ceph · asm0deuz · Nov 13, 2024
diff --git a/galaxy.yml b/galaxy.yml
@@ -5,16 +5,16 @@
 
 namespace: "ceph"
 name: "automation"
-version: 1.0.1
+version: 1.1.0
 readme: README.md
 authors:
-  - Teoman ONAY <[email protected]>
+- Teoman ONAY <[email protected]>
 
 description: Ceph automation modules
 license_file: LICENSE
 # TO-DO: update the tags based on your content type
-tags: ["linux", "tools"]
-dependencies: {}
+tags: [ "linux", "tools" ]
+dependencies: { ansible.posix, community.general }
 
 repository: https://github.com/ceph/ceph.automation
 documentation: https://docs.ceph.com/projects/ceph.automation
@@ -26,9 +26,10 @@ issues: https://github.com/ceph/ceph.automation/issues
 # uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
 # and '.git' are always filtered. Mutually exclusive with 'manifest'
 build_ignore:
-  - .gitignore
-  - changelogs/.plugin-cache.yaml
-  - ".*"
+- .gitignore
+- changelogs/.plugin-cache.yaml
+- ".*"
+
 # A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
 # list of MANIFEST.in style
 # L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key

diff --git a/playbooks/cephadm-clients.yml b/playbooks/cephadm-clients.yml
@@ -0,0 +1,187 @@
+---
+# Copyright Red Hat
+# SPDX-License-Identifier: Apache-2.0
+#
+# Distribute keyring and conf files to a set of clients
+#
+# Uses ceph_defaults
+#  - local_client_dir: determines the dir name for the config files on the ansible host
+#  - ceph_defaults_ceph_client_pkgs: list of pre-req packages that must be on the client
+#
+# Required run-time variables
+# ------------------
+# keyring : full path name of the keyring file on the admin[0] host which holds the key for the client to use
+# fsid : fsid of the cluster to extract the keyring and conf from
+#
+# Optional run-time variables
+# ------------------
+# conf : full path name of the conf file on the admin[0] host to use (undefined will trigger a minimal conf)
+# ceph_defaults_client_group : ansible group name for the clients to set up
+# keyring_dest : full path name of the destination where the keyring will be copied. (default: /etc/ceph/ceph.keyring)
+#
+# Example
+# -------
+# ansible-playbook -i hosts cephadm-clients.yml -e fsid=BLA -e ceph_defaults_client_group=fs_clients -e keyring=/etc/ceph/fs.keyring
+#
+
+
+- name: Confirm local readiness
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Confirm local readiness
+      run_once: true
+      delegate_to: localhost
+      block:
+        - name: Import_role ceph_defaults
+          ansible.builtin.import_role:
+            name: ceph_defaults
+
+        - name: Fail if the fsid parameter is missing
+          ansible.builtin.fail:
+            msg: >
+              You must supply an 'fsid' parameter for the corresponding ceph cluster
+          when: fsid is undefined
+
+        - name: Fail if admin group doesn't exist or is empty
+          ansible.builtin.fail:
+            msg: |
+              You must define a group [admin] in your inventory which provides the
+              keyring that you want to distribute
+          when: "'admin' not in groups or groups['admin'] | length < 1"
+
+        - name: Fail if ceph_defaults_client_group is NOT in the inventory
+          ansible.builtin.fail:
+            msg: >
+              Variable ceph_defaults_client_group '{{ ceph_defaults_client_group }}' is not defined in the inventory
+          when: ceph_defaults_client_group not in groups
+
+        - name: Fail if keyring variable is missing
+          ansible.builtin.fail:
+            msg: |
+              You must supply a 'keyring' variable that defines the path to the key
+              that you want to distribute to your client machines
+          when: keyring is not defined
+
+
+- name: Confirm admin host is ready
+  hosts: admin[0]
+  become: true
+  gather_facts: false
+  tasks:
+    - name: Check fsid is present on {{ inventory_hostname }}
+      ansible.builtin.stat:
+        path: /var/lib/ceph/{{ fsid }}
+      register: fsid_stat
+
+    - name: Fail if fsid is not present
+      ansible.builtin.fail:
+        msg: >
+          The given fsid ({{ fsid }}), is not present in /var/lib/ceph on {{ inventory_hostname }}
+      when:
+        - not fsid_stat.stat.exists | bool
+        - not fsid_stat.stat.isdir | bool
+
+    - name: Check keyring status on {{ inventory_hostname }}
+      ansible.builtin.stat:
+        path: "{{ keyring }}"
+      register: keyring_stat
+
+    - name: Fail if keyring not found on {{ inventory_hostname }}
+      ansible.builtin.fail:
+        msg: >
+          The keyring path provided '{{ keyring }}' can not be found on {{ inventory_hostname }}
+      when: not keyring_stat.stat.exists | bool
+
+    - name: Check conf is OK to use
+      ansible.builtin.stat:
+        path: "{{ conf }}"
+      register: conf_stat
+      when: conf is defined
+
+    - name: Fail if conf supplied is not on {{ inventory_hostname }}
+      ansible.builtin.fail:
+        msg: |
+          The conf file '{{ conf }}' can not be found on {{ inventory_hostname }}
+      when:
+        - conf is defined
+        - not conf_stat.stat.exists | bool
+        - not conf_stat.stat.isreg | bool
+
+
+- name: Assemble client payload
+  hosts: admin[0]
+  become: true
+  gather_facts: false
+  tasks:
+    - name: Import_role ceph_defaults
+      ansible.builtin.import_role:
+        name: ceph_defaults
+
+    - name: Slurp the keyring
+      ansible.builtin.slurp:
+        src: "{{ keyring }}"
+      register: client_keyring
+      no_log: true
+
+    - name: Slurp the conf if it's supplied
+      ansible.builtin.slurp:
+        src: "{{ conf }}"
+      register: ceph_config
+      when:
+        - conf is defined
+        - conf | length > 0
+
+    - name: Create minimal conf as a default
+      ansible.builtin.command: cephadm shell -- ceph config generate-minimal-conf
+      register: minimal_ceph_config
+      when: conf is undefined
+
+
+- name: Distribute client configuration
+  hosts: "{{ ceph_defaults_client_group }}"
+  become: true
+  gather_facts: true
+  tasks:
+    - name: Import_role ceph_defaults
+      ansible.builtin.import_role:
+        name: ceph_defaults
+
+    - name: Install ceph-common on rhel
+      ansible.builtin.command: dnf install --allowerasing --assumeyes ceph-common
+      changed_when: false
+      register: result
+      until: result is succeeded
+      when: ansible_facts['os_family'] == 'RedHat'
+
+    - name: Install ceph client prerequisites if needed
+      ansible.builtin.package:
+        name: "{{ ceph_defaults_ceph_client_pkgs }}"
+        state: present
+      register: result
+      until: result is succeeded
+
+    - name: Copy configuration and keyring files to the clients
+      ansible.builtin.copy:
+        content: "{{ item.content }}"
+        dest: "{{ item.dest }}"
+        owner: ceph
+        group: ceph
+        mode: '0600'
+        backup: true
+      loop:
+        - { content: "{{ hostvars[groups['admin'][0]]\
+                         ['client_keyring']['content'] | b64decode }}",
+            dest: "{{ keyring_dest | default('/etc/ceph/ceph.keyring') }}",
+            copy_file: True }
+        - { content: "{{ hostvars[groups['admin'][0]]\
+                         ['minimal_ceph_config']['stdout'] | default('') }}{{ '\n' }}",
+            dest: '/etc/ceph/ceph.conf',
+            copy_file: "{{ conf is undefined }}" }
+        - { content: "{{ hostvars[groups['admin'][0]]\
+                         ['ceph_config']['content'] | default('') | b64decode }}",
+            dest: '/etc/ceph/ceph.conf',
+            copy_file: "{{ hostvars[groups['admin'][0]]\
+                           ['ceph_config']['skipped'] is undefined }}" }
+      when: item.copy_file | bool
+      no_log: true
diff --git a/playbooks/cephadm-distribute-ssh-key.yml b/playbooks/cephadm-distribute-ssh-key.yml
@@ -0,0 +1,73 @@
+---
+# Copyright Red Hat
+# SPDX-License-Identifier: Apache-2.0
+# Author: Guillaume Abrioux <[email protected]>
+#
+# This playbook copies an SSH public key to a specified user on remote hosts.
+#
+# Required run-time variables
+# ------------------
+# admin_node : The name of a node with enough privileges to call `cephadm get-pub-key` command.
+#              (usually the bootstrap node).
+#
+# Optional run-time variables
+# ------------------
+# fsid : The fsid of the Ceph cluster.
+# cephadm_ssh_user : ssh username on remote hosts.
+# cephadm_pubkey_path : Full path name of the ssh public key file *on the ansible controller host*.
+#                       If not passed, the playbook will assume it has to get the key from `cephadm get-pub-key` command.
+#
+# Example
+# -------
+# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e cephadm_pubkey_path=/home/cephadm/ceph.key -e admin_node=ceph-node0
+#
+# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e admin_node=ceph-node0
+
+- hosts: all
+  become: true
+  gather_facts: false
+  tasks:
+    - name: Fail if admin_node is not defined
+      ansible.builtin.fail:
+        msg: "You must set the variable admin_node"
+      run_once: true
+      delegate_to: localhost
+      when: admin_node is undefined
+
+    - name: Get ssh public key from a file on the Ansible controller host
+      when: cephadm_pubkey_path is defined
+      block:
+        - name: Get details about {{ cephadm_pubkey_path }}
+          ansible.builtin.stat:
+            path: "{{ cephadm_pubkey_path }}"
+          register: cephadm_pubkey_path_stat
+          delegate_to: localhost
+          run_once: true
+
+        - name: Fail if {{ cephadm_pubkey_path }} doesn't exist
+          ansible.builtin.fail:
+            msg: "{{ cephadm_pubkey_path }} doesn't exist or is invalid."
+          run_once: true
+          delegate_to: localhost
+          when:
+            - not cephadm_pubkey_path_stat.stat.exists | bool
+              or not cephadm_pubkey_path_stat.stat.isfile | bool
+
+    - name: Get the cephadm ssh pub key
+      ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm get-pub-key"
+      changed_when: false
+      run_once: true
+      register: cephadm_get_pub_key
+      delegate_to: "{{ admin_node }}"
+      when: cephadm_pubkey_path is undefined
+
+    - name: Allow ssh public key for {{ cephadm_ssh_user | default('root') }} account
+      ansible.posix.authorized_key:
+        user: "{{ cephadm_ssh_user | default('root') }}"
+        key: "{{ lookup('file', cephadm_pubkey_path) if cephadm_pubkey_path is defined else cephadm_get_pub_key.stdout }}"
+
+    - name: Set cephadm ssh user to {{ cephadm_ssh_user }}
+      ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm set-user {{ cephadm_ssh_user | default('root') }}"
+      changed_when: false
+      run_once: true
+      delegate_to: "{{ admin_node }}"