Introduce tripleo_run_cephadm role and cephadm playbook

Since we're still provisioning the Ceph cluster at step2 we need
to call the cephadm playbook the same way as ceph-ansible.
The purpose of this role is to be able to run the cephadm playbook
using external_deploy_steps_tasks.
The actions implemented in this role are:

  1. prepare: build a cephadm dir within the config-download dump
  2. enable_ceph_admin_user via cli-enable-ssh-admin.yaml playbook
  3. translates the tht paramters and make them available to the role
  4. call the ansible playbook that runs cephadm and apply the spec

Change-Id: If066dd19f1e9c75fd6581fddb5b55cb37eb57809
This commit is contained in:
Francesco Pantano 2021-01-15 17:27:02 +01:00
parent 903834017d
commit dc5d83733f
No known key found for this signature in database
GPG Key ID: 0458D4D1F41BD75C
15 changed files with 465 additions and 0 deletions

View File

@ -5,3 +5,5 @@ quiet: false
rulesdir:
- .ansible-lint_rules/
verbosity: 1
warn_list:
- '901' # Failed to load or parse file

View File

@ -0,0 +1,6 @@
==========================
Role - tripleo_run_cephadm
==========================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo_run_cephadm

View File

@ -0,0 +1,48 @@
---
# Copyright 2021 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Deploy Ceph with cephadm
hosts: ceph_mon[0]
tasks:
- name: Satisfy Ceph prerequisites
import_role:
role: tripleo_cephadm
tasks_from: pre
- name: Bootstrap Ceph
import_role:
role: tripleo_cephadm
tasks_from: bootstrap
- name: Apply Ceph spec
import_role:
role: tripleo_cephadm
tasks_from: apply_spec
when: not tripleo_cephadm_spec_on_bootstrap
- name: Create Pools
import_role:
role: tripleo_cephadm
tasks_from: pools
- name: Create Keys
import_role:
role: tripleo_cephadm
tasks_from: keys
- name: Export configuration for tripleo_ceph_client
import_role:
role: tripleo_cephadm
tasks_from: export

View File

@ -0,0 +1,13 @@
tripleo_run_cephadm
=========
The purpose of this role is to perform three main actions:
1. prepare the necessary information for the cephadm playbook execution
3. Enable the ceph-admin user
2. execute the cephadm playbook
Role Variables
--------------
- tripleo_run_cephadm_command_log: where the cephadm playbook logs its execution.

View File

@ -0,0 +1,3 @@
---
# defaults file for tripleo_ceph_run_cephadm
tripleo_run_cephadm_command_log: "cephadm_command.log"

View File

@ -0,0 +1,25 @@
---
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo_cephadm
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Centos
versions:
- 7
- 8
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

View File

@ -0,0 +1,36 @@
# Molecule managed
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,21 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
roles:
- role: "tripleo_run_cephadm"

View File

@ -0,0 +1,50 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
privileged: true
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
ulimits: &ulimit
- host
provisioner:
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
vars:
ansible_user: root
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- check
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,26 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
post_tasks:
- name: Ensure the cephadm workdir exists
file:
path: "{{ playbook_dir }}/cephadm"
state: "directory"

View File

@ -0,0 +1,32 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Enable ceph-admin user
set_fact:
cephadm_ssh_list:
- ANSIBLE_LOG_PATH="{{ playbook_dir }}/cephadm/cephadm_enable_user_key.log"
- ANSIBLE_HOST_KEY_CHECKING=false
- ansible-playbook
- '-i'
- '{{ inventory_file }}'
- '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}'
- '/usr/share/ansible/tripleo-playbooks/cli-enable-ssh-admin.yaml'
- '-e @{{ playbook_dir}}/cephadm/ceph-admin.yml'
- name: Prepare cephadm user and keys
shell: "{{ cephadm_ssh_list|join(' ') }}"
tags:
- run_cephadm

View File

@ -0,0 +1,78 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# tasks file for tripleo_run_cephadm
- name: set cephadm playbook
set_fact:
tripleo_run_cephadm_playbook: >
{{ tripleo_run_cephadm_playbook|default('/usr/share/ansible/tripleo-playbooks/cephadm.yml') }}
- name: Setup the log path
set_fact:
tripleo_run_cephadm_log_path: "{{ playbook_dir }}/cephadm/{{ tripleo_run_cephadm_command_log }}"
- name: Setup the cephadm playbook command
set_fact:
triple_run_cephadm_command_list:
- ANSIBLE_LOG_PATH="{{ tripleo_run_cephadm_log_path }}"
- ANSIBLE_HOST_KEY_CHECKING=false
- ansible-playbook
- '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}'
- '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml'
- '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-ansible.yml'
- '-e @{{ playbook_dir }}/global_vars.yaml'
- name: save cephadm playbook command to shell script
copy:
dest: "{{ playbook_dir }}/cephadm/cephadm_command.sh"
mode: '0755'
content: |
#!/usr/bin/env bash
set -e
echo "Running $0" >> {{ tripleo_run_cephadm_log_path }}
{% set inv = "-i "+ inventory_file %}
{{ triple_run_cephadm_command_list|join(' ') }} {{ inv }} {{ tripleo_run_cephadm_playbook }} 2>&1
- name: "Notify user about upcoming cephadm execution(s)"
debug:
msg: "Running {{ ceph_scripts|default(['cephadm_command.sh'])|length }} cephadm playbook(s) (immediate log at {{ tripleo_run_cephadm_log_path }})"
- name: run cephadm playbook
shell: "{{ playbook_dir + '/cephadm/cephadm_command.sh' }}"
failed_when: false
register: triple_run_cephadm_output
when: triple_run_cephadm_output.rc is undefined or triple_run_cephadm_output.rc == 0
tags:
- run_cephadm
- name: search triple_run_cephadm_output of cephadm run(s) non-zero return codes
set_fact:
tripleo_run_cephadm_std_out_err: "{{ triple_run_cephadm_output.stdout_lines | default([]) | union(triple_run_cephadm_output.stderr_lines | default([])) }}"
no_log: "{{ tripleo_run_cephadm_hide_sensitive_logs | bool }}"
when:
- triple_run_cephadm_output.rc is defined
- triple_run_cephadm_output.rc != 0
tags:
- run_cephadm
- name: print cephadm triple_run_cephadm_output in case of failure
debug:
var: tripleo_run_cephadm_std_out_err
when:
- tripleo_run_cephadm_std_out_err is defined
failed_when:
- tripleo_run_cephadm_std_out_err is defined
tags:
- run_cephadm

View File

@ -0,0 +1,112 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: create cephadm workdir
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ playbook_dir }}/cephadm"
tags:
- run_cephadm
- name: symbolic link to tripleo inventory from ceph-ansible work directory
file:
src: "{{ inventory_file }}"
dest: "{{ playbook_dir }}/cephadm/inventory.yml"
state: link
force: true
tags:
- run_cephadm
- name: generate ceph-admin.yml extra vars for user creation
copy:
dest: "{{ playbook_dir }}/cephadm/ceph-admin.yml"
content: "{{ ceph_admin_extra_vars | to_nice_yaml }}"
- name: get the list of enabled services on the overcloud
set_fact:
tripleo_enabled_services: "{{ enabled_services | default([]) }}"
- name: set dashboard_vip variable if dashboard is enabled
block:
- name: get the frontend_dashboard_vip from the overcloud vars
command: "hiera -c /etc/puppet/hiera.yaml ceph_dashboard_vip"
register: frontend_vip
become: true
- name: set dashboard_frontend variable
set_fact:
grafana_vip: |-
{% set dashboard_vip = control_virtual_ip %}
{% if frontend_vip.stdout != "nil" %}
{% set dashboard_vip = frontend_vip.stdout %}
{% endif %}
{{ dashboard_vip }}
when:
- tripleo_enabled_services | intersect(['ceph_grafana'])
- include_role:
name: tripleo_ceph_work_dir
tasks_from: build_pools.yml
vars:
tripleo_pool_images: "{{ ceph_pools.glance_pool.enabled }}"
tripleo_pool_vms: "{{ ceph_pools.nova_pool.enabled }}"
tripleo_pool_volumes: "{{ ceph_pools.cinder_pool.enabled }}"
tripleo_pool_backup: "{{ ceph_pools.cinder_backup_pool.enabled }}"
tripleo_pool_metrics: "{{ ceph_pools.gnocchi_pool.enabled }}"
- include_role:
name: tripleo_ceph_work_dir
tasks_from: build_keys.yml
- include_role:
name: tripleo_ceph_work_dir
tasks_from: build_config_overrides.yml
- name: generate heat cephadm-extra-vars for running tripleo_cephadm role
copy:
dest: "{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml"
content: "{{ cephadm_extra_vars | combine(ceph_overrides|default({}))
| combine(ceph_monitoring_stack|default({}))
| combine(ceph_dashboard_vars|default({}))
| combine(cephadm_rgw_vars|default({}))
| combine(cephfs_metadata|default({}))
| combine(ceph_nfs_vars|default({}))
| combine(cephfs_data|default({}))
| to_nice_yaml }}"
- name: Set bootstrap host
set_fact:
tripleo_cephadm_bootstrap_host: "{{ groups['ceph_mon'][0] }}"
- name: Set first monitor IP
set_fact:
tripleo_cephadm_first_mon_ip: "{{ hostvars[tripleo_cephadm_bootstrap_host][tripleo_run_cephadm_net] |
default(ansible_host) }}"
vars:
tripleo_run_cephadm_net: "{{ service_net_map['ceph_mon_network']|default('') + '_ip' }}"
- name: generate ansible cephadm-extra-vars for running tripleo_cephadm role
copy:
dest: "{{ playbook_dir }}/cephadm/cephadm-extra-vars-ansible.yml"
content: |
tripleo_cephadm_bootstrap_host: {{ tripleo_cephadm_bootstrap_host }}
tripleo_cephadm_first_mon_ip: {{ tripleo_cephadm_first_mon_ip }}
tripleo_cephadm_spec_on_bootstrap: false
tripleo_cephadm_pools: {{ openstack_pools.get('openstack_pools', []) }}
tripleo_cephadm_keys: {{ keys.get('keys',[]) }}
dashboard_frontend_vip: {{ grafana_vip|default() }}
service_net_map: {{ service_net_map|default({}) }}

View File

@ -0,0 +1,2 @@
---
# vars file for tripleo_ceph_run_cephadm

View File

@ -47,6 +47,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_ptp
- tripleo-ansible-centos-8-molecule-tripleo_puppet_cache
- tripleo-ansible-centos-8-molecule-tripleo_redhat_enforce
- tripleo-ansible-centos-8-molecule-tripleo_run_cephadm
- tripleo-ansible-centos-8-molecule-tripleo_securetty
- tripleo-ansible-centos-8-molecule-tripleo_ssh_known_hosts
- tripleo-ansible-centos-8-molecule-tripleo_sshd
@ -103,6 +104,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_ptp
- tripleo-ansible-centos-8-molecule-tripleo_puppet_cache
- tripleo-ansible-centos-8-molecule-tripleo_redhat_enforce
- tripleo-ansible-centos-8-molecule-tripleo_run_cephadm
- tripleo-ansible-centos-8-molecule-tripleo_securetty
- tripleo-ansible-centos-8-molecule-tripleo_ssh_known_hosts
- tripleo-ansible-centos-8-molecule-tripleo_sshd
@ -158,6 +160,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_ptp
- tripleo-ansible-centos-8-molecule-tripleo_puppet_cache
- tripleo-ansible-centos-8-molecule-tripleo_redhat_enforce
- tripleo-ansible-centos-8-molecule-tripleo_run_cephadm
- tripleo-ansible-centos-8-molecule-tripleo_securetty
- tripleo-ansible-centos-8-molecule-tripleo_ssh_known_hosts
- tripleo-ansible-centos-8-molecule-tripleo_sshd
@ -486,6 +489,14 @@
parent: tripleo-ansible-centos-8-base
vars:
tox_envlist: mol-tripleo_redhat_enforce
- job:
files:
- ^tripleo_ansible/roles/tripleo_run_cephadm/.*
name: tripleo-ansible-centos-8-molecule-tripleo_run_cephadm
parent: tripleo-ansible-centos-8-base
vars:
tripleo_job_ansible_args: --skip-tags=run_cephadm
tripleo_role_name: tripleo_run_cephadm
- job:
files:
- ^tripleo_ansible/roles/tripleo_securetty/.*