Add the networks parameter to the monitoring stack components
As per [1] the ceph_mkspec module accepts the networks parameter that defines where the specified daemon should be bound. This patch adds the existing parameter to the monitoring stack tasks that are supposed to apply node-exporter(s), prometheus and alertmanager when DashboardEnabled is true. In addition, due to recent changes in Ceph, both grafana and the dashboard passwords must be passed via `-i`. This change makes us able to configure the password via stdin. Finally, the tls support is added to the grafana component, which is exposed to the operators. [1] https://review.opendev.org/783305 Change-Id: I59a74797dc97540b7553a3e74f67e23e6ccc8f6d
This commit is contained in:
parent
b4ba8694f4
commit
7e7db792d2
|
@ -47,5 +47,6 @@ tripleo_cephadm_crush_rules: []
|
|||
tripleo_cephadm_internal_tls_enabled: false
|
||||
tripleo_cephadm_nfs_rados_export_index: 'ganesha-export-index'
|
||||
tripleo_cephadm_ceph_nfs_rados_backend: true
|
||||
tripleo_cephadm_certs: /etc/pki/tls
|
||||
# todo(fultonj) add is_hci boolean for target memory
|
||||
# https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/Z77XO23JPXDNHKM7IG6UN4URYKA6L7VH/
|
||||
|
|
|
@ -18,6 +18,12 @@
|
|||
set_fact:
|
||||
tripleo_cephadm_ceph_cli: >-
|
||||
{{ tripleo_cephadm_container_cli }} run --rm {{ tripleo_cephadm_container_options }}
|
||||
{% if mount_certs|default(false) %}
|
||||
--volume {{ tripleo_cephadm_certs }}:/etc/pki/tls:z
|
||||
{% endif %}
|
||||
{% if sensitive_data|default(false) %}
|
||||
--interactive
|
||||
{% endif %}
|
||||
--volume {{ tripleo_cephadm_config_home }}:/etc/ceph:z
|
||||
{% if mount_spec|default(false) %}
|
||||
--volume {{ tripleo_cephadm_spec }}:{{ tripleo_cephadm_container_spec }}:z
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
include_tasks: ceph_cli.yaml
|
||||
vars:
|
||||
mount_spec: true
|
||||
sensitive_data: true
|
||||
|
||||
- name: Configure the Ceph Dashboard port
|
||||
become: true
|
||||
|
@ -66,6 +67,17 @@
|
|||
- name: enable mgr dashboard module (restart)
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} mgr module enable dashboard"
|
||||
|
||||
- name: create dashboard admin user
|
||||
become: true
|
||||
ceph_dashboard_user:
|
||||
name: "{{ tripleo_cephadm_dashboard_admin_user }}"
|
||||
cluster: "{{ tripleo_cephadm_cluster }}"
|
||||
password: "{{ tripleo_cephadm_dashboard_admin_password }}"
|
||||
roles: ["{{ 'read-only' if tripleo_cephadm_dashboard_admin_user_ro | bool else 'administrator' }}"]
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
|
||||
- name: Configure Monitoring Stack
|
||||
become: true
|
||||
block:
|
||||
|
@ -78,7 +90,10 @@
|
|||
- name: set grafana api user
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-username {{ tripleo_cephadm_grafana_admin_user }}"
|
||||
- name: set grafana api password
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password {{ tripleo_cephadm_grafana_admin_password }}"
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password -i -"
|
||||
args:
|
||||
stdin: "{{ tripleo_cephadm_grafana_admin_password }}"
|
||||
stdin_add_newline: no
|
||||
- name: disable ssl verification for grafana
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-ssl-verify False"
|
||||
changed_when: false
|
||||
|
@ -96,7 +111,9 @@
|
|||
{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-url \
|
||||
{{ tripleo_cephadm_dashboard_protocol }}://{{ tripleo_cephadm_dashboard_frontend_vip }}:{{ tripleo_cephadm_grafana_port }}
|
||||
changed_when: false
|
||||
when: "{{ tripleo_cephadm_dashboard_frontend_vip is defined and tripleo_cephadm_dashboard_frontend_vip |length > 0 }}"
|
||||
when:
|
||||
- tripleo_cephadm_dashboard_frontend_vip is defined
|
||||
- tripleo_cephadm_dashboard_frontend_vip |length > 0
|
||||
|
||||
- name: Restart the Ceph dashboard
|
||||
become: true
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
# Copyright 2021 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# TODO: MKSPEC TO DEPLOY GRAFANA
|
||||
# - name: Deploy the three, unmanaged grafana instances via the orchestrator
|
||||
# mkspec:
|
||||
# service_type: grafana
|
||||
# service_name: grafana
|
||||
# placement:
|
||||
# hosts:
|
||||
# - ctr1
|
||||
# - ctr2
|
||||
# - ctr3
|
||||
# unmanaged: true
|
||||
|
||||
- name: Get the current mgr addr
|
||||
set_fact:
|
||||
grafana_addr: "{{ hostvars[dashboard_backend][tripleo_ceph_dashboard_net] }}"
|
||||
vars:
|
||||
tripleo_ceph_dashboard_net: "{{ service_net_map['ceph_dashboard_network'] + '_ip' }}"
|
||||
delegate_to: "{{ dashboard_backend }}"
|
||||
|
||||
- name: Render config files
|
||||
block:
|
||||
- name: Configure grafana
|
||||
template:
|
||||
src: grafana.json.j2
|
||||
dest: "/tmp/grafana.json"
|
||||
become: true
|
||||
delegate_to: "{{ dashboard_backend }}"
|
||||
|
||||
- name: Reconfigure grafana component
|
||||
shell: |
|
||||
{{ tripleo_cephadm_bin }} \
|
||||
--image {{ tripleo_cephadm_grafana_container_image }} \
|
||||
deploy \
|
||||
--name grafana.{{ dashboard_backend }} \
|
||||
--fsid {{ tripleo_cephadm_fsid }} \
|
||||
--config-json /tmp/grafana.json
|
||||
register: cephadm_grafana
|
||||
become: true
|
||||
delegate_to: "{{ dashboard_backend }}"
|
|
@ -35,7 +35,7 @@
|
|||
ceph_mkspec:
|
||||
service_type: mds
|
||||
apply: true
|
||||
hosts: "{{ _hosts }}"
|
||||
hosts: "{{ _hosts | unique }}"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
register: spc
|
||||
environment:
|
||||
|
|
|
@ -38,10 +38,28 @@
|
|||
apply: true
|
||||
host_pattern: "*"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
networks: "{{ tripleo_cephadm_monitoring_address_block }}"
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
|
||||
- name: Config ssl cert(s) and key(s) for the exposed components
|
||||
block:
|
||||
- name: Get ceph_cli
|
||||
include_tasks: ceph_cli.yaml
|
||||
vars:
|
||||
mount_certs: true
|
||||
|
||||
- name: import grafana certificate file
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_crt -i {{ tripleo_cephadm_grafana_crt }}"
|
||||
changed_when: false
|
||||
|
||||
- name: import grafana certificate key
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_key -i {{ tripleo_cephadm_grafana_key }}"
|
||||
changed_when: false
|
||||
when: tripleo_cephadm_dashboard_protocol == "https" and
|
||||
tripleo_cephadm_grafana_crt | length > 0 and tripleo_cephadm_grafana_key | length > 0
|
||||
|
||||
- name: Create the monitoring stack Daemon spec definition
|
||||
become: true
|
||||
ceph_mkspec:
|
||||
|
@ -49,8 +67,9 @@
|
|||
service_id: "{{ item }}"
|
||||
service_name: "{{ item }}"
|
||||
apply: true
|
||||
hosts: "{{ _hosts }}"
|
||||
hosts: "{{ _hosts | unique }}"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
networks: "{{ tripleo_cephadm_monitoring_address_block }}"
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
ceph_mkspec:
|
||||
service_type: rgw
|
||||
apply: true
|
||||
hosts: "{{ _hosts }}"
|
||||
hosts: "{{ _hosts | unique }}"
|
||||
spec:
|
||||
rgw_frontend_port: "{{ radosgw_frontend_port }}"
|
||||
rgw_realm: 'default'
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
{
|
||||
"files": {
|
||||
"grafana.ini": [
|
||||
"[users]",
|
||||
" default_theme = light",
|
||||
"[auth.anonymous]",
|
||||
" enabled = true",
|
||||
" org_name = 'Main Org.'",
|
||||
" org_role = 'Viewer'",
|
||||
"[server]",
|
||||
" protocol = {{ tripleo_cephadm_dashboard_protocol }}",
|
||||
" cert_file = /etc/grafana/certs/cert_file",
|
||||
" cert_key = /etc/grafana/certs/cert_key",
|
||||
" http_port = {{ tripleo_cephadm_grafana_port }}",
|
||||
" http_addr = {{ grafana_addr }}",
|
||||
"[security]",
|
||||
" admin_user = {{ tripleo_cephadm_grafana_admin_user }}",
|
||||
" admin_password = {{ tripleo_cephadm_grafana_admin_password }}",
|
||||
" allow_embedding = true"
|
||||
],
|
||||
"provisioning/datasources/ceph-dashboard.yml": [
|
||||
"deleteDatasources:",
|
||||
" - name: 'Dashboard'",
|
||||
" orgId: 1",
|
||||
" ",
|
||||
"datasources:",
|
||||
" - name: 'Dashboard'",
|
||||
" type: 'prometheus'",
|
||||
" access: 'proxy'",
|
||||
" orgId: 1",
|
||||
" url: 'http://localhost:{{ tripleo_cephadm_prometheus_port }}'",
|
||||
" basicAuth: false",
|
||||
" isDefault: true",
|
||||
" editable: false"
|
||||
],
|
||||
"certs/cert_file": [],
|
||||
"certs/cert_key": []
|
||||
}
|
||||
}
|
|
@ -123,3 +123,4 @@
|
|||
tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}"
|
||||
tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}"
|
||||
tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}"
|
||||
tripleo_cephadm_num_osd_expected: "{{ groups['ceph_osd'] | default([]) | length }}"
|
||||
|
|
Loading…
Reference in New Issue