfLro5KxrB1Q==
mode: '0600'
name: client.openstack
- caps:
mds: allow *
mgr: allow *
mon: allow r, allow command 'auth del', allow command 'auth caps', allow
command 'auth get', allow command 'auth get-or-create'
osd: allow rw
key: AQCwmeRcAAAAABAAiglHZveUQUmoSsYbZcbMEA==
mode: '0600'
name: client.manila
- caps:
mgr: allow *
mon: allow rw
osd: allow rwx
key: AQCwmeRcAAAAABAAvd9OK2qeXNaD4rL/wP7D0Q==
mode: '0600'
name: client.radosgw
openstack_pools:
- application: rbd
name: images
pg_num: 32
rule_name: replicated_rule
- application: rbd
name: backups
pg_num: 32
rule_name: replicated_rule
- application: rbd
name: vms
pg_num: 32
rule_name: replicated_rule
- application: rbd
name: volumes
pg_num: 32
rule_name: replicated_rule
pools: []
public_network: 192.168.24.0/24
user_config: true
blacklisted_hostnames: []
ceph_ansible_extra_vars:
ireallymeanit: 'yes'
container_binary: 'podman'
uuid_content: ''
ceph_ansible_playbook_verbosity: 3
ceph_ansible_playbooks_param: ['default']
local_ceph_ansible_fetch_directory_backup: "{{ playbook_dir }}/ceph-ansible/fetch_backup"
swift_get_url: ''
swift_put_url: ''
ceph_ansible_skip_tags: 'package-install,with_pkg'
ceph_ansible_environment_variables: {}
docker: true
containerized_deployment: true
user_config: true
ceph_stable: true
ceph_origin: distro
openstack_config: true
pools: []
ntp_service_enabled: false
generate_fsid: false

44
tripleo_ansible/roles/tripleo-ceph-fetch-dir/README.md Normal file
View File

@ -0,0 +1,44 @@
Ansible Role to manage a ceph-ansible fetch directory
=====================================================
When scaling Ceph monitors, ceph-ansible uses context from the
fetch_directory to prevent new monitors from trying to bootstrap
a new Ceph cluster
This role saves the fetch_directory to either Swift or a local
directory after each ceph-ansible playbook run; and if there is
a backup of fetch directory in Swift or the specificied local
directory, restores it before each ceph-ansible playbook run.
The main.yml does not include the backup_and_clean.yml because
that should be run separately as a post task as needed by a
separate import using tasks_from.
Requirements
------------
None
Role Variables
--------------
- ceph_ansible_tarball_name: The name of the file which will contain a
tar.gz backup of the ceph-ansible fetch directory. Used for both the
local and swift backup methods. (default: 'temporary_dir.tar.gz')
- old_ceph_ansible_tarball_name: The name of the file which will be
saved in /tmp when the ceph-ansible fetch directory is downloaded
from Swift. Not used for local backups and only used for
Swift backups. (default: 'temporary_dir_old.tar.gz')
- new_ceph_ansible_tarball_name: The name of the file which will be
saved in /tmp after ceph-ansible runs and then uploaded to Swift.
Not used for local backups only only used for Swift backups.
(default: 'temporary_dir_new.tar.gz')
Dependencies
------------
- tripleo-ceph-common
- tripleo-ceph-work-dir

43
tripleo_ansible/roles/tripleo-ceph-fetch-dir/meta/main.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-ceph-fetch-dir
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7
galaxy_tags:
- tripleo
dependencies:
- tripleo-ceph-common
- tripleo-ceph-work-dir

68
tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/backup_and_clean.yml Normal file
View File

@ -0,0 +1,68 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: register contents of fetch_directory after ceph-ansible run
find:
paths: "{{ playbook_dir }}/ceph-ansible/fetch_dir/"
recurse: true
register: ceph_ansible_fetch_dir_contents
# backup to local directory
- name: create ceph-ansible fetch directory tarball in local backup
archive:
path: "{{ playbook_dir }}/ceph-ansible/fetch_dir/*"
dest: "{{ local_ceph_ansible_fetch_directory_backup }}/{{ ceph_ansible_tarball_name }}"
exclude_path:
- '{{ playbook_dir }}/ceph-ansible/fetch_dir/fetch_dir'
when:
- local_ceph_ansible_fetch_directory_backup | length > 0
- ceph_ansible_fetch_dir_contents.matched|int != 0
# backup to swift
- when:
- local_ceph_ansible_fetch_directory_backup | length == 0
- ceph_ansible_fetch_dir_contents.matched|int != 0
block:
- name: create temporary ceph-ansible fetch directory tarball for swift backup
archive:
path: "{{ playbook_dir }}/ceph-ansible/fetch_dir/*"
dest: "/tmp/{{ new_ceph_ansible_tarball_name }}"
exclude_path:
- '{{ playbook_dir }}/ceph-ansible/fetch_dir/fetch_dir'
- name: backup temporary ceph-ansible fetch directory tarball in swift
shell: "curl -s -o /dev/null -w '%{http_code}' -X PUT -T /tmp/{{ new_ceph_ansible_tarball_name }} \"{{ swift_put_url }}\""
register: curl_put_http_status
- fail:
msg: 'Received HTTP: {{ curl_put_http_status.stdout }} when attempting to PUT to {{ swift_put_url }}'
name: ensure we were able to backup temporary fetch directory to swift
when:
- curl_put_http_status is changed
- curl_put_http_status.stdout != "200"
- curl_put_http_status.stdout != "201"
- name: clean temporary fetch directory after swift backup
file:
path: "/tmp/{{ new_ceph_ansible_tarball_name }}"
state: absent
when: (curl_put_http_status is changed and
(curl_put_http_status.stdout == "200" or
curl_put_http_status.stdout == "201"))
# remove copy of fetchdir in case another user unpacks it (LP #1823229)
- name: Remove ceph-ansible fetch directory
become: true
file:
path: "{{ playbook_dir }}/ceph-ansible/fetch_dir/"
state: absent

70
tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/create.yml Normal file
View File

@ -0,0 +1,70 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# local backup
- when: local_ceph_ansible_fetch_directory_backup | length > 0
block:
- name: look for requested ceph-ansible fetch directory for local backup
stat: path="{{ local_ceph_ansible_fetch_directory_backup }}"
register: local_backup_directory
ignore_errors: true
- name: autocreate new directory for ceph-ansible fetch directory backup
become: true
file:
path: "{{ local_ceph_ansible_fetch_directory_backup }}"
state: directory
owner: "{{ ansible_user }}"
mode: 0700
when: not local_backup_directory.stat.exists
- name: look for tarball of ceph-ansible fetch directory in local backup
stat: path="{{ local_ceph_ansible_fetch_directory_backup }}/{{ ceph_ansible_tarball_name }}"
register: local_backup_file
ignore_errors: true
- name: untar local backup of ceph-ansible fetch directory
# unarchive module hit https://github.com/ansible/ansible/issues/35645
shell: >-
/usr/bin/gtar --gzip --extract --file \
{{ local_ceph_ansible_fetch_directory_backup }}/{{ ceph_ansible_tarball_name }} \
-C {{ playbook_dir }}/ceph-ansible/fetch_dir
when: local_backup_file.stat.exists
# swift backup
- when: local_ceph_ansible_fetch_directory_backup | length == 0
block:
- name: attempt download of fetch directory tarball from swift backup
shell: "curl -s -o /tmp/{{ old_ceph_ansible_tarball_name }} -w '%{http_code}' -X GET \"{{ swift_get_url }}\""
register: curl_get_http_status
ignore_errors: true
- name: ensure we create a new fetch_directory or use the old fetch_directory
fail:
msg: "Received HTTP: {{ curl_get_http_status.stdout }} when attempting to GET from {{ swift_get_url }}"
when:
- curl_get_http_status is changed
- curl_get_http_status.stdout != "200" # deployment update
- curl_get_http_status.stdout != "404" # new deployment
- name: unpack downloaded ceph-ansible fetch tarball to fetch directory
# unarchive module hit https://github.com/ansible/ansible/issues/35645
shell: "/usr/bin/gtar --gzip --extract --file /tmp/{{ old_ceph_ansible_tarball_name }} -C {{ playbook_dir }}/ceph-ansible/fetch_dir"
when:
- curl_get_http_status is changed
- curl_get_http_status.stdout == "200"
- name: remove downloaded ceph-ansible fetch directory tarball from filesystem
file:
path: "/tmp/{{ old_ceph_ansible_tarball_name }}"
state: absent
when:
- curl_get_http_status is changed
- curl_get_http_status.stdout == "200"

17
tripleo_ansible/roles/tripleo-ceph-fetch-dir/tasks/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- import_tasks: create.yml

19
tripleo_ansible/roles/tripleo-ceph-fetch-dir/vars/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
ceph_ansible_tarball_name: 'temporary_dir.tar.gz'
old_ceph_ansible_tarball_name: 'temporary_dir_old.tar.gz'
new_ceph_ansible_tarball_name: 'temporary_dir_new.tar.gz'

44
tripleo_ansible/roles/tripleo-ceph-run-ansible/README.md Normal file
View File

@ -0,0 +1,44 @@
Ansible Role to manage the exectution of ceph-ansible from within TripleO
=========================================================================
Executes playbooks from ceph-ansible using parameters from TripleO.
After the working directory is created by the tripleo-ceph-work-dir
role and the working directory has been populated with host_vars
mapping node specific overrides by the tripleo-ceph-uuid role, and
after the fetch directory is populated with context from previous
ceph-ansible runs, by the tripleo-ceph-fetch-dir role, the playbooks
from ceph-ansible may be executed.
This role creates the shell script ceph_ansible_command.sh within
the ceph-ansible working directory and then executes the shell script.
If the shell script's return is non-zero, the deployment fails and an
error message from ansible is displayed.
After this role is used, the tasks from backup_and_clean.yml from the
tripleo-ceph-work-dir role should be used to persist the ceph-ansible
fetch directory and then remove it so that future runs of ceph-ansible
by this role do not have permissions issues when the role is used by a
different user.
Requirements
------------
None
Role Variables
--------------
- ceph_ansible_playbooks_param: the list of ceph-ansible playbooks to
be run; e.g. ['/usr/share/ceph-ansible/site-container.yml.sample'])
is the default but any item in ceph-ansible/infrastructure-playbooks
may be passed. If the list contains more than one item, each
playbook is executed sequentially.
Dependencies
------------
- tripleo-ceph-common
- tripleo-ceph-work-dir
- tripleo-ceph-fetch-dir
- tripleo-ceph-uuid

45
tripleo_ansible/roles/tripleo-ceph-run-ansible/meta/main.yml Normal file
View File

@ -0,0 +1,45 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-ceph-run-ansible
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7
galaxy_tags:
- tripleo
dependencies:
- tripleo-ceph-common
- tripleo-ceph-work-dir
- tripleo-ceph-fetch-dir
- tripleo-ceph-uuid

79
tripleo_ansible/roles/tripleo-ceph-run-ansible/tasks/main.yml Normal file
View File

@ -0,0 +1,79 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: set ceph-ansible playbook list
set_fact:
ceph_ansible_playbooks: >
{%- if ceph_ansible_playbooks_param != ['default'] -%}
{{ ceph_ansible_playbooks_param }}
{%- else -%}
{{ ceph_ansible_playbooks_default|default(['/usr/share/ceph-ansible/site-container.yml.sample']) }}
{%- endif -%}
- name: set ceph-ansible command list
set_fact:
ceph_ansible_command_list:
- ANSIBLE_ACTION_PLUGINS=/usr/share/ceph-ansible/plugins/actions/
- ANSIBLE_CALLBACK_PLUGINS=/usr/share/ceph-ansible/plugins/callback/
- ANSIBLE_ROLES_PATH=/usr/share/ceph-ansible/roles/
- ANSIBLE_LOG_PATH="{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.log"
- ANSIBLE_LIBRARY=/usr/share/ceph-ansible/library/
- ANSIBLE_CONFIG=/usr/share/ceph-ansible/ansible.cfg
- ANSIBLE_REMOTE_TEMP=/tmp/ceph_ansible_tmp
- ANSIBLE_FORKS=25
- ANSIBLE_GATHER_TIMEOUT=60
- "{{ ceph_ansible_environment_variables|join(' ') }}"
- ansible-playbook
- '{% if ceph_ansible_private_key_file is defined %}--private-key {{ ceph_ansible_private_key_file }}{% endif %}'
- '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}'
- '-{%- for number in range(0, ceph_ansible_playbook_verbosity) -%}v{% endfor %}'
- '{% if ceph_ansible_skip_tags is defined %}--skip-tags {{ ceph_ansible_skip_tags }}{% endif %}'
- '-i'
- '{{ playbook_dir }}/ceph-ansible/inventory.yml'
- '--extra-vars'
- '@{{ playbook_dir }}/ceph-ansible/extra_vars.yml'
- name: save ceph-ansible playbook command(s) to shell script
copy:
dest: "{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.sh"
mode: '0755'
content: |
#!/usr/bin/env bash
set -e
{% for playbook in ceph_ansible_playbooks %}
echo "Running ceph-ansible playbook {{ playbook }}"
{{ ceph_ansible_command_list|join(' ') }} {{ playbook }} 2>&1
{% endfor %}
- name: run ceph-ansible (immediate log at {{ playbook_dir }}/ceph-ansible/ceph_ansible_command.log)
# Needs become to be able to read the ssh private key
become: true
shell: "{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.sh"
# We want the output chunked into bits to prevent
# overflowing Zaqar message size
no_log: true
failed_when: false
register: outputs
tags: run_ceph_ansible
- name: print ceph-ansible output in case of failure
debug:
var: outputs.stdout_lines | default([]) | union(outputs.stderr_lines | default([]))
failed_when: outputs.rc != 0
when:
- outputs is changed
- outputs.rc != 0
tags: run_ceph_ansible

30
tripleo_ansible/roles/tripleo-ceph-uuid/README.md Normal file
View File

@ -0,0 +1,30 @@
Ansible Role to gather node UUIDs for node-specfic overrides
============================================================
Populates the host_vars of the ceph-ansible working directory,
as provided by the tripleo-ceph-work-dir role, by mapping each
hostname to its UUID. The UUID is determined by running the
`dmidecode -s system-uuid` command on each node with Ansible.
This role creates and executes its own playbook. This role
sets up the host_vars directory used by ceph-ansible so
that TripleO's "node specific overrides" can be used to
override a particular parameter for only a subset of hosts.
The most popular usecase for this role is to pass a different
list of block devices to be used as OSDs for a subset of servers
which differ from the majority of servers.
Requirements
------------
None
Role Variables
--------------
None
Dependencies
------------
- tripleo-ceph-common
- tripleo-ceph-work-dir

43
tripleo_ansible/roles/tripleo-ceph-uuid/meta/main.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-ceph-uuid
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7
galaxy_tags:
- tripleo
dependencies:
- tripleo-ceph-common
- tripleo-ceph-work-dir

35
tripleo_ansible/roles/tripleo-ceph-uuid/tasks/gather.yml Normal file
View File

@ -0,0 +1,35 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: build nodes-uuid command as list
set_fact:
nodes_uuid_list:
- ANSIBLE_LOG_PATH="{{ playbook_dir }}/ceph-ansible/nodes_uuid_command.log"
- ANSIBLE_SSH_CONTROL_PATH_DIR="{{ playbook_dir }}/ceph-ansible/"
- ANSIBLE_CONFIG="{{ playbook_dir }}/ansible.cfg"
- ANSIBLE_REMOTE_TEMP=/tmp/nodes_uuid_tmp
- "{{ ceph_ansible_environment_variables|join(' ') }}"
- ansible-playbook
- '{% if ceph_ansible_private_key_file is defined %}--private-key {{ ceph_ansible_private_key_file }}{% endif %}'
- '-i'
- '{{ playbook_dir }}/ceph-ansible/inventory.yml'
- '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}'
- '{{ playbook_dir }}/ceph-ansible/nodes_uuid_playbook.yml'
- name: run nodes-uuid command
# needs become to be able to read the ssh private key
become: true
shell: "{{ nodes_uuid_list|join(' ') }}"

18
tripleo_ansible/roles/tripleo-ceph-uuid/tasks/main.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- import_tasks: prepare.yml
- import_tasks: gather.yml

49
tripleo_ansible/roles/tripleo-ceph-uuid/tasks/prepare.yml Normal file
View File

@ -0,0 +1,49 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: generate nodes-uuid data file
copy:
dest: "{{ playbook_dir }}/ceph-ansible/nodes_uuid_data.json"
content: "{{ uuid_content }}"
- name: generate nodes-uuid playbook
copy:
dest: "{{ playbook_dir }}/ceph-ansible/nodes_uuid_playbook.yml"
content: |
- hosts: all
gather_facts: no
tasks:
- name: set nodes data
set_fact:
nodes_data: "{% raw %}{{ lookup('file','./nodes_uuid_data.json') | from_json }}{% endraw %}"
- name: register machine id
become: true
# awk strips unwanted output, see LP bug #1762460
shell: >-
dmidecode -s system-uuid | \
awk 'match($0, /[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}/) \
{ print substr($0, RSTART, RLENGTH) }' | \
tr A-F a-f
register: machine_uuid
# NOTE(tonyb): 0 == no error, 1 == -EPERM or bad data and 2 == Command not found
# 1 and 2 aren't great but shouldn't cause the deploy to fail. If we're using
# the node specific data we'll fail then. If we aren't then lets keep moving
failed_when: machine_uuid.rc not in [0, 1, 2]
- name: generate host vars from nodes data
copy:
content: "{% raw %}{{ nodes_data[machine_uuid.stdout|default('')]|default({})|to_nice_yaml }}{% endraw %}"
dest: "{{ playbook_dir }}/ceph-ansible/host_vars/{% raw %}{{ inventory_hostname }}{% endraw %}.yml"
delegate_to: localhost

57
tripleo_ansible/roles/tripleo-ceph-work-dir/README.md Normal file
View File

@ -0,0 +1,57 @@
Ansible Role to manage a ceph-ansible working directory
=======================================================
The aim of this role and its supporting roles is to automate steps
that a ceph-ansible user normally does manually so that TripleO
may complete these steps for the user before and after ceph-ansible
runs.
Creates a directory within config-download called "ceph-ansible"
which contains the following contents, which are prerequisites
for ceph-ansible to be used:
- group_vars directory
- host_vars directory
- an inventory with the host groups ceph-ansible expects
- an extra_vars.yml file
The group_vars directory will be populated with the file all.yml which
contains content from the ceph_ansible_group_vars_all variable.
Additional files in group_vars will be populated by config-download
external_deploy_tasks Ansible embdeded directly in TripleO Heat
Templates.
The host_vars directory will be populated for each host based on
that host's UUID by the tripleo-ceph-uuid role.
The extra_vars.yml file will be populated with content from the
ceph_ansible_extra_vars variable.
This role also crecates an empty fetch_directory within the work
directory but the tripleo-ceph-fetch-dir role should be used to
populate and persist this fecth directory before the tripleo-run-
ceph-ansible role is used.
Requirements
------------
None
Role Variables
--------------
- ceph_ansible_group_vars_all: map containing all variables typically
found in ceph-ansible/group_vars/all.yml.
- ceph_ansible_extra_vars: map containing all variables the user
wishes to pass to the ceph-ansible run using 'ansible-playbook
--extra-vars @extra_vars.yml'
- ceph_ansible_private_key_file: The private SSH key that ceph-ansible
will use to connect to the nodes it will configure. (defaults to the
config-download "{{ playbook_dir }}/ssh_private_key")
Dependencies
------------
- tripleo-ceph-common

42
tripleo_ansible/roles/tripleo-ceph-work-dir/meta/main.yml Normal file
View File

@ -0,0 +1,42 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo-ceph-work-dir
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Fedora
versions:
- 28
- name: CentOS
versions:
- 7
galaxy_tags:
- tripleo
dependencies:
- tripleo-ceph-common

25
tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/get_ssh_private_key.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: detect private key file
stat:
path: "{{ playbook_dir }}/ssh_private_key"
register: detect_private_key_file
- name: set private key file
set_fact:
ceph_ansible_private_key_file: "{{ playbook_dir }}/ssh_private_key"
when: ceph_ansible_private_key_file is not defined and detect_private_key_file.stat.exists

18
tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/main.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- import_tasks: prepare.yml
- import_tasks: get_ssh_private_key.yml

46
tripleo_ansible/roles/tripleo-ceph-work-dir/tasks/prepare.yml Normal file
View File

@ -0,0 +1,46 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: create ceph-ansible temp dirs
become: true
file:
path: "{{ item }}"
state: directory
owner: "{{ ansible_user }}"
with_items:
- "{{ playbook_dir }}/ceph-ansible"
- "{{ playbook_dir }}/ceph-ansible/group_vars"
- "{{ playbook_dir }}/ceph-ansible/host_vars"
- "{{ playbook_dir }}/ceph-ansible/fetch_dir"
- name: symbolic link to tripleo inventory from ceph-ansible work directory
# If we call ceph-ansible with the same inventory as the calling
# playbook, then config-download/groups_vars will be used instead
# of config-download/ceph-ansible/group_vars.
file:
src: "{{ inventory_file }}"
dest: "{{ playbook_dir }}/ceph-ansible/inventory.yml"
state: link
- name: generate ceph-ansible group vars all
copy:
dest: "{{ playbook_dir }}/ceph-ansible/group_vars/all.yml"
content: "{{ ceph_ansible_group_vars_all|to_nice_yaml }}"
- name: generate ceph-ansible extra vars
copy:
dest: "{{ playbook_dir }}/ceph-ansible/extra_vars.yml"
content: "{{ ceph_ansible_extra_vars|to_nice_yaml }}"