As per  the ceph_mkspec module accepts the networks parameter
that defines where the specified daemon should be bound.
This patch adds the existing parameter to the monitoring stack
tasks that are supposed to apply node-exporter(s), prometheus
and alertmanager when DashboardEnabled is true.
In addition, due to recent changes in Ceph, both grafana and
the dashboard passwords must be passed via `-i`. This change
makes us able to configure the password via stdin.
Finally, the tls support is added to the grafana component,
which is exposed to the operators.
(cherry picked from commit 7e7db792d2)
It is not necessary to distribute the ceph-admin user's
private SSH key to every host of a Ceph service; only
the hosts running the ceph_mgr and ceph_mon services
need the private key. By default this is limited to
the controller nodes only.
The existing role calls the ceph-admin-user-playbook.yml.
Split it into two calls which use --limit to target the
necessary Ceph service hosts and set distribute_private_key
to true only for mons/mgrs.
(cherry picked from commit 4d3144fce3)
When internal_tls is true, step1 runs the linux-system-roles.certificate
which is able to produce the ceph_rgw.pem file .
When this info is available, we need to make sure that cephadm is able
to process it using the spec, and it's included in the deployed rgw(s)
If the rgw_frontend_ssl_certificate is empty, then this key can be
ignored (this means tls is not enabled). The ceph_spec module is now
able to filter and drop empty keys if the value is not provided when
the spec dict is built.
The ceph_spec_bootstrap Ansible module uses information
about the enabled services, roles, and deployed hosts to
determine what Ceph services should run on what hosts and
generate a valid Ceph spec file.
This allows the desired end state defined in TripleO to be
translated into an end state defined in Ceph orchestrator.
The intention is to use this module when bootstrapping Ceph.
This change removes files/ceph_spec.yaml, which is a spec
file for TripleO standalone deployments in THT scenario001.
This file will now be created dynamically by the new module.
Also, fix spelling error in ceph-admin-user-playbook.yml.
This change adds the mkspec module which is able to build
a daemon specific spec and apply it against the deployed
In addition, multiple tasks have been added with the purpose
of integrating all the scenario004 services and properly
manage the cephadm playbook flow according to the enabled
Since we're still provisioning the Ceph cluster at step2 we need
to call the cephadm playbook the same way as ceph-ansible.
The purpose of this role is to be able to run the cephadm playbook
The actions implemented in this role are:
1. prepare: build a cephadm dir within the config-download dump
2. enable_ceph_admin_user via cli-enable-ssh-admin.yaml playbook
3. translates the tht paramters and make them available to the role
4. call the ansible playbook that runs cephadm and apply the spec