From 91266f7ca14b618d76ba182d4643f1a90fa1168a Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Wed, 14 Feb 2024 15:29:03 +0100 Subject: [PATCH] ceph-config: introduce dedicated cluster config flow Signed-off-by: Seena Fallah --- plugins/filter/dict2dict.py | 23 ++++++++ roles/ceph-config/tasks/main.yml | 17 +++--- roles/ceph-config/templates/ceph.conf.j2 | 10 ++-- .../tasks/configure_dashboard.yml | 32 ----------- roles/ceph-defaults/defaults/main.yml | 14 +++++ roles/ceph-rgw/tasks/pre_requisite.yml | 9 ++-- site-container.yml.sample | 53 +++++-------------- site.yml.sample | 47 +++++----------- 8 files changed, 80 insertions(+), 125 deletions(-) create mode 100644 plugins/filter/dict2dict.py diff --git a/plugins/filter/dict2dict.py b/plugins/filter/dict2dict.py new file mode 100644 index 0000000000..5cf842f9e6 --- /dev/null +++ b/plugins/filter/dict2dict.py @@ -0,0 +1,23 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class FilterModule(object): + ''' Loop over nested dictionaries ''' + + def dict2dict(self, nested_dict): + items = [] + for key, value in nested_dict.items(): + for k, v in value.items(): + items.append( + ( + {'key': key, 'value': value}, + {'key': k, 'value': v}, + ), + ) + return items + + def filters(self): + return { + 'dict2dict': self.dict2dict + } diff --git a/roles/ceph-config/tasks/main.yml b/roles/ceph-config/tasks/main.yml index 36b46f759d..7aeda53219 100644 --- a/roles/ceph-config/tasks/main.yml +++ b/roles/ceph-config/tasks/main.yml @@ -96,14 +96,6 @@ - name: set osd related config facts when: inventory_hostname in groups.get(osd_group_name, []) block: - - name: set_fact _osd_memory_target, override from ceph_conf_overrides - set_fact: - _osd_memory_target: "{{ item }}" - loop: - - "{{ ceph_conf_overrides.get('osd', {}).get('osd memory target', '') }}" - - "{{ ceph_conf_overrides.get('osd', {}).get('osd_memory_target', '') }}" - when: item - - name: set_fact _osd_memory_target set_fact: _osd_memory_target: "{{ ((ansible_facts['memtotal_mb'] * 1048576 * safety_factor | float) / num_osds | float) | int }}" @@ -112,6 +104,14 @@ - num_osds | default(0) | int > 0 - ((ansible_facts['memtotal_mb'] * 1048576 * safety_factor | float) / num_osds | float) > (osd_memory_target | float) + - name: Append osd_memory_target to cluster host config + ansible.builtin.set_fact: + ceph_conf_overrides: + ceph_cluster_conf: "{{ ceph_cluster_conf | default({}) | ansible.builtin.combine({ 'osd.*/' + ansible_hostname ':host': {'osd_memory_target': _osd_memory_target} }, recursive=true) }}" + when: + - _osd_memory_target is defined + - ceph_conf_overrides.get('osd', {}).get('osd_memory_target', '') == '' + - name: create ceph conf directory file: path: "/etc/ceph" @@ -134,6 +134,7 @@ owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}" group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}" mode: "0644" + config_overrides: "{{ ceph_conf_overrides }}" config_type: ini notify: - restart ceph mons diff --git a/roles/ceph-config/templates/ceph.conf.j2 b/roles/ceph-config/templates/ceph.conf.j2 index 69850ed08e..af5d1cb5de 100644 --- a/roles/ceph-config/templates/ceph.conf.j2 +++ b/roles/ceph-config/templates/ceph.conf.j2 @@ -2,11 +2,11 @@ # {{ ansible_managed }} [global] -#{% if not cephx | bool %} -#auth cluster required = none -#auth service required = none -#auth client required = none -#{% endif %} +{% if not cephx | bool %} +auth cluster required = none +auth service required = none +auth client required = none +{% endif %} {# NOTE (leseb): the blank lines in-between are needed otherwise we won't get any line break #} {% set nb_mon = groups.get(mon_group_name, []) | length | int %} diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml index ad10b013f1..0883df2b36 100644 --- a/roles/ceph-dashboard/tasks/configure_dashboard.yml +++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml @@ -39,28 +39,9 @@ loop_var: ceph_dashboard_call_item when: inventory_hostname in groups.get(rgw_group_name, []) -- name: disable SSL for dashboard - when: dashboard_protocol == "http" - delegate_to: "{{ groups[mon_group_name][0] }}" - run_once: true - block: - - name: get SSL status for dashboard - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config get mgr mgr/dashboard/ssl" - changed_when: false - register: current_ssl_for_dashboard - - - name: disable SSL for dashboard - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl false" - when: current_ssl_for_dashboard.stdout == "true" - - name: with SSL for dashboard when: dashboard_protocol == "https" block: - - name: enable SSL for dashboard - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl true" - delegate_to: "{{ groups[mon_group_name][0] }}" - run_once: true - - name: copy dashboard SSL certificate file copy: src: "{{ dashboard_crt }}" @@ -155,19 +136,6 @@ delegate_to: "{{ groups[mon_group_name][0] }}" run_once: true -- name: "set the dashboard port ({{ dashboard_port }})" - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/server_port {{ dashboard_port }}" - changed_when: false - delegate_to: "{{ groups[mon_group_name][0] }}" - run_once: true - -- name: "set the dashboard SSL port ({{ dashboard_port }})" - command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl_server_port {{ dashboard_port }}" - delegate_to: "{{ groups[mon_group_name][0] }}" - run_once: true - changed_when: false - failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0 - - name: config the current dashboard backend command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['dashboard_server_addr'] }}" delegate_to: "{{ groups[mon_group_name][0] }}" diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index 71882f6ddd..57df4876c6 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -265,6 +265,20 @@ ceph_keyring_permissions: '0600' cephx: true +# Cluster configuration +ceph_cluster_conf: + global: + public_network: "{{ public_network | default(omit) }}" + cluster_network: "{{ cluster_network | default(omit) }}" + osd_pool_default_crush_rule: "{{ osd_pool_default_crush_rule }}" + ms_bind_ipv6: "{{ (ip_version == 'ipv6') | string }}" + ms_bind_ipv4: "{{ (ip_version == 'ipv4') | string }}" + osd_crush_chooseleaf_type: "{{ '0' if common_single_host_mode | default(false) else omit }}" + mgr: + mgr/dashboard/ssl: "{{ (dashboard_protocol == 'https') | string }}" + mgr/dashboard/server_port: "{{ dashboard_port }}" + mgr/dashboard/ssl_server_port: "{{ dashboard_port }}" + ## Client options # rbd_cache: "true" diff --git a/roles/ceph-rgw/tasks/pre_requisite.yml b/roles/ceph-rgw/tasks/pre_requisite.yml index 11a49f763f..42bc739971 100644 --- a/roles/ceph-rgw/tasks/pre_requisite.yml +++ b/roles/ceph-rgw/tasks/pre_requisite.yml @@ -16,11 +16,15 @@ loop: "{{ hostvars[inventory_hostname]['rgw_instances'] }}" - name: set rgw parameter (rgw_frontends) + vars: + _rgw_binding_socket: "{{ item.radosgw_address | default(_radosgw_address) | string + ':' + item.radosgw_frontend_port | default(radosgw_frontend_port) | string }}" + _rgw_beast_endpoint: "{{ 'ssl_' if radosgw_frontend_ssl_certificate else '' }}endpoint={{ _rgw_binding_socket }}" + _rgw_beast_ssl_option: "{{ ' ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}" ceph_config: action: set who: "client.rgw.{{ _rgw_hostname + '.' + item.instance_name }}" option: "rgw_frontends" - value: "beast port={{ item.radosgw_frontend_port | string }}" + value: "beast {{ _rgw_beast_endpoint }}{{ _rgw_beast_ssl_option }}" environment: CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" CEPH_CONTAINER_BINARY: "{{ container_binary }}" @@ -28,9 +32,6 @@ loop: "{{ hostvars[inventory_hostname]['rgw_instances'] }}" notify: restart ceph rgws -# rgw_frontends -# {{ 'ssl_' if radosgw_frontend_ssl_certificate else '' }}endpoint={{ _rgw_binding_socket }}{{ ' ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }} - - name: create rados gateway directories file: path: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}.{{ item.instance_name }}" diff --git a/site-container.yml.sample b/site-container.yml.sample index b100262634..ed7c1eac13 100644 --- a/site-container.yml.sample +++ b/site-container.yml.sample @@ -175,58 +175,29 @@ end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - hosts: mons[0] - become: True + become: true gather_facts: false any_errors_fatal: true tasks: - - import_role: + - name: Import default role + ansible.builtin.import_role: name: ceph-defaults - - name: set global config - ceph_config: - action: set - who: "global" - option: "{{ item.key }}" - value: "{{ item.value }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" - CEPH_CONTAINER_BINARY: "{{ container_binary }}" - with_dict: - "{{ { - 'public_network': public_network | default(False), - 'cluster_network': cluster_network | default(False), - 'osd pool default crush rule': osd_pool_default_crush_rule, - 'ms bind ipv6': 'true' if ip_version == 'ipv6' else 'false', - 'ms bind ipv4': 'false' if ip_version == 'ipv6' else 'true', - 'osd crush chooseleaf type': '0' if common_single_host_mode | default(False) | bool else False, - } }}" - when: - - inventory_hostname == ansible_play_hosts_all | last - - item.value - - - name: set global config overrides - ceph_config: - action: set - who: "global" - option: "{{ item.key }}" - value: "{{ item.value }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" - CEPH_CONTAINER_BINARY: "{{ container_binary }}" - when: inventory_hostname == ansible_play_hosts_all | last - with_dict: "{{ ceph_conf_overrides['global'] }}" + - name: Import config role + ansible.builtin.import_role: + name: ceph-config - - name: set osd_memory_target + - name: Set clsuter configs ceph_config: action: set - who: "osd.*/{{ item }}:host" - option: "osd_memory_target" - value: "{{ _osd_memory_target | default(osd_memory_target) }}" + who: "{{ item.0.key }}" + option: "{{ item.1.key }}" + value: "{{ item.1.value }}" + when: item.1.value != omit + loop: "{{ ceph_cluster_conf | dict2dict }}" environment: CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}" CEPH_CONTAINER_BINARY: "{{ container_binary }}" - when: inventory_hostname == ansible_play_hosts_all | last - loop: "{{ groups[osd_group_name] | default([]) }}" - hosts: osds become: True diff --git a/site.yml.sample b/site.yml.sample index a5c2fdd225..9ed5947695 100644 --- a/site.yml.sample +++ b/site.yml.sample @@ -167,49 +167,26 @@ end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - hosts: mons[0] - become: True + become: true gather_facts: false any_errors_fatal: true tasks: - - import_role: + - name: Import default role + ansible.builtin.import_role: name: ceph-defaults - - name: set global config - ceph_config: - action: set - who: "global" - option: "{{ item.key }}" - value: "{{ item.value }}" - with_dict: - "{{ { - 'public_network': public_network | default(False), - 'cluster_network': cluster_network | default(False), - 'osd pool default crush rule': osd_pool_default_crush_rule, - 'ms bind ipv6': 'true' if ip_version == 'ipv6' else 'false', - 'ms bind ipv4': 'false' if ip_version == 'ipv6' else 'true', - 'osd crush chooseleaf type': '0' if common_single_host_mode | default(False) | bool else False, - } }}" - when: - - inventory_hostname == ansible_play_hosts_all | last - - item.value - - - name: set global config overrides - ceph_config: - action: set - who: "global" - option: "{{ item.key }}" - value: "{{ item.value }}" - when: inventory_hostname == ansible_play_hosts_all | last - with_dict: "{{ ceph_conf_overrides['global'] }}" + - name: Import config role + ansible.builtin.import_role: + name: ceph-config - - name: set osd_memory_target + - name: Set clsuter configs ceph_config: action: set - who: "osd.*/{{ item }}:host" - option: "osd_memory_target" - value: "{{ _osd_memory_target | default(osd_memory_target) }}" - when: inventory_hostname == ansible_play_hosts_all | last - loop: "{{ groups[osd_group_name] | default([]) }}" + who: "{{ item.0.key }}" + option: "{{ item.1.key }}" + value: "{{ item.1.value }}" + when: item.1.value != omit + loop: "{{ ceph_cluster_conf | dict2dict }}" - hosts: osds gather_facts: false