Add the networks parameter to the monitoring stack components
As per [1] the ceph_mkspec module accepts the networks parameter
that defines where the specified daemon should be bound.
This patch adds the existing parameter to the monitoring stack
tasks that are supposed to apply node-exporter(s), prometheus
and alertmanager when DashboardEnabled is true.
In addition, due to recent changes in Ceph, both grafana and
the dashboard passwords must be passed via `-i`. This change
makes us able to configure the password via stdin.
Finally, the tls support is added to the grafana component,
which is exposed to the operators.
[1] https://review.opendev.org/783305
Change-Id: I59a74797dc97540b7553a3e74f67e23e6ccc8f6d
(cherry picked from commit 7e7db792d2
)
This commit is contained in:
parent
f48431709f
commit
a20f32cc40
|
@ -47,5 +47,6 @@ tripleo_cephadm_crush_rules: []
|
|||
tripleo_cephadm_internal_tls_enabled: false
|
||||
tripleo_cephadm_nfs_rados_export_index: 'ganesha-export-index'
|
||||
tripleo_cephadm_ceph_nfs_rados_backend: true
|
||||
tripleo_cephadm_certs: /etc/pki/tls
|
||||
# todo(fultonj) add is_hci boolean for target memory
|
||||
# https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/Z77XO23JPXDNHKM7IG6UN4URYKA6L7VH/
|
||||
|
|
|
@ -18,6 +18,12 @@
|
|||
set_fact:
|
||||
tripleo_cephadm_ceph_cli: >-
|
||||
{{ tripleo_cephadm_container_cli }} run --rm {{ tripleo_cephadm_container_options }}
|
||||
{% if mount_certs|default(false) %}
|
||||
--volume {{ tripleo_cephadm_certs }}:/etc/pki/tls:z
|
||||
{% endif %}
|
||||
{% if sensitive_data|default(false) %}
|
||||
--interactive
|
||||
{% endif %}
|
||||
--volume {{ tripleo_cephadm_config_home }}:/etc/ceph:z
|
||||
{% if mount_spec|default(false) %}
|
||||
--volume {{ tripleo_cephadm_spec }}:{{ tripleo_cephadm_container_spec }}:z
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
include_tasks: ceph_cli.yaml
|
||||
vars:
|
||||
mount_spec: true
|
||||
sensitive_data: true
|
||||
|
||||
- name: Configure the Ceph Dashboard port
|
||||
become: true
|
||||
|
@ -66,6 +67,17 @@
|
|||
- name: enable mgr dashboard module (restart)
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} mgr module enable dashboard"
|
||||
|
||||
- name: create dashboard admin user
|
||||
become: true
|
||||
ceph_dashboard_user:
|
||||
name: "{{ tripleo_cephadm_dashboard_admin_user }}"
|
||||
cluster: "{{ tripleo_cephadm_cluster }}"
|
||||
password: "{{ tripleo_cephadm_dashboard_admin_password }}"
|
||||
roles: ["{{ 'read-only' if tripleo_cephadm_dashboard_admin_user_ro | bool else 'administrator' }}"]
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
|
||||
- name: Configure Monitoring Stack
|
||||
become: true
|
||||
block:
|
||||
|
@ -78,7 +90,10 @@
|
|||
- name: set grafana api user
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-username {{ tripleo_cephadm_grafana_admin_user }}"
|
||||
- name: set grafana api password
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password {{ tripleo_cephadm_grafana_admin_password }}"
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password -i -"
|
||||
args:
|
||||
stdin: "{{ tripleo_cephadm_grafana_admin_password }}"
|
||||
stdin_add_newline: no
|
||||
- name: disable ssl verification for grafana
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-ssl-verify False"
|
||||
changed_when: false
|
||||
|
@ -96,7 +111,9 @@
|
|||
{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-url \
|
||||
{{ tripleo_cephadm_dashboard_protocol }}://{{ tripleo_cephadm_dashboard_frontend_vip }}:{{ tripleo_cephadm_grafana_port }}
|
||||
changed_when: false
|
||||
when: "{{ tripleo_cephadm_dashboard_frontend_vip is defined and tripleo_cephadm_dashboard_frontend_vip |length > 0 }}"
|
||||
when:
|
||||
- tripleo_cephadm_dashboard_frontend_vip is defined
|
||||
- tripleo_cephadm_dashboard_frontend_vip |length > 0
|
||||
|
||||
- name: Restart the Ceph dashboard
|
||||
become: true
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
# Copyright 2021 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# TODO: MKSPEC TO DEPLOY GRAFANA
|
||||
# - name: Deploy the three, unmanaged grafana instances via the orchestrator
|
||||
# mkspec:
|
||||
# service_type: grafana
|
||||
# service_name: grafana
|
||||
# placement:
|
||||
# hosts:
|
||||
# - ctr1
|
||||
# - ctr2
|
||||
# - ctr3
|
||||
# unmanaged: true
|
||||
|
||||
- name: Get the current mgr addr
|
||||
set_fact:
|
||||
grafana_addr: "{{ hostvars[dashboard_backend][tripleo_ceph_dashboard_net] }}"
|
||||
vars:
|
||||
tripleo_ceph_dashboard_net: "{{ service_net_map['ceph_dashboard_network'] + '_ip' }}"
|
||||
delegate_to: "{{ dashboard_backend }}"
|
||||
|
||||
- name: Render config files
|
||||
block:
|
||||
- name: Configure grafana
|
||||
template:
|
||||
src: grafana.json.j2
|
||||
dest: "/tmp/grafana.json"
|
||||
become: true
|
||||
delegate_to: "{{ dashboard_backend }}"
|
||||
|
||||
- name: Reconfigure grafana component
|
||||
shell: |
|
||||
{{ tripleo_cephadm_bin }} \
|
||||
--image {{ tripleo_cephadm_grafana_container_image }} \
|
||||
deploy \
|
||||
--name grafana.{{ dashboard_backend }} \
|
||||
--fsid {{ tripleo_cephadm_fsid }} \
|
||||
--config-json /tmp/grafana.json
|
||||
register: cephadm_grafana
|
||||
become: true
|
||||
delegate_to: "{{ dashboard_backend }}"
|
|
@ -35,7 +35,7 @@
|
|||
ceph_mkspec:
|
||||
service_type: mds
|
||||
apply: true
|
||||
hosts: "{{ _hosts }}"
|
||||
hosts: "{{ _hosts | unique }}"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
register: spc
|
||||
environment:
|
||||
|
|
|
@ -38,10 +38,28 @@
|
|||
apply: true
|
||||
host_pattern: "*"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
networks: "{{ tripleo_cephadm_monitoring_address_block }}"
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
|
||||
- name: Config ssl cert(s) and key(s) for the exposed components
|
||||
block:
|
||||
- name: Get ceph_cli
|
||||
include_tasks: ceph_cli.yaml
|
||||
vars:
|
||||
mount_certs: true
|
||||
|
||||
- name: import grafana certificate file
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_crt -i {{ tripleo_cephadm_grafana_crt }}"
|
||||
changed_when: false
|
||||
|
||||
- name: import grafana certificate key
|
||||
command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_key -i {{ tripleo_cephadm_grafana_key }}"
|
||||
changed_when: false
|
||||
when: tripleo_cephadm_dashboard_protocol == "https" and
|
||||
tripleo_cephadm_grafana_crt | length > 0 and tripleo_cephadm_grafana_key | length > 0
|
||||
|
||||
- name: Create the monitoring stack Daemon spec definition
|
||||
become: true
|
||||
ceph_mkspec:
|
||||
|
@ -49,8 +67,9 @@
|
|||
service_id: "{{ item }}"
|
||||
service_name: "{{ item }}"
|
||||
apply: true
|
||||
hosts: "{{ _hosts }}"
|
||||
hosts: "{{ _hosts | unique }}"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
networks: "{{ tripleo_cephadm_monitoring_address_block }}"
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
ceph_mkspec:
|
||||
service_type: rgw
|
||||
apply: true
|
||||
hosts: "{{ _hosts }}"
|
||||
hosts: "{{ _hosts | unique }}"
|
||||
spec:
|
||||
rgw_frontend_port: "{{ radosgw_frontend_port }}"
|
||||
rgw_realm: 'default'
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
{
|
||||
"files": {
|
||||
"grafana.ini": [
|
||||
"[users]",
|
||||
" default_theme = light",
|
||||
"[auth.anonymous]",
|
||||
" enabled = true",
|
||||
" org_name = 'Main Org.'",
|
||||
" org_role = 'Viewer'",
|
||||
"[server]",
|
||||
" protocol = {{ tripleo_cephadm_dashboard_protocol }}",
|
||||
" cert_file = /etc/grafana/certs/cert_file",
|
||||
" cert_key = /etc/grafana/certs/cert_key",
|
||||
" http_port = {{ tripleo_cephadm_grafana_port }}",
|
||||
" http_addr = {{ grafana_addr }}",
|
||||
"[security]",
|
||||
" admin_user = {{ tripleo_cephadm_grafana_admin_user }}",
|
||||
" admin_password = {{ tripleo_cephadm_grafana_admin_password }}",
|
||||
" allow_embedding = true"
|
||||
],
|
||||
"provisioning/datasources/ceph-dashboard.yml": [
|
||||
"deleteDatasources:",
|
||||
" - name: 'Dashboard'",
|
||||
" orgId: 1",
|
||||
" ",
|
||||
"datasources:",
|
||||
" - name: 'Dashboard'",
|
||||
" type: 'prometheus'",
|
||||
" access: 'proxy'",
|
||||
" orgId: 1",
|
||||
" url: 'http://localhost:{{ tripleo_cephadm_prometheus_port }}'",
|
||||
" basicAuth: false",
|
||||
" isDefault: true",
|
||||
" editable: false"
|
||||
],
|
||||
"certs/cert_file": [],
|
||||
"certs/cert_key": []
|
||||
}
|
||||
}
|
|
@ -118,3 +118,4 @@
|
|||
tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}"
|
||||
tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}"
|
||||
tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}"
|
||||
tripleo_cephadm_num_osd_expected: "{{ groups['ceph_osd'] | default([]) | length }}"
|
||||
|
|
Loading…
Reference in New Issue