Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 6fcc5ce0eaf180bc8f9a60948d77c83efba2fcad / . / roles / rook_ceph_cluster / tasks / main.yml
blob: 078bd389727d038a0d1ccfbbf33e1fa0d6c68a06 [file] [log] [blame]
Mohammed Naser3b655592023-02-10 05:59:10 +0000[diff] [blame]1# Copyright (c) 2023 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Rico Line7132672024-02-28 00:10:53 +0800[diff] [blame]15# (rlin) This is because rgw will be managed by rook operator. We need to mute
16# CEPHADM_STRAY_DAEMON until we have all daemon managed by cephadm
17- name: Mute CEPHADM_STRAY_DAEMON warning
18 run_once: true
19 delegate_to: "{{ groups[rook_ceph_cluster_mon_group][0] }}"
20 ansible.builtin.command: cephadm shell -- ceph health mute CEPHADM_STRAY_DAEMON
21 failed_when: false
22 changed_when: false
23
Mohammed Naser3b655592023-02-10 05:59:10 +0000[diff] [blame]24- name: Collect "ceph quorum_status" output from a monitor
25 run_once: true
26 delegate_to: "{{ groups[rook_ceph_cluster_mon_group][0] }}"
Rico Line7132672024-02-28 00:10:53 +0800[diff] [blame]27 ansible.builtin.command: cephadm shell -- ceph quorum_status -f json
Mohammed Naser3b655592023-02-10 05:59:10 +0000[diff] [blame]28 changed_when: false
29 register: _rook_ceph_cluster_quorum_status_data
30
31- name: Retrieve keyring for client.admin
32 run_once: true
33 delegate_to: "{{ groups[rook_ceph_cluster_mon_group][0] }}"
Mohammed Naser545bc432023-04-16 23:02:23 +0000[diff] [blame]34 vexxhost.ceph.key:
Mohammed Naser3b655592023-02-10 05:59:10 +0000[diff] [blame]35 name: client.admin
36 state: info
37 output_format: json
38 register: _rook_ceph_cluster_admin_auth_data
39
40- name: Retrieve keyring for monitors
41 run_once: true
42 delegate_to: "{{ groups[rook_ceph_cluster_mon_group][0] }}"
Mohammed Naser545bc432023-04-16 23:02:23 +0000[diff] [blame]43 vexxhost.ceph.key:
Mohammed Naser3b655592023-02-10 05:59:10 +0000[diff] [blame]44 name: mon.
45 state: info
46 output_format: json
47 register: _rook_ceph_cluster_mon_auth_data
48
49- name: Create Ceph cluster resource
50 run_once: true
51 kubernetes.core.k8s:
52 state: present
53 definition:
54 - apiVersion: v1
55 kind: Secret
56 metadata:
57 name: rook-ceph-mon
58 namespace: "{{ rook_ceph_cluster_helm_release_namespace }}"
59 stringData:
60 cluster-name: "{{ rook_ceph_cluster_name }}"
61 fsid: "{{ _rook_ceph_cluster_quorum_status.monmap.fsid }}"
62 admin-secret: "{{ _rook_ceph_cluster_admin_auth.key }}"
63 mon-secret: "{{ _rook_ceph_cluster_mon_auth.key }}"
64
65 - apiVersion: v1
66 kind: ConfigMap
67 metadata:
68 name: rook-ceph-mon-endpoints
69 namespace: "{{ rook_ceph_cluster_helm_release_namespace }}"
70 data:
71 data: "{{ _rook_ceph_cluster_leader_name }}={{ _rook_ceph_cluster_leader_addr }}"
72 maxMonId: "0"
73 mapping: "{}"
74 vars:
75 _rook_ceph_cluster_quorum_status: "{{ _rook_ceph_cluster_quorum_status_data.stdout | from_json }}"
76 _rook_ceph_cluster_admin_auth: "{{ _rook_ceph_cluster_admin_auth_data.stdout | from_json | first }}"
77 _rook_ceph_cluster_mon_auth: "{{ _rook_ceph_cluster_mon_auth_data.stdout | from_json | first }}"
78 _rook_ceph_cluster_leader_name: "{{ _rook_ceph_cluster_quorum_status.quorum_leader_name }}"
Tadas Sutkaitis4ace4182023-02-27 04:31:52 +0200[diff] [blame]79 _rook_ceph_cluster_leader_mon: "{{ (_rook_ceph_cluster_quorum_status.monmap.mons | selectattr('name', 'equalto', _rook_ceph_cluster_leader_name) | list | first) }}" # noqa: yaml[line-length]
Mohammed Naser3b655592023-02-10 05:59:10 +0000[diff] [blame]80 _rook_ceph_cluster_leader_addr: "{{ _rook_ceph_cluster_leader_mon.public_addr.split('/')[0] }}"
81
82- name: Deploy Helm chart
83 run_once: true
84 kubernetes.core.helm:
85 name: "{{ rook_ceph_cluster_helm_release_name }}"
86 chart_ref: "{{ rook_ceph_cluster_helm_chart_ref }}"
87 release_namespace: "{{ rook_ceph_cluster_helm_release_namespace }}"
88 create_namespace: true
89 kubeconfig: /etc/kubernetes/admin.conf
90 values: "{{ _rook_ceph_cluster_helm_values | combine(rook_ceph_cluster_helm_values, recursive=True) }}"
91
92- name: Create OpenStack user
93 openstack.cloud.identity_user:
94 cloud: atmosphere
95 name: "{{ openstack_helm_endpoints.identity.auth.rgw.username }}"
96 password: "{{ openstack_helm_endpoints.identity.auth.rgw.password }}"
97 domain: service
98
99- name: Grant access to "service" project
100 openstack.cloud.role_assignment:
101 cloud: atmosphere
102 domain: service
103 user: "{{ openstack_helm_endpoints.identity.auth.rgw.username }}"
104 project: service
105 role: admin
106
107- name: Create OpenStack service
108 openstack.cloud.catalog_service:
109 cloud: atmosphere
110 name: swift
111 service_type: object-store
112 description: OpenStack Object Storage
113
114- name: Create OpenStack endpoints
115 openstack.cloud.endpoint:
116 cloud: atmosphere
117 service: swift
118 endpoint_interface: "{{ item.interface }}"
119 url: "{{ item.url }}"
120 region: "{{ openstack_helm_endpoints.identity.auth.rgw.region_name }}"
121 loop:
122 - interface: public
123 url: "https://{{ openstack_helm_endpoints.rook_ceph_cluster.host_fqdn_override.public.host }}/swift/v1/%(tenant_id)s"
124 - interface: internal
125 url: "http://rook-ceph-rgw-ceph.openstack.svc.cluster.local/swift/v1/%(tenant_id)s"
126
127- name: Create Ingress
128 ansible.builtin.include_role:
129 name: openstack_helm_ingress
130 vars:
131 openstack_helm_ingress_endpoint: rook_ceph_cluster
132 openstack_helm_ingress_service_name: rook-ceph-rgw-ceph
133 openstack_helm_ingress_service_port: 80
134 openstack_helm_ingress_annotations: "{{ _rook_ceph_cluster_radosgw_annotations | combine(rook_ceph_cluster_radosgw_annotations, recursive=True) }}"