diff --git a/.ansible-lint b/.ansible-lint index f2145939b..d566944ef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -5,3 +5,5 @@ quiet: false rulesdir: - .ansible-lint_rules/ verbosity: 1 +warn_list: + - '901' # Failed to load or parse file diff --git a/doc/source/roles/role-tripleo_run_cephadm.rst b/doc/source/roles/role-tripleo_run_cephadm.rst new file mode 100644 index 000000000..28460a17f --- /dev/null +++ b/doc/source/roles/role-tripleo_run_cephadm.rst @@ -0,0 +1,6 @@ +========================== +Role - tripleo_run_cephadm +========================== + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo_run_cephadm diff --git a/tripleo_ansible/playbooks/cephadm.yml b/tripleo_ansible/playbooks/cephadm.yml new file mode 100644 index 000000000..6e6e9bd30 --- /dev/null +++ b/tripleo_ansible/playbooks/cephadm.yml @@ -0,0 +1,48 @@ +--- +# Copyright 2021 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Deploy Ceph with cephadm + hosts: ceph_mon[0] + tasks: + - name: Satisfy Ceph prerequisites + import_role: + role: tripleo_cephadm + tasks_from: pre + + - name: Bootstrap Ceph + import_role: + role: tripleo_cephadm + tasks_from: bootstrap + + - name: Apply Ceph spec + import_role: + role: tripleo_cephadm + tasks_from: apply_spec + when: not tripleo_cephadm_spec_on_bootstrap + + - name: Create Pools + import_role: + role: tripleo_cephadm + tasks_from: pools + + - name: Create Keys + import_role: + role: tripleo_cephadm + tasks_from: keys + + - name: Export configuration for tripleo_ceph_client + import_role: + role: tripleo_cephadm + tasks_from: export diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/README.md b/tripleo_ansible/roles/tripleo_run_cephadm/README.md new file mode 100644 index 000000000..7a5e5385b --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/README.md @@ -0,0 +1,13 @@ +tripleo_run_cephadm +========= + +The purpose of this role is to perform three main actions: + +1. prepare the necessary information for the cephadm playbook execution +3. Enable the ceph-admin user +2. execute the cephadm playbook + +Role Variables +-------------- + +- tripleo_run_cephadm_command_log: where the cephadm playbook logs its execution. diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/defaults/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/defaults/main.yml new file mode 100644 index 000000000..080877a19 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# defaults file for tripleo_ceph_run_cephadm +tripleo_run_cephadm_command_log: "cephadm_command.log" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/meta/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/meta/main.yml new file mode 100644 index 000000000..e573cffbf --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/meta/main.yml @@ -0,0 +1,25 @@ +--- +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo_cephadm + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Centos + versions: + - 7 + - 8 + + galaxy_tags: + - tripleo + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/Dockerfile new file mode 100644 index 000000000..30e9e7534 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/Dockerfile @@ -0,0 +1,36 @@ +# Molecule managed +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/converge.yml new file mode 100644 index 000000000..d4da46f9f --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/converge.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo_run_cephadm" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/molecule.yml new file mode 100644 index 000000000..5ac01e418 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/molecule.yml @@ -0,0 +1,50 @@ +--- +driver: + name: podman + +log: true + +platforms: + - name: ubi8 + hostname: ubi8 + image: ubi8/ubi-init + registry: + url: registry.access.redhat.com + dockerfile: Dockerfile + pkg_extras: python*setuptools + volumes: + - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro + - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg + privileged: true + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + ulimits: &ulimit + - host + +provisioner: + inventory: + hosts: + all: + hosts: + ubi8: + ansible_python_interpreter: /usr/bin/python3 + vars: + ansible_user: root + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - check + - verify + - destroy + +verifier: + name: testinfra diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/prepare.yml new file mode 100644 index 000000000..2c88417fe --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/prepare.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + post_tasks: + - name: Ensure the cephadm workdir exists + file: + path: "{{ playbook_dir }}/cephadm" + state: "directory" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml new file mode 100644 index 000000000..d29d2e564 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Enable ceph-admin user + set_fact: + cephadm_ssh_list: + - ANSIBLE_LOG_PATH="{{ playbook_dir }}/cephadm/cephadm_enable_user_key.log" + - ANSIBLE_HOST_KEY_CHECKING=false + - ansible-playbook + - '-i' + - '{{ inventory_file }}' + - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' + - '/usr/share/ansible/tripleo-playbooks/cli-enable-ssh-admin.yaml' + - '-e @{{ playbook_dir}}/cephadm/ceph-admin.yml' + +- name: Prepare cephadm user and keys + shell: "{{ cephadm_ssh_list|join(' ') }}" + tags: + - run_cephadm diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/main.yml new file mode 100644 index 000000000..8991d88e1 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/main.yml @@ -0,0 +1,78 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# tasks file for tripleo_run_cephadm +- name: set cephadm playbook + set_fact: + tripleo_run_cephadm_playbook: > + {{ tripleo_run_cephadm_playbook|default('/usr/share/ansible/tripleo-playbooks/cephadm.yml') }} + +- name: Setup the log path + set_fact: + tripleo_run_cephadm_log_path: "{{ playbook_dir }}/cephadm/{{ tripleo_run_cephadm_command_log }}" +- name: Setup the cephadm playbook command + set_fact: + triple_run_cephadm_command_list: + - ANSIBLE_LOG_PATH="{{ tripleo_run_cephadm_log_path }}" + - ANSIBLE_HOST_KEY_CHECKING=false + - ansible-playbook + - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' + - '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml' + - '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-ansible.yml' + - '-e @{{ playbook_dir }}/global_vars.yaml' + +- name: save cephadm playbook command to shell script + copy: + dest: "{{ playbook_dir }}/cephadm/cephadm_command.sh" + mode: '0755' + content: | + #!/usr/bin/env bash + set -e + echo "Running $0" >> {{ tripleo_run_cephadm_log_path }} + {% set inv = "-i "+ inventory_file %} + {{ triple_run_cephadm_command_list|join(' ') }} {{ inv }} {{ tripleo_run_cephadm_playbook }} 2>&1 + +- name: "Notify user about upcoming cephadm execution(s)" + debug: + msg: "Running {{ ceph_scripts|default(['cephadm_command.sh'])|length }} cephadm playbook(s) (immediate log at {{ tripleo_run_cephadm_log_path }})" + +- name: run cephadm playbook + shell: "{{ playbook_dir + '/cephadm/cephadm_command.sh' }}" + failed_when: false + register: triple_run_cephadm_output + when: triple_run_cephadm_output.rc is undefined or triple_run_cephadm_output.rc == 0 + tags: + - run_cephadm + +- name: search triple_run_cephadm_output of cephadm run(s) non-zero return codes + set_fact: + tripleo_run_cephadm_std_out_err: "{{ triple_run_cephadm_output.stdout_lines | default([]) | union(triple_run_cephadm_output.stderr_lines | default([])) }}" + no_log: "{{ tripleo_run_cephadm_hide_sensitive_logs | bool }}" + when: + - triple_run_cephadm_output.rc is defined + - triple_run_cephadm_output.rc != 0 + tags: + - run_cephadm + +- name: print cephadm triple_run_cephadm_output in case of failure + debug: + var: tripleo_run_cephadm_std_out_err + when: + - tripleo_run_cephadm_std_out_err is defined + failed_when: + - tripleo_run_cephadm_std_out_err is defined + tags: + - run_cephadm diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml new file mode 100644 index 000000000..738441651 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml @@ -0,0 +1,112 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: create cephadm workdir + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ playbook_dir }}/cephadm" + tags: + - run_cephadm + +- name: symbolic link to tripleo inventory from ceph-ansible work directory + file: + src: "{{ inventory_file }}" + dest: "{{ playbook_dir }}/cephadm/inventory.yml" + state: link + force: true + tags: + - run_cephadm + +- name: generate ceph-admin.yml extra vars for user creation + copy: + dest: "{{ playbook_dir }}/cephadm/ceph-admin.yml" + content: "{{ ceph_admin_extra_vars | to_nice_yaml }}" + +- name: get the list of enabled services on the overcloud + set_fact: + tripleo_enabled_services: "{{ enabled_services | default([]) }}" + +- name: set dashboard_vip variable if dashboard is enabled + block: + - name: get the frontend_dashboard_vip from the overcloud vars + command: "hiera -c /etc/puppet/hiera.yaml ceph_dashboard_vip" + register: frontend_vip + become: true + - name: set dashboard_frontend variable + set_fact: + grafana_vip: |- + {% set dashboard_vip = control_virtual_ip %} + {% if frontend_vip.stdout != "nil" %} + {% set dashboard_vip = frontend_vip.stdout %} + {% endif %} + {{ dashboard_vip }} + when: + - tripleo_enabled_services | intersect(['ceph_grafana']) + +- include_role: + name: tripleo_ceph_work_dir + tasks_from: build_pools.yml + vars: + tripleo_pool_images: "{{ ceph_pools.glance_pool.enabled }}" + tripleo_pool_vms: "{{ ceph_pools.nova_pool.enabled }}" + tripleo_pool_volumes: "{{ ceph_pools.cinder_pool.enabled }}" + tripleo_pool_backup: "{{ ceph_pools.cinder_backup_pool.enabled }}" + tripleo_pool_metrics: "{{ ceph_pools.gnocchi_pool.enabled }}" + +- include_role: + name: tripleo_ceph_work_dir + tasks_from: build_keys.yml + +- include_role: + name: tripleo_ceph_work_dir + tasks_from: build_config_overrides.yml + +- name: generate heat cephadm-extra-vars for running tripleo_cephadm role + copy: + dest: "{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml" + content: "{{ cephadm_extra_vars | combine(ceph_overrides|default({})) + | combine(ceph_monitoring_stack|default({})) + | combine(ceph_dashboard_vars|default({})) + | combine(cephadm_rgw_vars|default({})) + | combine(cephfs_metadata|default({})) + | combine(ceph_nfs_vars|default({})) + | combine(cephfs_data|default({})) + | to_nice_yaml }}" + +- name: Set bootstrap host + set_fact: + tripleo_cephadm_bootstrap_host: "{{ groups['ceph_mon'][0] }}" + +- name: Set first monitor IP + set_fact: + tripleo_cephadm_first_mon_ip: "{{ hostvars[tripleo_cephadm_bootstrap_host][tripleo_run_cephadm_net] | + default(ansible_host) }}" + vars: + tripleo_run_cephadm_net: "{{ service_net_map['ceph_mon_network']|default('') + '_ip' }}" + +- name: generate ansible cephadm-extra-vars for running tripleo_cephadm role + copy: + dest: "{{ playbook_dir }}/cephadm/cephadm-extra-vars-ansible.yml" + content: | + tripleo_cephadm_bootstrap_host: {{ tripleo_cephadm_bootstrap_host }} + tripleo_cephadm_first_mon_ip: {{ tripleo_cephadm_first_mon_ip }} + tripleo_cephadm_spec_on_bootstrap: false + tripleo_cephadm_pools: {{ openstack_pools.get('openstack_pools', []) }} + tripleo_cephadm_keys: {{ keys.get('keys',[]) }} + dashboard_frontend_vip: {{ grafana_vip|default() }} + service_net_map: {{ service_net_map|default({}) }} diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/vars/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/vars/main.yml new file mode 100644 index 000000000..c0f9477a2 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_run_cephadm/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tripleo_ceph_run_cephadm diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 91d5a3fa5..5b80d233a 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -47,6 +47,7 @@ - tripleo-ansible-centos-8-molecule-tripleo_ptp - tripleo-ansible-centos-8-molecule-tripleo_puppet_cache - tripleo-ansible-centos-8-molecule-tripleo_redhat_enforce + - tripleo-ansible-centos-8-molecule-tripleo_run_cephadm - tripleo-ansible-centos-8-molecule-tripleo_securetty - tripleo-ansible-centos-8-molecule-tripleo_ssh_known_hosts - tripleo-ansible-centos-8-molecule-tripleo_sshd @@ -103,6 +104,7 @@ - tripleo-ansible-centos-8-molecule-tripleo_ptp - tripleo-ansible-centos-8-molecule-tripleo_puppet_cache - tripleo-ansible-centos-8-molecule-tripleo_redhat_enforce + - tripleo-ansible-centos-8-molecule-tripleo_run_cephadm - tripleo-ansible-centos-8-molecule-tripleo_securetty - tripleo-ansible-centos-8-molecule-tripleo_ssh_known_hosts - tripleo-ansible-centos-8-molecule-tripleo_sshd @@ -158,6 +160,7 @@ - tripleo-ansible-centos-8-molecule-tripleo_ptp - tripleo-ansible-centos-8-molecule-tripleo_puppet_cache - tripleo-ansible-centos-8-molecule-tripleo_redhat_enforce + - tripleo-ansible-centos-8-molecule-tripleo_run_cephadm - tripleo-ansible-centos-8-molecule-tripleo_securetty - tripleo-ansible-centos-8-molecule-tripleo_ssh_known_hosts - tripleo-ansible-centos-8-molecule-tripleo_sshd @@ -486,6 +489,14 @@ parent: tripleo-ansible-centos-8-base vars: tox_envlist: mol-tripleo_redhat_enforce +- job: + files: + - ^tripleo_ansible/roles/tripleo_run_cephadm/.* + name: tripleo-ansible-centos-8-molecule-tripleo_run_cephadm + parent: tripleo-ansible-centos-8-base + vars: + tripleo_job_ansible_args: --skip-tags=run_cephadm + tripleo_role_name: tripleo_run_cephadm - job: files: - ^tripleo_ansible/roles/tripleo_securetty/.*