roles/rook_ceph/tasks/main.yml - atmosphere - Gitiles

 # Copyright (c) 2022 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.

 - name: Uninstall the legacy HelmRelease
   run_once: true
   block:
     - name: Suspend the existing HelmRelease
       kubernetes.core.k8s:
         state: patched
         api_version: helm.toolkit.fluxcd.io/v2beta1
         kind: HelmRelease
         name: "{{ rook_ceph_helm_release_name }}"
         namespace: "{{ rook_ceph_helm_release_namespace }}"
         definition:
           spec:
             suspend: true

     - name: Remove the existing HelmRelease
       kubernetes.core.k8s:
         state: absent
         api_version: helm.toolkit.fluxcd.io/v2beta1
         kind: HelmRelease
         name: "{{ rook_ceph_helm_release_name }}"
         namespace: "{{ rook_ceph_helm_release_namespace }}"

 - name: Retrieve keyring for client.admin
   run_once: true
   vexxhost.atmosphere.ceph_key:
     name: client.admin
     state: info
     output_format: json
   register: _ceph_key

 - name: Store keyring inside fact for client.admin
   ansible.builtin.set_fact:
     _atmosphere_rook_client_admin_key: "{{ (_ceph_key.stdout | from_json | first).key }}"

 - name: Retrieve keyring for monitors
   run_once: true
   vexxhost.atmosphere.ceph_key:
     name: mon.
     state: info
     output_format: json
   register: _ceph_key

 - name: Store keyring inside fact for monitors
   ansible.builtin.set_fact:
     _atmosphere_rook_mon_key: "{{ (_ceph_key.stdout | from_json | first).key }}"

 - name: Collect "ceph mon dump" output from a monitor
   run_once: true
   ansible.builtin.command: ceph mon dump -f json
   changed_when: false
   register: _ceph_mon_dump

 - name: Generate fact with list of Ceph monitors
   run_once: true
   ansible.builtin.set_fact:
     _atmosphere_ceph_monitors: "{{ _ceph_mon_dump.stdout | from_json | community.general.json_query('mons[*].{name: name, address: addr}') }}"

 - name: Set ceph_mon list
   ansible.builtin.set_fact:
     _ceph_mon_list: "{{ (_ceph_mon_list | d([]) + [item.name + '=' + item.address]) | unique }}"
   loop: "{{ _atmosphere_ceph_monitors }}"

 - name: Create rook configuration
   kubernetes.core.k8s:
     state: present
     definition:
       - apiVersion: v1
         kind: Secret
         metadata:
           name: rook-ceph-mon
           namespace: "{{ rook_ceph_helm_release_namespace }}"
         data:
           cluster-name: ceph
           fsid: "{{ ceph_mon_fsid }}"
           admin-secret: "{{ _atmosphere_rook_client_admin_key }}"
           mon-secret: "{{ _atmosphere_rook_mon_key }}"

       - apiVersion: v1
         kind: ConfigMap
         metadata:
           name: rook-ceph-mon-endpoints
           namespace: "{{ rook_ceph_helm_release_namespace }}"
         data:
           data: "{{ _ceph_mon_list | sort | join(',') }}"
           mapping: "{}"
           maxMonId: "2"

       - apiVersion: v1
         kind: ConfigMap
         metadata:
           name: rook-config-override
           namespace: "{{ rook_ceph_helm_release_namespace }}"
         data:
           config: |
             [client]
             rgw keystone api version = 3
             rgw keystone url =  http://keystone-api.openstack.svc.cluster.local:5000
             rgw keystone admin user = rgw-{{ openstack_helm_endpoints_rgw_region_name }}
             rgw keystone admin password = {{ openstack_helm_endpoints_rgw_keystone_password }}
             rgw_keystone admin domain = service
             rgw_keystone admin project = service
             rgw keystone implicit tenants = true
             rgw keystone accepted roles = member,admin
             rgw_keystone accepted admin roles = admin
             rgw keystone token cache size = 0
             rgw s3 auth use keystone = true
             rgw swift account in url = true
             rgw swift versioning enabled = true

 - name: Create ceph cluster
   kubernetes.core.k8s:
     state: present
     definition:
       - apiVersion: ceph.rook.io/v1
         kind: CephCluster
         metadata:
           name: rook-ceph
           namespace: rook-ceph
         spec:
           dataDirHostPath: /var/lib/rook
           cephVersion:
             image: quay.io/ceph/ceph:v16.2.10
           external:
             enable: true

 - name: Create ceph object store
   kubernetes.core.k8s:
     state: present
     definition:
       - apiVersion: ceph.rook.io/v1
         kind: CephObjectStore
         metadata:
           name: rook-ceph
           namespace: rook-ceph
         spec:
           metadataPool:
             failureDomain: host
             replicated:
               size: 3
           dataPool:
             failureDomain: host
             replicated:
               size: 3
           preservePoolsOnDelete: true
           gateway:
             port: 80
             instances: 3
             placement:
               nodeAffinity:
                 requiredDuringSchedulingIgnoredDuringExecution:
                     nodeSelectorTerms:
                       - matchExpressions:
                           - key: openstack-control-plane
                             operator: In
                             values: ["enabled"]

 - name: Create Ingress
   ansible.builtin.include_role:
     name: openstack_helm_ingress
   vars:
     openstack_helm_ingress_endpoint: ceph_object_store
     openstack_helm_ingress_service_name: rook-ceph-rgw-rook-ceph
     openstack_helm_ingress_service_port: 80
     openstack_helm_ingress_annotations: "{{ rook_ceph_rgw_ingress_annotations }}"

 - name: Deploy Helm chart
   run_once: true
   kubernetes.core.helm:
     name: "{{ rook_ceph_helm_release_name }}"
     chart_ref: "{{ rook_ceph_helm_chart_ref }}"
     release_namespace: "{{ rook_ceph_helm_release_namespace }}"
     create_namespace: true
     kubeconfig: /etc/kubernetes/admin.conf
     values: "{{ _rook_ceph_helm_values | combine(rook_ceph_helm_values, recursive=True) }}"
	# Copyright (c) 2022 VEXXHOST, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.

	- name: Uninstall the legacy HelmRelease
	run_once: true
	block:
	- name: Suspend the existing HelmRelease
	kubernetes.core.k8s:
	state: patched
	api_version: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	name: "{{ rook_ceph_helm_release_name }}"
	namespace: "{{ rook_ceph_helm_release_namespace }}"
	definition:
	spec:
	suspend: true

	- name: Remove the existing HelmRelease
	kubernetes.core.k8s:
	state: absent
	api_version: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	name: "{{ rook_ceph_helm_release_name }}"
	namespace: "{{ rook_ceph_helm_release_namespace }}"

	- name: Retrieve keyring for client.admin
	run_once: true
	vexxhost.atmosphere.ceph_key:
	name: client.admin
	state: info
	output_format: json
	register: _ceph_key

	- name: Store keyring inside fact for client.admin
	ansible.builtin.set_fact:
	_atmosphere_rook_client_admin_key: "{{ (_ceph_key.stdout \| from_json \| first).key }}"

	- name: Retrieve keyring for monitors
	run_once: true
	vexxhost.atmosphere.ceph_key:
	name: mon.
	state: info
	output_format: json
	register: _ceph_key

	- name: Store keyring inside fact for monitors
	ansible.builtin.set_fact:
	_atmosphere_rook_mon_key: "{{ (_ceph_key.stdout \| from_json \| first).key }}"

	- name: Collect "ceph mon dump" output from a monitor
	run_once: true
	ansible.builtin.command: ceph mon dump -f json
	changed_when: false
	register: _ceph_mon_dump

	- name: Generate fact with list of Ceph monitors
	run_once: true
	ansible.builtin.set_fact:
	_atmosphere_ceph_monitors: "{{ _ceph_mon_dump.stdout \| from_json \| community.general.json_query('mons[*].{name: name, address: addr}') }}"

	- name: Set ceph_mon list
	ansible.builtin.set_fact:
	_ceph_mon_list: "{{ (_ceph_mon_list \| d([]) + [item.name + '=' + item.address]) \| unique }}"
	loop: "{{ _atmosphere_ceph_monitors }}"

	- name: Create rook configuration
	kubernetes.core.k8s:
	state: present
	definition:
	- apiVersion: v1
	kind: Secret
	metadata:
	name: rook-ceph-mon
	namespace: "{{ rook_ceph_helm_release_namespace }}"
	data:
	cluster-name: ceph
	fsid: "{{ ceph_mon_fsid }}"
	admin-secret: "{{ _atmosphere_rook_client_admin_key }}"
	mon-secret: "{{ _atmosphere_rook_mon_key }}"

	- apiVersion: v1
	kind: ConfigMap
	metadata:
	name: rook-ceph-mon-endpoints
	namespace: "{{ rook_ceph_helm_release_namespace }}"
	data:
	data: "{{ _ceph_mon_list \| sort \| join(',') }}"
	mapping: "{}"
	maxMonId: "2"

	- apiVersion: v1
	kind: ConfigMap
	metadata:
	name: rook-config-override
	namespace: "{{ rook_ceph_helm_release_namespace }}"
	data:
	config: \|
	[client]
	rgw keystone api version = 3
	rgw keystone url = http://keystone-api.openstack.svc.cluster.local:5000
	rgw keystone admin user = rgw-{{ openstack_helm_endpoints_rgw_region_name }}
	rgw keystone admin password = {{ openstack_helm_endpoints_rgw_keystone_password }}
	rgw_keystone admin domain = service
	rgw_keystone admin project = service
	rgw keystone implicit tenants = true
	rgw keystone accepted roles = member,admin
	rgw_keystone accepted admin roles = admin
	rgw keystone token cache size = 0
	rgw s3 auth use keystone = true
	rgw swift account in url = true
	rgw swift versioning enabled = true

	- name: Create ceph cluster
	kubernetes.core.k8s:
	state: present
	definition:
	- apiVersion: ceph.rook.io/v1
	kind: CephCluster
	metadata:
	name: rook-ceph
	namespace: rook-ceph
	spec:
	dataDirHostPath: /var/lib/rook
	cephVersion:
	image: quay.io/ceph/ceph:v16.2.10
	external:
	enable: true

	- name: Create ceph object store
	kubernetes.core.k8s:
	state: present
	definition:
	- apiVersion: ceph.rook.io/v1
	kind: CephObjectStore
	metadata:
	name: rook-ceph
	namespace: rook-ceph
	spec:
	metadataPool:
	failureDomain: host
	replicated:
	size: 3
	dataPool:
	failureDomain: host
	replicated:
	size: 3
	preservePoolsOnDelete: true
	gateway:
	port: 80
	instances: 3
	placement:
	nodeAffinity:
	requiredDuringSchedulingIgnoredDuringExecution:
	nodeSelectorTerms:
	- matchExpressions:
	- key: openstack-control-plane
	operator: In
	values: ["enabled"]

	- name: Create Ingress
	ansible.builtin.include_role:
	name: openstack_helm_ingress
	vars:
	openstack_helm_ingress_endpoint: ceph_object_store
	openstack_helm_ingress_service_name: rook-ceph-rgw-rook-ceph
	openstack_helm_ingress_service_port: 80
	openstack_helm_ingress_annotations: "{{ rook_ceph_rgw_ingress_annotations }}"

	- name: Deploy Helm chart
	run_once: true
	kubernetes.core.helm:
	name: "{{ rook_ceph_helm_release_name }}"
	chart_ref: "{{ rook_ceph_helm_chart_ref }}"
	release_namespace: "{{ rook_ceph_helm_release_namespace }}"
	create_namespace: true
	kubeconfig: /etc/kubernetes/admin.conf
	values: "{{ _rook_ceph_helm_values \| combine(rook_ceph_helm_values, recursive=True) }}"