search

stackhpc / ansible-collection-cephadm

Apache License 2.0
16 stars 10 forks source link

cephadm_keys is ignored and doesn't create user+cred #75

Open stuartc-graphcore opened 1 year ago

stuartc-graphcore commented 1 year ago

Using the example below, after a successful deployment there is no global.client user in the ceph db.

---
#- name: Install epel on mons
#  hosts: mons
#  become: true
#  tasks:
#    - package:
#        name: epel-release
#        state: present
- name: Run cephadm collection
  any_errors_fatal: True
  hosts: ceph
  become: true
  vars:
    cephadm_ceph_release: "pacific"
    cephadm_fsid: "736XXXXX3a"
    cephadm_public_interface: "{{ public_net_interface }}"
    cephadm_public_network: "{{ public_net_cidr }}"
    cephadm_cluster_interface: "{{ storage_net_interface }}"
    cephadm_cluster_network: "{{ storage_net_cidr }}"
    cephadm_enable_dashboard: True
    cephadm_enable_monitoring: True
    cephadm_install_ceph_cli: True
    cephadm_enable_firewalld: False
    cephadm_bootstrap_host: "{{ groups['mgrs'][0] }}"
    cephadm_osd_spec:
      service_type: osd
      service_id: osd_spec_default
      placement:
        host_pattern: "*cephosd*"
      data_devices:
        paths:
          - /dev/vdb
          - /dev/vdc
    cephadm_pools:
      - name: data
        application: cephfs
        state: present
        size: 3
      - name: metadata
        application: cephfs
        state: present
        size: 3
      - name: rbd-internal
        application: rbd
        state: present
        size: 3
### these keys don't seem to get applied...
    cephadm_keys:
      - name: client.global
        caps:
          mds: "allow rwp"
          mon: "allow r, profile rbd"
          osd: "allow * pool=*"
          mgr: "allow rw, profile rbd pool=rbd-internal"
        state: present
    cephadm_commands:
      - "fs new gradientdev metadata data"
      - "orch apply mds gradientdev --placement 3"
      - "auth get-or-create client.gradient"
      - "auth caps client.gradient mds 'allow rwps' mon 'allow r, profile rbd' mgr 'allow rw, profile rbd pool=rbd-internal' osd 'allow rw tag cephfs *=*, profile rbd pool=rbd-internal'"
  pre_tasks:
  - name: Recursively remove /mnt/public directory
    ansible.builtin.file:
      path: /mnt/public
      state: absent
  - name: Recursively remove /mnt/poddata directory
    ansible.builtin.file:
      path: /mnt/poddata
      state: absent
  - name: Unmount /dev/vdb /mnt if mounted
    ansible.posix.mount:
      path: /mnt
      src: /dev/vdb
      state: absent
    register: mnt_unmounted
  - name: Debug unmount /dev/vdb
    ansible.builtin.debug:
      msg: "{{ mnt_unmounted }}"
    when: false
#    become: true
  - name: reboot the machine when /mnt has been removed
    ansible.builtin.reboot:
    when: mnt_unmounted.changed == true
  - name: Create /var/lib/ceph mountpoint
    ansible.builtin.file:
      path: /var/lib/ceph
      mode: 0755
      state: directory
    when: "'cephmgr' in inventory_hostname"
  - name: Mount /dev/vdb /var/lib/ceph for mons
    ansible.posix.mount:
      path: /var/lib/ceph
      src: /dev/vdb
      state: mounted
      fstype: ext4
    when: "'cephmgr' in inventory_hostname"
  - name: Generate /etc/hosts
    blockinfile:
      path: /etc/hosts
      marker_begin: BEGIN CEPH host
      block: |
        10.12.17.96 lr17-1-cephmgr1
        10.12.17.198 lr17-1-cephmgr2
        10.12.17.216 lr17-1-cephmgr3
        10.12.17.148 lr17-1-cephosd1
        10.12.17.185 lr17-1-cephosd2
        10.12.17.128 lr17-1-cephosd3
        10.12.17.54 lr17-1-cephosd4
        10.12.17.126 lr17-1-cephosd5
        10.12.17.67 lr17-1-cephosd6
        10.12.17.130 lr17-1-cephosd7
        10.12.17.31 lr17-1-cephosd8
        10.12.17.60 lr17-1-cephosd9
        10.12.17.222 lr17-1-cephosd10
        10.12.17.171 lr17-1-cephosd11
        10.12.17.39 lr17-1-cephosd12
        10.12.17.18 lr17-1-cephosd13
    become: true
  roles:
    - role: stackhpc.cephadm.cephadm
    - role: stackhpc.cephadm.pools
    - role: stackhpc.cephadm.keys
    - role: stackhpc.cephadm.commands
mnasiadka commented 1 year ago

@stuartc-graphcore Can you share the playbook that you're using? Are you sure you're running the role that implements cephadm_keys?

stuartc-graphcore commented 1 year ago

I posted most of it.. now updated with the full file (with obfuscated keys)