openstack/openstack-ansible-ceph_client
Code Issues Proposed changes

Fix linters and metadata

Browse Source 
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: Idb2dd6cd4bbf815e4b32c9bfbe9a66f33e1c4b97
This commit is contained in:
Dmitriy Rabotyagov 2023-07-12 11:00:56 +02:00 committed by Dmitriy Rabotyagov
parent 22a63c5918
commit 94a58e398b
15 changed files with 130 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -125,7 +125,8 @@ ceph_client_ceph_conf_overrides: "{{ ceph_conf_overrides | default({}) }}"
# CentOS repos
ceph_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}"
ceph_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}"
ceph_centos_epel_key: >-
{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}
# Immutible object cache - caches a read-only base layer of rbd volumes
ceph_immutable_object_cache_enabled: False

1
handlers/main.yml
View File

@ -18,4 +18,3 @@
state: restarted
with_items: "{{ ceph_client_filtered_services }}"
failed_when: false

12
meta/main.yml
View File

@ -17,21 +17,23 @@ galaxy_info:
author: openstack
description: Installation and configuration of the ceph client
company: OpenStack Foundation
role_name: ceph_client
namespace: openstack
license: Apache2
min_ansible_version: 2.2
min_ansible_version: "2.10"
platforms:
- name: Debian
versions:
- buster
- bullseye
- name: Ubuntu
versions:
- bionic
- focal
- jammy
- name: EL
versions:
- 8
- "9"
categories:
galaxy_tags:
- cloud
- ceph
- development

14
tasks/ceph_auth.yml
View File

@ -17,10 +17,12 @@
group:
name: "{{ cephkeys_access_group }}"
- include_tasks: ceph_get_keyrings_from_mons.yml
- name: Including ceph_get_keyrings_from_mons tasks
include_tasks: ceph_get_keyrings_from_mons.yml
when: ceph_keyrings_dir is not defined
- include_tasks: ceph_get_keyrings_from_files.yml
- name: Including ceph_get_keyrings_from_files tasks
include_tasks: ceph_get_keyrings_from_files.yml
when: ceph_keyrings_dir is defined
- name: Add OpenStack service to cephkeys_access_group group
@ -63,7 +65,7 @@
- always
- name: Define libvirt nova secret
command: virsh secret-define --file /tmp/nova-secret.xml
command: virsh secret-define --file /tmp/nova-secret.xml # noqa: no-changed-when
when:
- inventory_hostname in groups.nova_compute
- libvirt_nova_defined.rc is defined
@ -114,7 +116,8 @@
- ceph_extra_confs is defined
- inventory_hostname in groups[item]
- include_tasks: ceph_auth_extra.yml
- name: Including ceph_auth_extra tasks
include_tasks: ceph_auth_extra.yml
when:
- ceph_in_extra_auth_group is defined
- ceph_in_extra_auth_group | bool
@ -127,7 +130,8 @@
- inventory_hostname in groups[ceph_extra_compute_group]
- item.secret_uuid is defined
- include_tasks: ceph_auth_extra_compute.yml
- name: Including ceph_auth_extra_compute tasks
include_tasks: ceph_auth_extra_compute.yml
when:
- ceph_extra_nova_uuid is defined
- ceph_extra_nova_uuid | bool

10
tasks/ceph_auth_extra.yml
View File

@ -15,8 +15,12 @@
- name: Create keyring files for openstack clients from extra cluster(s)
shell: "ceph auth get client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} >/dev/null && ceph auth get-or-create client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp"
shell: >-
ceph auth get client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} >/dev/null &&
ceph auth get-or-create client.{{ item.client_name }} --cluster {{ ceph_cluster_name }}
> /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp
with_items: "{{ ceph_extra_confs }}"
changed_when: false
delegate_to: "{{ item.mon_host }}"
when:
- item.client_name is defined
@ -36,7 +40,7 @@
file:
path: "{{ item.keyring_src }}"
state: file
mode: 0600
mode: "0600"
delegate_to: localhost
with_items: "{{ ceph_extra_confs }}"
when:
@ -59,7 +63,7 @@
dest: "{{ item.keyring_dest }}"
owner: root
group: "{{ cephkeys_access_group }}"
mode: 0640
mode: "0640"
notify:
- Restart os services
with_items: "{{ ceph_extra_confs }}"

19
tasks/ceph_auth_extra_compute.yml
View File

@ -15,15 +15,20 @@
- name: Create key files for nova_compute on extra cluster(s)
shell: "ceph auth get-key client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp"
shell: >-
ceph auth get-key client.{{ item.client_name }} --cluster {{ ceph_cluster_name }}
> /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp
with_items: "{{ ceph_extra_confs }}"
changed_when: false
delegate_to: "{{ item.mon_host }}"
when:
- item.client_name is defined
- item.mon_host is defined
- name: Get extra key files
command: "scp {{ item.mon_host }}:/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp"
command: >-
scp {{ item.mon_host }}:/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp
/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp
changed_when: false
delegate_to: localhost
with_items: "{{ ceph_extra_confs }}"
@ -35,6 +40,7 @@
copy:
src: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp"
dest: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp"
mode: "0640"
with_items: "{{ ceph_extra_confs }}"
when:
- item.mon_host is defined
@ -44,6 +50,7 @@
copy:
src: "{{ item.keyring_src }}"
dest: "/tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp"
mode: "0640"
with_items: "{{ ceph_extra_confs }}"
when:
- item.keyring_src is defined
@ -125,7 +132,7 @@
tags:
- always
- name: Set extra secret value(s) in libvirt from monitor host
- name: Set extra secret value(s) in libvirt from monitor host # noqa: no-changed-when
shell: "virsh secret-set-value --secret {{ item.secret_uuid }} --base64 $(cat /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp)"
loop: "{{ ceph_extra_confs }}"
loop_control:
@ -138,8 +145,10 @@
notify:
- Restart os services
- name: Set extra secret value(s) in libvirt from keyring
shell: "virsh secret-set-value --secret {{ item.secret_uuid }} --base64 $(awk '/key = /{print $3}' /tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp)"
- name: Set extra secret value(s) in libvirt from keyring # noqa: no-changed-when
shell: >-
virsh secret-set-value --secret {{ item.secret_uuid }} --base64
$(awk '/key = /{print $3}' /tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp)
loop: "{{ ceph_extra_confs }}"
loop_control:
index_var: index

5
tasks/ceph_config.yml
View File

@ -48,7 +48,7 @@
dest: "/etc/ceph/{{ ceph_cluster_name }}.conf"
owner: root
group: root
mode: 0644
mode: "0644"
config_type: ini
config_overrides: '{{ ceph_client_ceph_conf_overrides }}'
notify:
@ -62,7 +62,8 @@
- inventory_hostname in groups[item]
with_items: "{{ ceph_extra_config_groups }}"
- include_tasks: ceph_config_extra.yml
- name: Including ceph_config_extra tasks
include_tasks: ceph_config_extra.yml
when:
- ceph_in_extra_config_group is defined
- ceph_in_extra_config_group | bool

3
tasks/ceph_config_extra.yml
View File

@ -29,7 +29,7 @@
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
mode: "0644"
notify:
- Restart os services
with_items: "{{ ceph_extra_confs }}"
@ -43,6 +43,7 @@
section: "client.{{ item.client_name }}"
option: keyring
value: "{{ item.keyring_dest }}"
mode: "0640"
with_items: "{{ ceph_extra_confs }}"
when:
- item.src is defined

3
tasks/ceph_get_keyrings_from_files.yml
View File

@ -36,7 +36,8 @@
- name: From files | Provision ceph client keyrings
copy:
dest: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item['name'] }}.keyring"
content: "{{ ceph_client_keys[item['name']] }}\n" # noqa 206
content: |
{{ ceph_client_keys[item['name']] }}
owner: "{{ client['owner'] | default('root') }}"
group: "{{ client['group'] | default(cephkeys_access_group) }}"
# ideally the permission will be: 0600 and the owner/group will be either

5
tasks/ceph_get_keyrings_from_mons.yml
View File

@ -20,7 +20,9 @@
# the first get makes sure the client exists, so the second only runs when it
# exists, the trick is the different output of both, the second has the right
# output to put in a keyring; ceph admin should have already created the user
shell: "ceph auth get client.{{ item['name'] }} --cluster {{ ceph_cluster_name }} >/dev/null && ceph auth get-or-create client.{{ item['name'] }} --cluster {{ ceph_cluster_name }}"
shell: >-
ceph auth get client.{{ item['name'] }} --cluster {{ ceph_cluster_name }} >/dev/null &&
ceph auth get-or-create client.{{ item['name'] }} --cluster {{ ceph_cluster_name }}
with_items: "{{ ceph_client_filtered_clients }}"
changed_when: false
delegate_to: '{{ ceph_mon_host }}'
@ -64,4 +66,3 @@
register: ceph_nova_secret
tags:
- always

11
tasks/ceph_immutable_object_cache.yml
View File

@ -35,7 +35,16 @@
systemd_overrides:
Service:
UMask: "{{ ceph_immutable_object_cache_umask }}"
ExecStart: "{{ ['', '/usr/bin/ceph-immutable-object-cache -f --cluster ${CLUSTER} --name client.immutable-object-cache --setuser ' ~ ceph_immutable_object_cache_owner ~ ' --setgroup ' ~ ceph_immutable_object_cache_group ] }}"
ExecStart: >-
{{
[
'',
'/usr/bin/ceph-immutable-object-cache -f --cluster ${CLUSTER} --name client.immutable-object-cache --setuser ' ~
ceph_immutable_object_cache_owner ~
' --setgroup ' ~
ceph_immutable_object_cache_group
]
}}
- name: Ensure ceph immutable object cache service is running
service:

7
tasks/ceph_preinstall_apt.yml
View File

@ -32,7 +32,12 @@
with_items: "{{ ceph_gpg_keys | selectattr('file', 'defined') | list }}"
- name: Add ceph apt-keys
apt_key: "{{ key }}"
apt_key:
data: "{{ key['data'] | default(omit) }}"
file: "{{ key['file'] | default(omit) }}"
id: "{{ key['id'] | default(omit) }}"
state: "{{ key['state'] | default('present') }}"
url: "{{ key['url'] | default(omit) }}"
with_items: "{{ ceph_gpg_keys }}"
loop_control:
loop_var: key

6
tasks/ceph_preinstall_dnf.yml
View File

@ -17,6 +17,7 @@
get_url:
url: "{{ ceph_centos_epel_key }}"
dest: /etc/pki/rpm-gpg
mode: "0640"
register: _get_yum_keys
until: _get_yum_keys is success
retries: 5
@ -54,7 +55,10 @@
- ceph_pkg_source == 'ceph'
- name: Install Ceph gpg keys
rpm_key: "{{ key }}"
rpm_key:
key: "{{ key['key'] }}"
fingerprint: "{{ key['fingerprint'] | default(omit) }}"
state: "{{ key['state'] | default('present') }}"
with_items: "{{ ceph_gpg_keys }}"
loop_control:
loop_var: key

21
tasks/main.yml
View File

@ -41,38 +41,45 @@
when:
- ceph_pkg_source not in ['ceph', 'distro']
- include_tasks: "ceph_preinstall_{{ ansible_facts['pkg_mgr'] }}.yml"
- name: Including ceph_preinstall tasks
include_tasks: "ceph_preinstall_{{ ansible_facts['pkg_mgr'] }}.yml"
when:
- ceph_pkg_source != 'distro'
tags:
- ceph-install
- include_tasks: ceph_install.yml
- name: Including ceph_install tasks
include_tasks: ceph_install.yml
tags:
- ceph-install
- include_tasks: ceph_install_python_libs.yml
- name: Including ceph_install_python_libs tasks
include_tasks: ceph_install_python_libs.yml
when:
- openstack_service_venv_bin | length > 0
tags:
- ceph-install
- include_tasks: ceph_get_mon_host.yml
- name: Including ceph_get_mon_host tasks
include_tasks: ceph_get_mon_host.yml
when: ceph_conf_file is not defined or ceph_keyrings_dir is not defined
tags:
- ceph-config
- include_tasks: ceph_config.yml
- name: Including ceph_config tasks
include_tasks: ceph_config.yml
tags:
- ceph-config
- include_tasks: ceph_auth.yml
- name: Including ceph_auth tasks
include_tasks: ceph_auth.yml
when:
- cephx | bool
tags:
- ceph-config
- include_tasks: ceph_immutable_object_cache.yml
- name: Including ceph_immutable_object_cache tasks
include_tasks: ceph_immutable_object_cache.yml
when:
- ceph_immutable_object_cache_enabled | bool
tags: