feat: switch to binary runc and containerd install (#333)
* feat: switch to binary runc and containerd install
* fix: always download directly to dst node
* feat: add crictl role
* ci: add tests for binary downloads
* ci: rename scenario and add matrix
* ci: move to using prepare
* ci: stop using anchors
* chore: refactor to download_artifact
* chore: add jammy to containerd+runc
* chore: bump ansible-lint
* chore: add more platforms for cri
* fix: ensure tar command exists
* chore: drop amznlinux2
---------
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/roles/ceph_mon/tasks/bootstrap-ceph.yml b/roles/ceph_mon/tasks/bootstrap-ceph.yml
index 19ab74a..dc19f62 100644
--- a/roles/ceph_mon/tasks/bootstrap-ceph.yml
+++ b/roles/ceph_mon/tasks/bootstrap-ceph.yml
@@ -13,7 +13,7 @@
# under the License.
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
-- name: create monitor keyring
+- name: Create monitor keyring
ansible.builtin.command:
ceph-authtool --gen-key --create-keyring
--name mon.
@@ -25,7 +25,7 @@
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
-- name: create admin keyring
+- name: Create admin keyring
ansible.builtin.command:
ceph-authtool --gen-key --create-keyring
--name client.admin
@@ -40,7 +40,7 @@
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
-- name: create bootstrap-osd keyring
+- name: Create bootstrap-osd keyring
ansible.builtin.command:
ceph-authtool --gen-key --create-keyring
--name client.bootstrap-osd
@@ -53,7 +53,8 @@
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
-- name: add admin keyring to monitor
+- name: Add admin keyring to monitor
+ changed_when: true
ansible.builtin.command:
ceph-authtool --import-keyring /etc/ceph/ceph.client.admin.keyring
/tmp/ceph.mon.keyring
@@ -61,14 +62,15 @@
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
-- name: add bootstrap-osd keyring to monitor
+- name: Add bootstrap-osd keyring to monitor
+ changed_when: true
ansible.builtin.command:
ceph-authtool --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring
/tmp/ceph.mon.keyring
when:
- inventory_hostname == groups[ceph_mon_group][0]
-- name: create monmap
+- name: Create monmap
ansible.builtin.command:
monmaptool --create
--fsid {{ ceph_mon_fsid }}
@@ -79,17 +81,17 @@
when:
- inventory_hostname == groups[ceph_mon_group][0]
-- name: create monitor folder
+- name: Create monitor folder
ansible.builtin.file:
path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}"
state: directory
owner: ceph
group: ceph
- mode: 0700
+ mode: "0700"
when:
- inventory_hostname == groups[ceph_mon_group][0]
-- name: configure mon initial members
+- name: Configure mon initial members
community.general.ini_file:
path: /etc/ceph/ceph.conf
section: global
@@ -97,13 +99,13 @@
value: "{{ inventory_hostname_short }}"
owner: ceph
group: ceph
- mode: 0640
+ mode: "0640"
-- name: start monitor
+- name: Start monitor
ansible.builtin.include_tasks: start-monitor.yml
when:
- inventory_hostname == groups[ceph_mon_group][0]
-- name: set bootstrap node
+- name: Set bootstrap node
ansible.builtin.set_fact:
_ceph_mon_bootstrap_node: "{{ groups[ceph_mon_group][0] }}"
diff --git a/roles/ceph_mon/tasks/main.yml b/roles/ceph_mon/tasks/main.yml
index 90cdfc2..5ce89e2 100644
--- a/roles/ceph_mon/tasks/main.yml
+++ b/roles/ceph_mon/tasks/main.yml
@@ -12,16 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: install packages
+- name: Install packages
ansible.builtin.apt:
name: ["ceph-mon"]
install_recommends: false
-- name: set ceph monitor ip address
+- name: Set ceph monitor ip address
ansible.builtin.set_fact:
ceph_mon_ip_address: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(ceph_mon_public_network) | first }}"
-- name: generate basic configuration file
+- name: Generate basic configuration file
community.general.ini_file:
path: /etc/ceph/ceph.conf
section: global
@@ -29,7 +29,7 @@
value: "{{ item.value }}"
owner: ceph
group: ceph
- mode: 0640
+ mode: "0640"
loop:
- option: fsid
value: "{{ ceph_mon_fsid }}"
@@ -40,53 +40,53 @@
- option: cluster network
value: "{{ ceph_mon_cluster_network }}"
-- name: check if any node is bootstrapped
+- name: Check if any node is bootstrapped
ansible.builtin.stat:
path: "/var/lib/ceph/mon/ceph-{{ hostvars[item]['inventory_hostname_short'] }}/store.db"
register: _ceph_mon_stat
loop: "{{ groups[ceph_mon_group] }}"
delegate_to: "{{ item }}"
-- name: select pre-existing bootstrap node if exists
+- name: Select pre-existing bootstrap node if exists
ansible.builtin.set_fact:
_ceph_mon_bootstrap_node: "{{ _ceph_mon_stat.results | selectattr('stat.exists', 'equalto', true) | map(attribute='item') | first }}"
when:
- _ceph_mon_stat.results | selectattr('stat.exists', 'equalto', true) | length > 0
-- name: bootstrap cluster
+- name: Bootstrap cluster
ansible.builtin.include_tasks: bootstrap-ceph.yml
when:
- _ceph_mon_stat.results | selectattr('stat.exists', 'equalto', true) | length == 0
-- name: grab admin keyring
+- name: Grab admin keyring
delegate_to: "{{ _ceph_mon_bootstrap_node }}"
ansible.builtin.slurp:
src: /etc/ceph/ceph.client.admin.keyring
register: _ceph_mon_admin_keyring
when: inventory_hostname != _ceph_mon_bootstrap_node
-- name: upload client.admin keyring
+- name: Upload client.admin keyring
ansible.builtin.copy:
content: "{{ _ceph_mon_admin_keyring['content'] | b64decode }}"
dest: /etc/ceph/ceph.client.admin.keyring
- mode: 0600
+ mode: "0600"
when: inventory_hostname != _ceph_mon_bootstrap_node
-- name: get monitor keyring
+- name: Get monitor keyring
ansible.builtin.command: ceph auth get mon. -o /tmp/ceph.mon.keyring
changed_when: false
when: inventory_hostname != _ceph_mon_bootstrap_node
-- name: get monmap keyring
+- name: Get monmap keyring
ansible.builtin.command: ceph mon getmap -o /tmp/monmap
changed_when: false
when: inventory_hostname != _ceph_mon_bootstrap_node
-- name: start monitor
+- name: Start monitor
ansible.builtin.include_tasks: start-monitor.yml
when: inventory_hostname != _ceph_mon_bootstrap_node
-- name: enable msgr2
+- name: Enable "msgr2"
ansible.builtin.command: ceph mon enable-msgr2
changed_when: false
when: inventory_hostname == _ceph_mon_bootstrap_node
diff --git a/roles/ceph_mon/tasks/start-monitor.yml b/roles/ceph_mon/tasks/start-monitor.yml
index d2f46a0..308d44b 100644
--- a/roles/ceph_mon/tasks/start-monitor.yml
+++ b/roles/ceph_mon/tasks/start-monitor.yml
@@ -12,13 +12,13 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: mkfs monitor
+- name: Create monitor filesystem
ansible.builtin.shell: |
ceph-mon --mkfs -i {{ inventory_hostname_short }} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring
args:
creates: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}/store.db"
-- name: ensure permissions are fixed
+- name: Ensure permissions are fixed
ansible.builtin.file:
path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}"
owner: ceph
@@ -26,7 +26,7 @@
recurse: true
# NOTE(mnaser): https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1917414/comments/30
-- name: workaround for aarch64 systems
+- name: Workaround for aarch64 systems
community.general.ini_file:
path: /lib/systemd/system/ceph-mon@.service
section: Service
@@ -34,11 +34,11 @@
value: false
owner: ceph
group: ceph
- mode: 0644
+ mode: "0644"
register: _ceph_aarch64_fix
when: ansible_architecture == 'aarch64'
-- name: enable and start service
+- name: Enable and start service
ansible.builtin.service:
name: "ceph-mon@{{ inventory_hostname_short }}"
state: started