Browse Source

Add the networks parameter to the monitoring stack components

As per [1] the ceph_mkspec module accepts the networks parameter
that defines where the specified daemon should be bound.
This patch adds the existing parameter to the monitoring stack
tasks that are supposed to apply node-exporter(s), prometheus
and alertmanager when DashboardEnabled is true.
In addition, due to recent changes in Ceph, both grafana and
the dashboard passwords must be passed via `-i`. This change
makes us able to configure the password via stdin.
Finally, the tls support is added to the grafana component,
which is exposed to the operators.

[1] https://review.opendev.org/783305

Change-Id: I59a74797dc97540b7553a3e74f67e23e6ccc8f6d
(cherry picked from commit 7e7db792d2)
changes/47/793447/1
Francesco Pantano 5 months ago
parent
commit
a20f32cc40
  1. 1
      tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml
  2. 6
      tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_cli.yaml
  3. 21
      tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/dashboard.yaml
  4. 55
      tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/grafana.yaml
  5. 2
      tripleo_ansible/roles/tripleo_cephadm/tasks/mds.yaml
  6. 21
      tripleo_ansible/roles/tripleo_cephadm/tasks/monitoring.yaml
  7. 2
      tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml
  8. 39
      tripleo_ansible/roles/tripleo_cephadm/templates/grafana.json.j2
  9. 1
      tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml

1
tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml

@ -47,5 +47,6 @@ tripleo_cephadm_crush_rules: []
tripleo_cephadm_internal_tls_enabled: false
tripleo_cephadm_nfs_rados_export_index: 'ganesha-export-index'
tripleo_cephadm_ceph_nfs_rados_backend: true
tripleo_cephadm_certs: /etc/pki/tls
# todo(fultonj) add is_hci boolean for target memory
# https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/Z77XO23JPXDNHKM7IG6UN4URYKA6L7VH/

6
tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_cli.yaml

@ -18,6 +18,12 @@
set_fact:
tripleo_cephadm_ceph_cli: >-
{{ tripleo_cephadm_container_cli }} run --rm {{ tripleo_cephadm_container_options }}
{% if mount_certs|default(false) %}
--volume {{ tripleo_cephadm_certs }}:/etc/pki/tls:z
{% endif %}
{% if sensitive_data|default(false) %}
--interactive
{% endif %}
--volume {{ tripleo_cephadm_config_home }}:/etc/ceph:z
{% if mount_spec|default(false) %}
--volume {{ tripleo_cephadm_spec }}:{{ tripleo_cephadm_container_spec }}:z

21
tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/dashboard.yaml

@ -18,6 +18,7 @@
include_tasks: ceph_cli.yaml
vars:
mount_spec: true
sensitive_data: true
- name: Configure the Ceph Dashboard port
become: true
@ -66,6 +67,17 @@
- name: enable mgr dashboard module (restart)
command: "{{ tripleo_cephadm_ceph_cli }} mgr module enable dashboard"
- name: create dashboard admin user
become: true
ceph_dashboard_user:
name: "{{ tripleo_cephadm_dashboard_admin_user }}"
cluster: "{{ tripleo_cephadm_cluster }}"
password: "{{ tripleo_cephadm_dashboard_admin_password }}"
roles: ["{{ 'read-only' if tripleo_cephadm_dashboard_admin_user_ro | bool else 'administrator' }}"]
environment:
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
- name: Configure Monitoring Stack
become: true
block:
@ -78,7 +90,10 @@
- name: set grafana api user
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-username {{ tripleo_cephadm_grafana_admin_user }}"
- name: set grafana api password
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password {{ tripleo_cephadm_grafana_admin_password }}"
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password -i -"
args:
stdin: "{{ tripleo_cephadm_grafana_admin_password }}"
stdin_add_newline: no
- name: disable ssl verification for grafana
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-ssl-verify False"
changed_when: false
@ -96,7 +111,9 @@
{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-url \
{{ tripleo_cephadm_dashboard_protocol }}://{{ tripleo_cephadm_dashboard_frontend_vip }}:{{ tripleo_cephadm_grafana_port }}
changed_when: false
when: "{{ tripleo_cephadm_dashboard_frontend_vip is defined and tripleo_cephadm_dashboard_frontend_vip |length > 0 }}"
when:
- tripleo_cephadm_dashboard_frontend_vip is defined
- tripleo_cephadm_dashboard_frontend_vip |length > 0
- name: Restart the Ceph dashboard
become: true

55
tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/grafana.yaml

@ -1,55 +0,0 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# TODO: MKSPEC TO DEPLOY GRAFANA
# - name: Deploy the three, unmanaged grafana instances via the orchestrator
# mkspec:
# service_type: grafana
# service_name: grafana
# placement:
# hosts:
# - ctr1
# - ctr2
# - ctr3
# unmanaged: true
- name: Get the current mgr addr
set_fact:
grafana_addr: "{{ hostvars[dashboard_backend][tripleo_ceph_dashboard_net] }}"
vars:
tripleo_ceph_dashboard_net: "{{ service_net_map['ceph_dashboard_network'] + '_ip' }}"
delegate_to: "{{ dashboard_backend }}"
- name: Render config files
block:
- name: Configure grafana
template:
src: grafana.json.j2
dest: "/tmp/grafana.json"
become: true
delegate_to: "{{ dashboard_backend }}"
- name: Reconfigure grafana component
shell: |
{{ tripleo_cephadm_bin }} \
--image {{ tripleo_cephadm_grafana_container_image }} \
deploy \
--name grafana.{{ dashboard_backend }} \
--fsid {{ tripleo_cephadm_fsid }} \
--config-json /tmp/grafana.json
register: cephadm_grafana
become: true
delegate_to: "{{ dashboard_backend }}"

2
tripleo_ansible/roles/tripleo_cephadm/tasks/mds.yaml

@ -35,7 +35,7 @@
ceph_mkspec:
service_type: mds
apply: true
hosts: "{{ _hosts }}"
hosts: "{{ _hosts | unique }}"
render_path: "{{ tripleo_cephadm_spec_home }}"
register: spc
environment:

21
tripleo_ansible/roles/tripleo_cephadm/tasks/monitoring.yaml

@ -38,10 +38,28 @@
apply: true
host_pattern: "*"
render_path: "{{ tripleo_cephadm_spec_home }}"
networks: "{{ tripleo_cephadm_monitoring_address_block }}"
environment:
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
- name: Config ssl cert(s) and key(s) for the exposed components
block:
- name: Get ceph_cli
include_tasks: ceph_cli.yaml
vars:
mount_certs: true
- name: import grafana certificate file
command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_crt -i {{ tripleo_cephadm_grafana_crt }}"
changed_when: false
- name: import grafana certificate key
command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_key -i {{ tripleo_cephadm_grafana_key }}"
changed_when: false
when: tripleo_cephadm_dashboard_protocol == "https" and
tripleo_cephadm_grafana_crt | length > 0 and tripleo_cephadm_grafana_key | length > 0
- name: Create the monitoring stack Daemon spec definition
become: true
ceph_mkspec:
@ -49,8 +67,9 @@
service_id: "{{ item }}"
service_name: "{{ item }}"
apply: true
hosts: "{{ _hosts }}"
hosts: "{{ _hosts | unique }}"
render_path: "{{ tripleo_cephadm_spec_home }}"
networks: "{{ tripleo_cephadm_monitoring_address_block }}"
environment:
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"

2
tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml

@ -34,7 +34,7 @@
ceph_mkspec:
service_type: rgw
apply: true
hosts: "{{ _hosts }}"
hosts: "{{ _hosts | unique }}"
spec:
rgw_frontend_port: "{{ radosgw_frontend_port }}"
rgw_realm: 'default'

39
tripleo_ansible/roles/tripleo_cephadm/templates/grafana.json.j2

@ -1,39 +0,0 @@
{
"files": {
"grafana.ini": [
"[users]",
" default_theme = light",
"[auth.anonymous]",
" enabled = true",
" org_name = 'Main Org.'",
" org_role = 'Viewer'",
"[server]",
" protocol = {{ tripleo_cephadm_dashboard_protocol }}",
" cert_file = /etc/grafana/certs/cert_file",
" cert_key = /etc/grafana/certs/cert_key",
" http_port = {{ tripleo_cephadm_grafana_port }}",
" http_addr = {{ grafana_addr }}",
"[security]",
" admin_user = {{ tripleo_cephadm_grafana_admin_user }}",
" admin_password = {{ tripleo_cephadm_grafana_admin_password }}",
" allow_embedding = true"
],
"provisioning/datasources/ceph-dashboard.yml": [
"deleteDatasources:",
" - name: 'Dashboard'",
" orgId: 1",
" ",
"datasources:",
" - name: 'Dashboard'",
" type: 'prometheus'",
" access: 'proxy'",
" orgId: 1",
" url: 'http://localhost:{{ tripleo_cephadm_prometheus_port }}'",
" basicAuth: false",
" isDefault: true",
" editable: false"
],
"certs/cert_file": [],
"certs/cert_key": []
}
}

1
tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml

@ -118,3 +118,4 @@
tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}"
tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}"
tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}"
tripleo_cephadm_num_osd_expected: "{{ groups['ceph_osd'] | default([]) | length }}"

Loading…
Cancel
Save