├── .gitignore ├── .gitreview ├── CONTRIBUTING.rst ├── LICENSE ├── README.rst ├── Vagrantfile ├── bindep.txt ├── defaults └── main.yml ├── doc ├── Makefile ├── requirements.txt └── source │ ├── _static │ └── .gitkeep │ ├── conf.py │ ├── config-from-file.rst │ ├── config-immutable-object-cache.rst │ ├── config-persistent-write-log-cache.rst │ ├── configure-ceph.rst │ └── index.rst ├── examples ├── ceph-keyrings │ └── glance.keyring.example ├── playbook.yml └── user_variables.yml.ceph-config.example ├── files └── gpg │ ├── 460f3994 │ └── ceph_com_keys_release ├── handlers └── main.yml ├── manual-test.rc ├── meta ├── main.yml └── openstack-ansible.yml ├── releasenotes ├── notes │ ├── .placeholder │ ├── Add-CentOS-support-05f2d1302b7ee2e7.yaml │ ├── align_ceph_repo_vars-222f6af6a7d349a2.yaml │ ├── apt-source-filenamed-4b0f490c2bd97c19.yaml │ ├── ceph-caches-a12dbce748838ddc.yaml │ ├── ceph-extra-components-71f1c130b9b47ba5.yaml │ ├── ceph-pkg-src-remove-uca-4ef147673821ed9b.yaml │ ├── ceph_ceph_conf_overrides-7b3a09ac34f94a6b.yaml │ ├── ceph_cluster_name-d391e623588b3008.yaml │ ├── ceph_components_format-3a947aa47ed2ff71.yaml │ ├── ceph_keyrings_in_files-7d6a01e64861f8c6.yaml │ ├── distribute-extra-keys-d01164639ff9bdf9.yaml │ ├── extra-ceph-clusters-00ad154ffb0589a6.yaml │ ├── extra-ceph-conf-337b9371b49219ff.yaml │ ├── jewel-default-release-cf139062bb5fc972.yaml │ ├── libvirt_packages-e826dec75312c077.yaml │ ├── manila-63e49e98c888385d.yaml │ ├── move-gnocchi-component-118ae07fce3562e1.yaml │ ├── renamed_variable_python_ceph_package-9575466eb146e500.yaml │ └── use_vendored_gpg_keys-f268bd4f4cb7d105.yaml └── source │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ ├── newton.rst │ ├── ocata.rst │ ├── pike.rst │ ├── queens.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── unreleased.rst │ ├── ussuri.rst │ └── zed.rst ├── run_tests.sh ├── tasks ├── ceph_auth.yml ├── ceph_auth_extra.yml ├── ceph_auth_extra_compute.yml ├── ceph_config.yml ├── ceph_config_extra.yml ├── ceph_get_keyrings_from_files.yml ├── ceph_get_keyrings_from_mons.yml ├── ceph_get_mon_host.yml ├── ceph_immutable_object_cache.yml ├── ceph_install.yml ├── ceph_install_python_libs.yml ├── ceph_preinstall_apt.yml ├── ceph_preinstall_dnf.yml └── main.yml ├── templates ├── ceph.client.keyring.j2 ├── ceph.conf.j2 └── secret.xml.j2 ├── tests ├── ansible-role-requirements.yml ├── inventory └── test.yml ├── tox.ini ├── vars ├── debian.yml ├── main.yml └── redhat.yml └── zuul.d └── project.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Add patterns in here to exclude files created by tools integrated with this 2 | # repository, such as test frameworks from the project's recommended workflow, 3 | # rendered documentation and package builds. 4 | # 5 | # Don't add patterns to exclude files created by preferred personal tools 6 | # (editors, IDEs, your operating system itself even). These should instead be 7 | # maintained outside the repository, for example in a ~/.gitignore file added 8 | # with: 9 | # 10 | # git config --global core.excludesfile '~/.gitignore' 11 | 12 | # Compiled source # 13 | ################### 14 | *.com 15 | *.class 16 | *.dll 17 | *.exe 18 | *.o 19 | *.so 20 | *.pyc 21 | build/ 22 | dist/ 23 | doc/build/ 24 | 25 | # Packages # 26 | ############ 27 | # it's better to unpack these files and commit the raw source 28 | # git has its own built in compression methods 29 | *.7z 30 | *.dmg 31 | *.gz 32 | *.iso 33 | *.jar 34 | *.rar 35 | *.tar 36 | *.zip 37 | 38 | # Logs and databases # 39 | ###################### 40 | *.log 41 | *.sql 42 | *.sqlite 43 | logs/* 44 | 45 | # OS generated files # 46 | ###################### 47 | ._* 48 | .ansible 49 | .tox 50 | *.egg-info 51 | .eggs 52 | 53 | # Generated by pbr while building docs 54 | ###################################### 55 | AUTHORS 56 | ChangeLog 57 | 58 | # Files created by releasenotes build 59 | releasenotes/build 60 | 61 | # Test temp files 62 | tests/common 63 | tests/*.retry 64 | 65 | # Vagrant artifacts 66 | .vagrant 67 | 68 | # Git clones 69 | openstack-ansible-ops 70 | previous 71 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/openstack-ansible-ceph_client.git 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/openstack-ansible 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/openstack-ansible 15 | 16 | For more specific information about contributing to this repository, see the 17 | openstack-ansible contributor guide: 18 | 19 | https://docs.openstack.org/openstack-ansible/latest/contributor/contributing.html 20 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | OpenStack-Ansible Ceph client 3 | ============================= 4 | 5 | This Ansible role installs the Ceph operating system 6 | packages used to interact with a Ceph cluster. 7 | 8 | Documentation for the project can be found at: 9 | https://docs.openstack.org/openstack-ansible-ceph_client/latest 10 | 11 | Release notes for the project can be found at: 12 | https://docs.openstack.org/releasenotes/openstack-ansible-ceph_client/ 13 | 14 | The project source code repository is located at: 15 | https://opendev.org/openstack/openstack-ansible-ceph_client/ 16 | 17 | The project home is at: 18 | https://launchpad.net/openstack-ansible 19 | 20 | The project bug tracker is located at: 21 | https://bugs.launchpad.net/openstack-ansible 22 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # Note: 2 | # This file is maintained in the openstack-ansible-tests repository. 3 | # https://opendev.org/openstack/openstack-ansible-tests/src/Vagrantfile 4 | # 5 | # If you need to perform any change on it, you should modify the central file, 6 | # then, an OpenStack CI job will propagate your changes to every OSA repository 7 | # since every repo uses the same Vagrantfile 8 | 9 | # Verify whether required plugins are installed. 10 | required_plugins = [ "vagrant-disksize" ] 11 | required_plugins.each do |plugin| 12 | if not Vagrant.has_plugin?(plugin) 13 | raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" 14 | end 15 | end 16 | 17 | Vagrant.configure(2) do |config| 18 | config.vm.provider "virtualbox" do |v| 19 | v.memory = 6144 20 | v.cpus = 2 21 | # https://github.com/hashicorp/vagrant/issues/9524 22 | v.customize ["modifyvm", :id, "--audio", "none"] 23 | end 24 | 25 | config.vm.synced_folder ".", "/vagrant", type: "rsync" 26 | 27 | config.vm.provision "shell", 28 | privileged: false, 29 | inline: <<-SHELL 30 | cd /vagrant 31 | ./run_tests.sh 32 | SHELL 33 | 34 | config.vm.define "centos8" do |centos8| 35 | centos8.vm.box = "centos/8" 36 | end 37 | 38 | config.vm.define "debian10" do |debian10| 39 | debian10.vm.box = "debian/buster64" 40 | end 41 | 42 | config.vm.define "ubuntu2004" do |focal| 43 | focal.disksize.size = "40GB" 44 | focal.vm.box = "ubuntu/focal64" 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This file facilitates OpenStack-CI package installation 2 | # before the execution of any tests. 3 | # 4 | # See the following for details: 5 | # - https://docs.openstack.org/infra/bindep/ 6 | # - https://opendev.org/openstack-infra/bindep 7 | # 8 | # Even if the role does not make use of this facility, it 9 | # is better to have this file empty, otherwise OpenStack-CI 10 | # will fall back to installing its default packages which 11 | # will potentially be detrimental to the tests executed. 12 | # 13 | # Note: 14 | # This file is maintained in the openstack-ansible-tests repository. 15 | # https://opendev.org/openstack/openstack-ansible-tests/src/bindep.txt 16 | # If you need to remove or add extra dependencies, you should modify 17 | # the central file instead and once your change is accepted then update 18 | # this file as well. The purpose of this file is to ensure that Python and 19 | # Ansible have all their necessary binary requirements on the test host before 20 | # tox executes. Any binary requirements needed by services/roles should be 21 | # installed by those roles in their applicable package install tasks, not through 22 | # using this file. 23 | # 24 | 25 | # The gcc compiler 26 | gcc 27 | 28 | # Base requirements for Ubuntu 29 | git-core [platform:dpkg] 30 | libssl-dev [platform:dpkg] 31 | libffi-dev [platform:dpkg] 32 | python3 [platform:dpkg] 33 | python3-apt [platform:dpkg] 34 | python3-dev [platform:dpkg] 35 | 36 | # Base requirements for RPM distros 37 | gcc-c++ [platform:rpm] 38 | git [platform:rpm] 39 | libffi-devel [platform:rpm] 40 | openssl-devel [platform:rpm] 41 | python3-dnf [platform:fedora] 42 | python3-devel [platform:rpm] 43 | 44 | # For SELinux 45 | libselinux-python3 [platform:redhat] 46 | libsemanage-python3 [platform:redhat] 47 | iptables [platform:redhat] 48 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # Copyright 2016 IBM Corp 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Set the package install state for distribution packages 18 | # Options are 'present' and 'latest' 19 | ceph_client_package_state: "{{ package_state | default('latest') }}" 20 | 21 | # to use Ceph in OSA, you need to 22 | # - have the needed pools and a client user (for glance, cinder and/or nova) 23 | # pre-provisioned in your ceph cluster; OSA assumes to have root access to 24 | # the monitor hosts 25 | # - configure / overrules following defaults in osa's user config 26 | # - some ceph specific vars are (also) part of other role defaults: 27 | # * glance 28 | # * nova 29 | # - cinder gets configured with ceph if there are cinder backends defined with 30 | # the rbd driver (see openstack_user_config.yml.example) 31 | 32 | # The ceph_pkg_source variable controls the install source for the Ceph packages. 33 | # Valid values include: 34 | # * ceph This option installs Ceph from a ceph.com repo. Additional variables to 35 | # adjust items such as Ceph release and regional download mirror can be found 36 | # in vars/*.yml 37 | # 38 | # * distro This options installs Ceph from the operating system's default repository and 39 | # unlike the other options does not attempt to manage package keys or add additional 40 | # package repositories. 41 | ceph_pkg_source: ceph 42 | ceph_stable_release: reef 43 | ceph_apt_pinned_packages: 44 | - package: "*" 45 | release: "ceph.com" 46 | priority: 1001 47 | ceph_repo_url_region: "download" # see here for other mirros http://docs.ceph.com/docs/master/install/mirrors/ 48 | ceph_repo_url: https://{{ ceph_repo_url_region }}.ceph.com/{{ _ceph_repo_distro_suffix }}-{{ ceph_stable_release }} 49 | ceph_repos: "{{ _ceph_repos }}" 50 | 51 | # Mappings from Ansible reported architecture to distro release architecture 52 | ceph_architecture_mapping: 53 | x86_64: amd64 54 | ppc64le: ppc64el 55 | s390x: s390x 56 | armv7l: armhf 57 | aarch64: arm64 58 | 59 | # Ceph Authentication 60 | cephx: true 61 | 62 | # Ceph Monitors 63 | # A list of the IP addresses for your Ceph monitors 64 | ceph_mons: [] 65 | 66 | # Name of ceph cluster that we interact with. 67 | # It would affect config file name and commands issued to the cluster. 68 | ceph_cluster_name: ceph 69 | 70 | # Path to local ceph.conf file 71 | # Leave this commented to obtain a ceph.conf from one of the monitors defined in ceph_mons 72 | # ceph_conf_file: | 73 | # [global] 74 | # fsid = 4037aa5f-abde-4378-9470-f73dbd6ceaba 75 | # mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local 76 | # mon_host = 10.16.5.40,10.16.5.41,10.16.5.42 77 | # auth_cluster_required = cephx 78 | # auth_service_required = cephx 79 | # auth_client_required = cephx 80 | 81 | # Path to local keyrings directory 82 | # If you want to provide keyrings from existing files, because you do not have ssh access to the monitors 83 | # set the path to the repository containing the keyrings files. 84 | # ie : ceph_keyrings_dir: /etc/openstack_deploy/ceph-conf 85 | # The filenames inside the keyring directory must be in the structure of client-name.keyring 86 | # ie: /etc/openstack_deploy/ceph-conf 87 | # cinder.keyring 88 | # glance.keyring 89 | # etc.. 90 | # ceph_keyrings_dir: "/etc/openstack/ceph-keyrings" 91 | 92 | # Ceph client usernames for glance, cinder+nova, gnocchi and object cache 93 | glance_ceph_client: glance 94 | cinder_ceph_client: cinder 95 | manila_ceph_client: manila 96 | cinder_backup_ceph_client: cinder-backup 97 | gnocchi_ceph_client: gnocchi 98 | immutable_object_cache_client: immutable-object-cache 99 | 100 | # by default we assume you use rbd for both cinder and nova, and as libvirt 101 | # needs to access both volumes (cinder) as boot disks (nova) we default to 102 | # reuse the cinder_ceph_client 103 | # only need to change this if you'd use ceph for boot disks and not for volumes 104 | nova_ceph_client: "{{ cinder_ceph_client }}" 105 | 106 | # overruled in user_secrets: 107 | # nova_ceph_client_uuid: 108 | 109 | cephkeys_access_group: ceph 110 | 111 | openstack_service_system_user: 112 | 113 | ceph_cinder_service_names: 114 | - cinder-volume 115 | - cinder-backup 116 | 117 | ceph_nova_service_names: 118 | - nova-compute 119 | 120 | ceph_manila_service_names: 121 | - manila-api 122 | - manila-data 123 | - manila-share 124 | 125 | ceph_glance_service_names: 126 | - glance-api 127 | 128 | ceph_gnocchi_service_names: 129 | - gnocchi-api 130 | - gnocchi-metricd 131 | 132 | ceph_extra_auth_groups: "{{ ceph_extra_config_groups }}" 133 | ceph_extra_config_groups: 134 | - cinder_backup 135 | - cinder_volume 136 | ceph_extra_compute_group: nova_compute 137 | 138 | ceph_client_ceph_conf_overrides: "{{ ceph_conf_overrides | default({}) }}" 139 | 140 | # CentOS repos 141 | ceph_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}" 142 | ceph_centos_epel_key: >- 143 | {{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }} 144 | 145 | # Immutible object cache - caches a read-only base layer of rbd volumes 146 | ceph_immutable_object_cache_enabled: false 147 | ceph_immutable_object_cache_service_name: "ceph-immutable-object-cache@" 148 | ceph_immutable_object_cache_dir: "/ceph-immutable-object-cache" 149 | ceph_immutable_object_cache_socket: "/run/ceph/immutable_object_cache_sock" 150 | ceph_immutable_object_cache_umask: "0002" 151 | ceph_immutable_object_cache_owner: "ceph" 152 | ceph_immutable_object_cache_group: "libvirt-qemu" 153 | ceph_immutable_object_cache_mode: "0775" 154 | ceph_immutable_object_cache_key_owner: "{{ ceph_immutable_object_cache_owner }}" 155 | ceph_immutable_object_cache_key_group: "{{ ceph_immutable_object_cache_group }}" 156 | 157 | ceph_persistent_write_log_cache_enabled: false 158 | ceph_persistent_write_log_cache_dir: "/rbd-write-log-cache" 159 | ceph_persistent_write_log_cache_owner: "libvirt-qemu" 160 | ceph_persistent_write_log_cache_group: "ceph" 161 | ceph_persistent_write_log_cache_mode: "0775" 162 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " applehelp to make an Apple Help Book" 34 | @echo " devhelp to make HTML files and a Devhelp project" 35 | @echo " epub to make an epub" 36 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 37 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 38 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 39 | @echo " text to make text files" 40 | @echo " man to make manual pages" 41 | @echo " texinfo to make Texinfo files" 42 | @echo " info to make Texinfo files and run them through makeinfo" 43 | @echo " gettext to make PO message catalogs" 44 | @echo " changes to make an overview of all changed/added/deprecated items" 45 | @echo " xml to make Docutils-native XML files" 46 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 47 | @echo " linkcheck to check all external links for integrity" 48 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 49 | @echo " coverage to run coverage check of the documentation (if enabled)" 50 | 51 | clean: 52 | rm -rf $(BUILDDIR)/* 53 | 54 | html: 55 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 56 | @echo 57 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 58 | 59 | dirhtml: 60 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 61 | @echo 62 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 63 | 64 | singlehtml: 65 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 66 | @echo 67 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 68 | 69 | pickle: 70 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 71 | @echo 72 | @echo "Build finished; now you can process the pickle files." 73 | 74 | json: 75 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 76 | @echo 77 | @echo "Build finished; now you can process the JSON files." 78 | 79 | htmlhelp: 80 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 81 | @echo 82 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 83 | ".hhp project file in $(BUILDDIR)/htmlhelp." 84 | 85 | qthelp: 86 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 87 | @echo 88 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 89 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 90 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-ceph_client.qhcp" 91 | @echo "To view the help file:" 92 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-ceph_client.qhc" 93 | 94 | applehelp: 95 | $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp 96 | @echo 97 | @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." 98 | @echo "N.B. You won't be able to view it unless you put it in" \ 99 | "~/Library/Documentation/Help or install it in your application" \ 100 | "bundle." 101 | 102 | devhelp: 103 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 104 | @echo 105 | @echo "Build finished." 106 | @echo "To view the help file:" 107 | @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-ceph_client" 108 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-ceph_client" 109 | @echo "# devhelp" 110 | 111 | epub: 112 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 113 | @echo 114 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 115 | 116 | latex: 117 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 118 | @echo 119 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 120 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 121 | "(use \`make latexpdf' here to do that automatically)." 122 | 123 | latexpdf: 124 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 125 | @echo "Running LaTeX files through pdflatex..." 126 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 127 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 128 | 129 | latexpdfja: 130 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 131 | @echo "Running LaTeX files through platex and dvipdfmx..." 132 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 133 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 134 | 135 | text: 136 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 137 | @echo 138 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 139 | 140 | man: 141 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 142 | @echo 143 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 144 | 145 | texinfo: 146 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 147 | @echo 148 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 149 | @echo "Run \`make' in that directory to run these through makeinfo" \ 150 | "(use \`make info' here to do that automatically)." 151 | 152 | info: 153 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 154 | @echo "Running Texinfo files through makeinfo..." 155 | make -C $(BUILDDIR)/texinfo info 156 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 157 | 158 | gettext: 159 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 160 | @echo 161 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 162 | 163 | changes: 164 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 165 | @echo 166 | @echo "The overview file is in $(BUILDDIR)/changes." 167 | 168 | linkcheck: 169 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 170 | @echo 171 | @echo "Link check complete; look for any errors in the above output " \ 172 | "or in $(BUILDDIR)/linkcheck/output.txt." 173 | 174 | doctest: 175 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 176 | @echo "Testing of doctests in the sources finished, look at the " \ 177 | "results in $(BUILDDIR)/doctest/output.txt." 178 | 179 | coverage: 180 | $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage 181 | @echo "Testing of coverage in the sources finished, look at the " \ 182 | "results in $(BUILDDIR)/coverage/python.txt." 183 | 184 | xml: 185 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 186 | @echo 187 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 188 | 189 | pseudoxml: 190 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 191 | @echo 192 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 193 | 194 | livehtml: html 195 | sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 196 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | # WARNING: 6 | # This file is maintained in the openstack-ansible-tests repository. 7 | # https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt 8 | # If you need to modify this file, update the one in the 9 | # openstack-ansible-tests repository. Once it merges there, the changes will 10 | # automatically be proposed to all the repositories which use it. 11 | 12 | sphinx>=2.0.0,!=2.1.0 # BSD 13 | sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD 14 | openstackdocstheme>=2.2.1 # Apache-2.0 15 | reno>=3.1.0 # Apache-2.0 16 | doc8>=0.6.0 # Apache-2.0 17 | -------------------------------------------------------------------------------- /doc/source/_static/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-ceph_client/99e042710ca2d3bec711c969eb3839f20f667ceb/doc/source/_static/.gitkeep -------------------------------------------------------------------------------- /doc/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'sphinx.ext.autodoc', 41 | 'sphinxcontrib.rsvgconverter', 42 | ] 43 | 44 | # Add any paths that contain templates here, relative to this directory. 45 | templates_path = ['_templates'] 46 | 47 | # The suffix(es) of source filenames. 48 | # You can specify multiple suffix as a list of string: 49 | # source_suffix = ['.rst', '.md'] 50 | source_suffix = '.rst' 51 | 52 | # The encoding of source files. 53 | # source_encoding = 'utf-8-sig' 54 | 55 | # The master toctree document. 56 | master_doc = 'index' 57 | 58 | # General information about the project. 59 | author = 'OpenStack-Ansible Contributors' 60 | category = 'Miscellaneous' 61 | copyright = '2014-2016, OpenStack-Ansible Contributors' 62 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 63 | project = 'OpenStack-Ansible' 64 | role_name = 'ceph_client' 65 | target_name = 'openstack-ansible-' + role_name 66 | title = 'OpenStack-Ansible Documentation: ' + role_name + ' role' 67 | 68 | # openstackdocstheme options 69 | openstackdocs_repo_name = 'openstack/' + target_name 70 | openstackdocs_pdf_link = True 71 | openstackdocs_bug_project = project.lower() 72 | openstackdocs_bug_tag = '' 73 | 74 | # The language for content autogenerated by Sphinx. Refer to documentation 75 | # for a list of supported languages. 76 | # 77 | # This is also used if you do content translation via gettext catalogs. 78 | # Usually you set "language" from the command line for these cases. 79 | language = 'en' 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | # If true, `todo` and `todoList` produce output, else they produce nothing. 116 | todo_include_todos = False 117 | 118 | 119 | # -- Options for HTML output ---------------------------------------------- 120 | 121 | # The theme to use for HTML and HTML Help pages. See the documentation for 122 | # a list of builtin themes. 123 | html_theme = 'openstackdocs' 124 | 125 | # Theme options are theme-specific and customize the look and feel of a theme 126 | # further. For a list of options available for each theme, see the 127 | # documentation. 128 | # html_theme_options = {} 129 | 130 | # Add any paths that contain custom themes here, relative to this directory. 131 | # html_theme_path = [] 132 | 133 | # The name for this set of Sphinx documents. If None, it defaults to 134 | # " v documentation". 135 | # html_title = None 136 | 137 | # A shorter title for the navigation bar. Default is the same as html_title. 138 | # html_short_title = None 139 | 140 | # The name of an image file (relative to this directory) to place at the top 141 | # of the sidebar. 142 | # html_logo = None 143 | 144 | # The name of an image file (within the static path) to use as favicon of the 145 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 146 | # pixels large. 147 | # html_favicon = None 148 | 149 | # Add any extra paths that contain custom files (such as robots.txt or 150 | # .htaccess) here, relative to this directory. These files are copied 151 | # directly to the root of the documentation. 152 | # html_extra_path = [] 153 | 154 | # If true, SmartyPants will be used to convert quotes and dashes to 155 | # typographically correct entities. 156 | # html_use_smartypants = True 157 | 158 | # Custom sidebar templates, maps document names to template names. 159 | # html_sidebars = {} 160 | 161 | # Additional templates that should be rendered to pages, maps page names to 162 | # template names. 163 | # html_additional_pages = {} 164 | 165 | # If false, no module index is generated. 166 | # html_domain_indices = True 167 | 168 | # If false, no index is generated. 169 | # html_use_index = True 170 | 171 | # If true, the index is split into individual pages for each letter. 172 | # html_split_index = False 173 | 174 | # If true, links to the reST sources are added to the pages. 175 | # html_show_sourcelink = True 176 | 177 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 178 | # html_show_sphinx = True 179 | 180 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 181 | # html_show_copyright = True 182 | 183 | # If true, an OpenSearch description file will be output, and all pages will 184 | # contain a tag referring to it. The value of this option must be the 185 | # base URL from which the finished HTML is served. 186 | # html_use_opensearch = '' 187 | 188 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 189 | # html_file_suffix = None 190 | 191 | # Language to be used for generating the HTML full-text search index. 192 | # Sphinx supports the following languages: 193 | # 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' 194 | # 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' 195 | # html_search_language = 'en' 196 | 197 | # A dictionary with options for the search language support, empty by default. 198 | # Now only 'ja' uses this config value 199 | # html_search_options = {'type': 'default'} 200 | 201 | # The name of a javascript file (relative to the configuration directory) that 202 | # implements a search results scorer. If empty, the default will be used. 203 | # html_search_scorer = 'scorer.js' 204 | 205 | # Output file base name for HTML help builder. 206 | htmlhelp_basename = target_name + '-docs' 207 | 208 | # -- Options for LaTeX output --------------------------------------------- 209 | 210 | latex_elements = { 211 | # The paper size ('letterpaper' or 'a4paper'). 212 | # 'papersize': 'letterpaper', 213 | 214 | # The font size ('10pt', '11pt' or '12pt'). 215 | # 'pointsize': '10pt', 216 | 217 | # Additional stuff for the LaTeX preamble. 218 | # 'preamble': '', 219 | 220 | # Latex figure (float) alignment 221 | # 'figure_align': 'htbp', 222 | } 223 | 224 | # Grouping the document tree into LaTeX files. List of tuples 225 | # (source start file, target name, title, 226 | # author, documentclass [howto, manual, or own class]). 227 | latex_documents = [ 228 | (master_doc, 'doc-' + target_name + '.tex', 229 | title.replace("_", r"\_"), author, 'manual'), 230 | ] 231 | 232 | latex_use_xindy = False 233 | 234 | # The name of an image file (relative to this directory) to place at the top of 235 | # the title page. 236 | # latex_logo = None 237 | 238 | # For "manual" documents, if this is true, then toplevel headings are parts, 239 | # not chapters. 240 | # latex_use_parts = False 241 | 242 | # If true, show page references after internal links. 243 | # latex_show_pagerefs = False 244 | 245 | # If true, show URL addresses after external links. 246 | # latex_show_urls = False 247 | 248 | # Documents to append as an appendix to all manuals. 249 | # latex_appendices = [] 250 | 251 | # If false, no module index is generated. 252 | # latex_domain_indices = True 253 | 254 | 255 | # -- Options for manual page output --------------------------------------- 256 | 257 | # One entry per manual page. List of tuples 258 | # (source start file, name, description, authors, manual section). 259 | man_pages = [ 260 | (master_doc, target_name, 261 | title, [author], 1) 262 | ] 263 | 264 | # If true, show URL addresses after external links. 265 | # man_show_urls = False 266 | 267 | 268 | # -- Options for Texinfo output ------------------------------------------- 269 | 270 | # Grouping the document tree into Texinfo files. List of tuples 271 | # (source start file, target name, title, author, 272 | # dir menu entry, description, category) 273 | texinfo_documents = [ 274 | (master_doc, target_name, 275 | title, author, project, 276 | description, category), 277 | ] 278 | 279 | # Documents to append as an appendix to all manuals. 280 | # texinfo_appendices = [] 281 | 282 | # If false, no module index is generated. 283 | # texinfo_domain_indices = True 284 | 285 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 286 | # texinfo_show_urls = 'footnote' 287 | 288 | # If true, do not generate a @detailmenu in the "Top" node's menu. 289 | # texinfo_no_detailmenu = False 290 | # -- Options for PDF output -------------------------------------------------- 291 | 292 | pdf_documents = [ 293 | (master_doc, target_name, 294 | title, author) 295 | ] 296 | 297 | locale_dirs = ['locale/'] 298 | -------------------------------------------------------------------------------- /doc/source/config-from-file.rst: -------------------------------------------------------------------------------- 1 | .. _configuration-from-files: 2 | 3 | ============================== 4 | Ceph keyring from file example 5 | ============================== 6 | 7 | OpenStack-Ansible (OSA) allows to deploy an OpenStack environment that uses an 8 | existing Ceph cluster for block storage for images, volumes and instances. 9 | Interaction with the Ceph cluster is normally done using SSH to Ceph MONs. 10 | To avoid the SSH access to the Ceph cluster nodes all necessary client 11 | configurations can be read from files. This example describes what these files 12 | need to contain. 13 | 14 | This example has just a single main requirement. You need to configure a 15 | storage network in your OpenStack environment. Both Ceph services - the MONs 16 | and the OSDs - need to be connected to this storage network, too. On the 17 | OpenStack side you need to connect the affected services to the storage 18 | network. Glance to store images in Ceph, Cinder to create volumes in Ceph and 19 | in most cases the compute nodes to use volumes and maybe store ephemeral discs 20 | in Ceph. 21 | 22 | Network configuration assumptions 23 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 24 | 25 | The following CIDR assignments are used for this environment. 26 | 27 | +-----------------------+-----------------+ 28 | | Network | CIDR | 29 | +=======================+=================+ 30 | | Storage Network | 172.29.244.0/22 | 31 | +-----------------------+-----------------+ 32 | 33 | IP assignments 34 | -------------- 35 | 36 | The following host name and IP address assignments are used for this 37 | environment. 38 | 39 | +------------------+----------------+ 40 | | Host name | Storage IP | 41 | +==================+================+ 42 | | ceph1 | 172.29.244.18 | 43 | +------------------+----------------+ 44 | | ceph2 | 172.29.244.19 | 45 | +------------------+----------------+ 46 | | ceph3 | 172.29.244.20 | 47 | +------------------+----------------+ 48 | 49 | Configuration 50 | ~~~~~~~~~~~~~ 51 | 52 | Environment customizations 53 | -------------------------- 54 | 55 | For a ceph environment, you can run the ``cinder-volume`` in a container. By 56 | default ``cinder-volume`` runs on the host. See 57 | `here `_ 58 | an example how to a service in a container. 59 | 60 | User variables 61 | -------------- 62 | 63 | The ``/etc/openstack_deploy/user_variables.yml`` file defines the global 64 | overrides for the default variables. 65 | 66 | For this example environment, we configure an existing Ceph cluster, that we 67 | want the OpenStack environment to connect to. Your 68 | ``/etc/openstack_deploy/user_variables.yml`` must have the 69 | following content to configure ceph for images, volumes and instances. If not 70 | all necessary block storages should be provided from the Ceph backend, do only 71 | include the block storage you want to store in Ceph: 72 | 73 | .. literalinclude:: ../../examples/user_variables.yml.ceph-config.example 74 | 75 | Ceph keyrings 76 | ------------- 77 | 78 | With the above settings in the ``/etc/openstack_deploy/user_variables.yml`` we 79 | configured to read the credentials for accessing the Ceph cluster in the 80 | ``/etc/openstack_deploy/ceph-keyrings/`` directory. We need to place now the 81 | keyring files for Ceph credentials into this directory. They need to be named 82 | according to the ceph client names, e.g. ``glance.keyring`` according to 83 | ``glance_ceph_client: glance``. See the following example for the file 84 | contents: 85 | 86 | .. literalinclude:: ../../examples/ceph-keyrings/glance.keyring.example 87 | -------------------------------------------------------------------------------- /doc/source/config-immutable-object-cache.rst: -------------------------------------------------------------------------------- 1 | ====================================== 2 | Configuring the Immutable Object Cache 3 | ====================================== 4 | 5 | If a compute node has fast local disks (such as NVMe or PMEM), ceph clients 6 | such as Nova using the RBD interface for volumes can use these disks as a 7 | local read-only cache for volumes created from snapshots, for example, when 8 | a snapshot of a Glance image in the ceph cluster is made in order to create 9 | a bootable Cinder volume. 10 | 11 | The copy-on-write mechanism means that all volumes cloned from the same 12 | snapshot on the same compute host can share this cache and may avoid the 13 | need to repeatedly read from OSDs the same underlying blocks (i.e those from 14 | the original Glance image). New data written to the volume will not be 15 | cached with the Immutable Object Cache. 16 | 17 | The immutable object cache runs a daemon on the client node and must be an 18 | authorised user of the ceph cluster. To enable the immutable object cache 19 | on Nova compute nodes, create the following config in 20 | `/etc/openstack_deploy/group_vars/nova_compute.yml`, taking care to 21 | consider any other use of `ceph_client_ceph_conf_overrides` in the 22 | deployment as the definition should only appear once. 23 | 24 | .. code-block:: yaml 25 | 26 | ceph_immutable_object_cache_enabled: true 27 | 28 | ceph_client_ceph_conf_overrides: 29 | global: 30 | rbd_plugins: parent_cache 31 | rbd_parent_cache_enabled: true 32 | immutable_object_cache_path: /ceph-immutable-object-cache 33 | immutable_object_cache_max_size: 1500G # set max size appropriate to the cache disk capacity 34 | 35 | 36 | As part of the pre-deployment configuration, operators must prepare a 37 | suitable disk and mountpoint which defaults to `/ceph-immutable-object-cache`, 38 | this can be changed by overriding the `ceph_immutable_object_cache_dir` 39 | variable. 40 | 41 | For ceph clusters which are not deployed using OpenStack-Ansible, a keyring 42 | must be created for a immutable object cache client: 43 | 44 | .. code-block:: console 45 | 46 | ceph auth get-or-create client.immutable-object-cache mon 'allow r' osd 'profile rbd-read-only' 47 | 48 | 49 | When the service is deployed and correctly configured, a cache 50 | directory structure will be created inside the cache directory 51 | after a new VM is booted using a disk cloned from a Glance image 52 | or Cinder snapshot. Existing VM will not be cached. 53 | -------------------------------------------------------------------------------- /doc/source/config-persistent-write-log-cache.rst: -------------------------------------------------------------------------------- 1 | ========================================= 2 | Configuring the Peristent Write Log Cache 3 | ========================================= 4 | 5 | The Persistent Write Log Cache is simpler than the Immutable Object Cache 6 | as it is implemented entirely within the RBD client libraries and needs 7 | no extra packages, daemon running or client keyring to be installed. 8 | 9 | As part of compute node preparation: 10 | 11 | Assuming the spare disk available for a write cache is nvme2n1 for example: 12 | 13 | ..code-block:: console 14 | 15 | mkfs.ext4 /dev/nvme2n1 # create ext4 filesystem on disk 16 | mkdir /rbd-write-log-cache 17 | mount /dev/nvme2n1 /rbd-write-log-cache 18 | 19 | 20 | The ceph_client ansible role will ensure that the directory permissions 21 | are set correctly during deployment if 22 | `ceph_persistent_write_log_cache_enabled: True` is set in 23 | `/etc/openstack_deploy/group_vars/nova_compute.yml`. The variable 24 | can be defined globally, or on a per group or per host basis. 25 | 26 | To enable the Persistent Write Log Cache the following config must be 27 | applied to the compute node also through group_vars, so that it is only 28 | enabled on the nova_compute ceph clients. 29 | 30 | Adjust the cache size based on the expected number of volumes mounted on 31 | the compute node and the size of the cache device. The cache size is 32 | allocated on the disk seperately for each pool/volume combination that is 33 | active on the host. 34 | 35 | .. code-block:: yaml 36 | 37 | ceph_client_ceph_conf_overrides: 38 | global: 39 | rbd_plugins = pwl_cache 40 | rbd_persistent_cache_mode = ssd 41 | rbd_persistent_cache_path = /rbd-write-log-cache 42 | rbd_persistent_cache_size = 10G # size of cache used for each active rbd device 43 | 44 | To see the activity within a write-log cache, use the following command 45 | on the compute host `rbd status -n client.cinder /volume-` 46 | 47 | Example: 48 | 49 | .. code-block:: console 50 | 51 | # rbd status -n client.cinder cinder-volumes-nvme/volume-93f5a8fa-2e73-40c8-a9f1-bbeff3a3e6bc 52 | 53 | Watchers: 54 | watcher=10.51.1.134:0/2452041141 client.192434419 cookie=281466789599248 55 | Persistent cache state: 56 | host: compute1a01 57 | path: /rbd-write-log-cache/rbd-pwl.cinder-volumes-nvme.9058c8720de65b.pool 58 | size: 10 GiB 59 | mode: ssd 60 | stats_timestamp: Mon Apr 3 12:13:38 2023 61 | present: true empty: false clean: true 62 | allocated: 48 KiB 63 | cached: 24 KiB 64 | dirty: 0 B 65 | free: 1024 MiB 66 | hits_full: 6 / 0% 67 | hits_partial: 0 / 0% 68 | misses: 160340 69 | hit_bytes: 10 KiB / 0% 70 | miss_bytes: 20 GiB 71 | 72 | 73 | When a new VM is created, a single 10GB file (whose name includes the ceph pool 74 | name and a volume id) will be created in the `/rbd-write-log-cache` directory. 75 | Note this is only used with new VMs created after caching was enabled. 76 | 77 | If both Immutible Object Cache and Persistent Write Log are required to be 78 | enabled on the same node then it is important to define the settings for 79 | both in a single definiton of `ceph_client_ceph_conf_overrides`. 80 | -------------------------------------------------------------------------------- /doc/source/configure-ceph.rst: -------------------------------------------------------------------------------- 1 | ====================================== 2 | Configuring the Ceph client (optional) 3 | ====================================== 4 | 5 | Ceph is a massively scalable, open source, distributed storage system. 6 | 7 | These links provide details on how to use Ceph with OpenStack: 8 | 9 | * `Ceph Block Devices and OpenStack`_ 10 | * `Ceph - The De Facto Storage Backend for OpenStack`_ *(Hong Kong Summit 11 | talk)* 12 | * `OpenStack Config Reference - Ceph RADOS Block Device (RBD)`_ 13 | * `OpenStack-Ansible and Ceph Working Example`_ 14 | 15 | 16 | .. _Ceph Block Devices and OpenStack: http://docs.ceph.com/docs/master/rbd/rbd-openstack/ 17 | .. _Ceph - The De Facto Storage Backend for OpenStack: https://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/ceph-the-de-facto-storage-backend-for-openstack 18 | .. _OpenStack Config Reference - Ceph RADOS Block Device (RBD): https://docs.openstack.org/liberty/config-reference/content/ceph-rados.html 19 | .. _OpenStack-Ansible and Ceph Working Example: https://www.openstackfaq.com/openstack-ansible-ceph/ 20 | 21 | .. note:: 22 | 23 | Configuring Ceph storage servers is outside the scope of this documentation. 24 | 25 | Authentication 26 | ~~~~~~~~~~~~~~ 27 | 28 | We recommend the ``cephx`` authentication method in the `Ceph 29 | config reference`_. OpenStack-Ansible enables ``cephx`` by default for 30 | the Ceph client. You can choose to override this setting by using the 31 | ``cephx`` Ansible variable: 32 | 33 | .. code-block:: yaml 34 | 35 | cephx: False 36 | 37 | Deploy Ceph on a trusted network if disabling ``cephx``. 38 | 39 | .. _Ceph config reference: http://docs.ceph.com/docs/master/rados/configuration/auth-config-ref/ 40 | 41 | Configuration file overrides 42 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 43 | 44 | OpenStack-Ansible provides the ``ceph_conf_file`` variable. This allows 45 | you to specify configuration file options to override the default 46 | Ceph configuration: 47 | 48 | .. code-block:: console 49 | 50 | ceph_conf_file: | 51 | [global] 52 | fsid = 4037aa5f-abde-4378-9470-f73dbd6ceaba 53 | mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local 54 | mon_host = 172.29.244.151,172.29.244.152,172.29.244.153 55 | auth_cluster_required = cephx 56 | auth_service_required = cephx 57 | auth_client_required = cephx 58 | 59 | The use of the ``ceph_conf_file`` variable is optional. By default, 60 | OpenStack-Ansible obtains a copy of ``ceph.conf`` from one of your Ceph 61 | monitors. This transfer of ``ceph.conf`` requires the OpenStack-Ansible 62 | deployment host public key to be deployed to all of the Ceph monitors. More 63 | details are available here: `Deploying SSH Keys`_. 64 | 65 | The following minimal example configuration sets nova and glance 66 | to use ceph pools: ``ephemeral-vms`` and ``images`` respectively. 67 | The example uses ``cephx`` authentication, and requires existing ``glance`` and 68 | ``cinder`` accounts for ``images`` and ``ephemeral-vms`` pools. 69 | 70 | .. code-block:: console 71 | 72 | glance_default_store: rbd 73 | nova_libvirt_images_rbd_pool: ephemeral-vms 74 | 75 | .. _Deploying SSH Keys: https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/targethosts-prepare.html#deploying-secure-shell-ssh-keys 76 | 77 | For a complete example how to provide the necessary configuration for a Ceph 78 | backend without necessary access to Ceph monitors via SSH please see 79 | :ref:`configuration-from-files`. 80 | 81 | Extra client configuration files 82 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 83 | Deployers can specify extra Ceph configuration files to support 84 | multiple Ceph cluster backends via the ``ceph_extra_confs`` variable. 85 | 86 | .. code-block:: console 87 | 88 | ceph_extra_confs: 89 | - src: "/opt/rdb-1.conf" 90 | dest: "/etc/ceph/rdb-1.conf" 91 | - src: "/opt/rdb-2.conf" 92 | dest: "/etc/ceph/rdb-2.conf" 93 | 94 | These config file sources must be present on the deployment host. 95 | 96 | Alternatively, deployers can specify more options in ``ceph_extra_confs`` 97 | to deploy keyrings, ceph.conf files, and configure libvirt secrets. 98 | 99 | .. code-block:: console 100 | 101 | ceph_extra_confs: 102 | - src: "/etc/openstack_deploy/ceph2.conf" 103 | dest: "/etc/ceph/ceph2.conf" 104 | mon_host: 192.168.1.2 105 | client_name: cinder2 106 | keyring_src: /etc/openstack_deploy/ceph2.client.cinder2.keyring 107 | keyring_dest: /etc/ceph/ceph2.client.cinder2.keyring 108 | secret_uuid: '{{ cinder_ceph_client_uuid2 }}' 109 | - src: "/etc/openstack_deploy/ceph3.conf" 110 | dest: "/etc/ceph/ceph3.conf" 111 | mon_host: 192.168.1.3 112 | client_name: cinder3 113 | keyring_src: /etc/openstack_deploy/ceph3.client.cinder3.keyring 114 | keyring_dest: /etc/ceph/ceph3.client.cinder3.keyring 115 | secret_uuid: '{{ cinder_ceph_client_uuid3 }}' 116 | 117 | The primary aim of this feature is to deploy multiple ceph clusters as 118 | cinder backends and enable nova/libvirt to mount block volumes from those 119 | backends. These settings do not override the normal deployment of 120 | ceph client and associated setup tasks. 121 | 122 | Deploying multiple ceph clusters as cinder backends requires the following 123 | adjustments to each backend in ``cinder_backends`` 124 | 125 | .. code-block:: console 126 | 127 | rbd_ceph_conf: /etc/ceph/ceph2.conf 128 | rbd_pool: cinder_volumes_2 129 | rbd_user: cinder2 130 | rbd_secret_uuid: '{{ cinder_ceph_client_uuid2 }}' 131 | volume_backend_name: volumes2 132 | 133 | The dictionary keys ``rbd_ceph_conf``, ``rbd_user``, and ``rbd_secret_uuid`` 134 | must be unique for each ceph cluster to used as a cinder_backend. 135 | 136 | Monitors 137 | ~~~~~~~~ 138 | 139 | The `Ceph Monitor`_ maintains a master copy of the cluster map. 140 | OpenStack-Ansible provides the ``ceph_mons`` variable and expects a list of 141 | IP addresses for the Ceph Monitor servers in the deployment: 142 | 143 | .. code-block:: yaml 144 | 145 | ceph_mons: 146 | - 172.29.244.151 147 | - 172.29.244.152 148 | - 172.29.244.153 149 | 150 | Configure os_gnocchi with ceph_client 151 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 152 | 153 | If the os_gnocchi role is going to utilize the ceph_client role, the following 154 | configurations need to be added to the user variable file: 155 | 156 | .. code-block:: yaml 157 | 158 | ceph_extra_components: 159 | - component: gnocchi_api 160 | package: "{{ python_ceph_packages }}" 161 | client: 162 | - name: '{{ gnocchi_ceph_client }}' 163 | service: '{{ ceph_gnocchi_service_names }}' 164 | 165 | 166 | .. _Ceph Monitor: http://docs.ceph.com/docs/master/rados/configuration/mon-config-ref/ 167 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | OpenStack-Ansible Ceph client 3 | ============================= 4 | 5 | .. toctree:: 6 | :maxdepth: 2 7 | 8 | configure-ceph.rst 9 | config-from-file.rst 10 | config-immutable-object-cache.rst 11 | config-persistent-write-log-cache.rst 12 | 13 | This Ansible role installs the Ceph operating system 14 | packages used to interact with a Ceph cluster. 15 | 16 | To clone or view the source code for this repository, visit the role repository 17 | for `ceph_client `_. 18 | 19 | Default variables 20 | ~~~~~~~~~~~~~~~~~ 21 | 22 | .. literalinclude:: ../../defaults/main.yml 23 | :language: yaml 24 | :start-after: under the License. 25 | 26 | Required variables 27 | ~~~~~~~~~~~~~~~~~~ 28 | 29 | None. 30 | 31 | Dependencies 32 | ~~~~~~~~~~~~ 33 | 34 | None. 35 | 36 | Example playbook 37 | ~~~~~~~~~~~~~~~~ 38 | 39 | .. literalinclude:: ../../examples/playbook.yml 40 | :language: yaml 41 | -------------------------------------------------------------------------------- /examples/ceph-keyrings/glance.keyring.example: -------------------------------------------------------------------------------- 1 | [client.glance] 2 | key = AQC93h9fAAAAABAAUrAlQF+xJnjD6E8ChZkTaQ== 3 | -------------------------------------------------------------------------------- /examples/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Ceph client 3 | hosts: all 4 | user: root 5 | roles: 6 | - role: "ceph_client" 7 | -------------------------------------------------------------------------------- /examples/user_variables.yml.ceph-config.example: -------------------------------------------------------------------------------- 1 | --- 2 | # OSA options for using an existing Ceph deployment. This example can be used 3 | # if all configuration needs to come from OSA configuration files instead of 4 | # the Ceph MONs. 5 | 6 | # Directory containing the Ceph keyring files with access credentials. 7 | ceph_keyrings_dir: /etc/openstack_deploy/ceph-keyrings 8 | 9 | # General Ceph configuration file containing the information for Ceph clients 10 | # to connect to the Ceph cluster. 11 | ceph_conf_file: | 12 | [global] 13 | mon initial members = ceph1,ceph2,ceph3 14 | ## Ceph clusters starting with the Nautilus release can support the v2 wire protocol 15 | mon host = [v2:172.29.244.18:3300,v1:172.29.244.18:6789],[v2:172.29.244.19:3300,v1:172.29.244.19:6789],[v2:172.29.244.20:3300,v1:172.29.244.20:6789] 16 | ## for a Ceph cluster not supporting the v2 wire protocol (before Nautilus release) 17 | # mon host = [v1:172.29.244.18:6789],[v1:172.29.244.19:6789],[v1:172.29.244.20:6789] 18 | 19 | # For configuring the Ceph backend for Glance to store images in Ceph. 20 | glance_ceph_client: glance 21 | glance_default_store: rbd 22 | glance_rbd_store_pool: images 23 | 24 | # For configuring a backend in Cinder to store volumes in Ceph. This 25 | # configuration will be used for Nova compute and libvirt to access volumes. 26 | cinder_ceph_client: cinder 27 | 28 | cinder_backends: 29 | rbd: 30 | volume_driver: cinder.volume.drivers.rbd.RBDDriver 31 | rbd_pool: volumes 32 | rbd_ceph_conf: /etc/ceph/ceph.conf 33 | rbd_store_chunk_size: 8 34 | volume_backend_name: rbd 35 | rbd_user: "{{ cinder_ceph_client }}" 36 | rbd_secret_uuid: "{{ cinder_ceph_client_uuid }}" 37 | report_discard_supported: true 38 | 39 | # Configuration for Nova compute and libvirt to store ephemeral discs in Ceph. 40 | nova_libvirt_images_rbd_pool: vms 41 | -------------------------------------------------------------------------------- /files/gpg/460f3994: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: SKS 1.1.6 3 | Comment: Hostname: keyserver.ubuntu.com 4 | 5 | mQINBFX4hgkBEADLqn6O+UFp+ZuwccNldwvh5PzEwKUPlXKPLjQfXlQRig1flpCHE0HJ5wgG 6 | lCtYd3Ol9f9+qU24kDNzfbs5bud58BeE7zFaZ4s0JMOMuVm7p8JhsvkUC/Lo/7NFh25e4kgJ 7 | pjvnwua7c2YrA44ggRb1QT19ueOZLK5wCQ1mR+0GdrcHRCLr7Sdw1d7aLxMT+5nvqfzsmbDu 8 | llsWOD6RnMdcqhOxZZvpay8OeuK+yb8FVQ4sOIzBFiNi5cNOFFHg+8dZQoDrK3BpwNxYdGHs 9 | YIwU9u6DWWqXybBnB9jd2pve9PlzQUbOeHEa4Z+jPqxY829f4ldaql7ig8e6BaInTfs2wPnH 10 | J+606g2UH86QUmrVAjVzlLCmnqoGymoAPGA4ObHu9X3kO8viMBId9FzooVqR8a9En7ZE0Dm9 11 | O7puzXR7A1f5sHozJdYHnr32I+B8iOixhDUtxIY4GA8biGATNaPd8XR2Ca1hPuZRVuIiGG9H 12 | DqUEtXhVfY5qjTjaThIVKtYgEkWMT+Wet3DPPiWT3ftNOE907e6EWEBCHgsEuuZnAbku1GgD 13 | LBH4/a/yo9bNvGZKRaTUM/1TXhM5XgVKjd07B4cChgKypAVHvef3HKfCG2U/DkyALjteHt/V 14 | 807MtSlQyYaXUTGtDCrQPSlMK5TjmqUnDwy6Qdq8dtWN3DtBWQARAQABtCpDZXBoLmNvbSAo 15 | cmVsZWFzZSBrZXkpIDxzZWN1cml0eUBjZXBoLmNvbT6JAjgEEwECACIFAlX4hgkCGwMGCwkI 16 | BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOhKwsBGDzmUXdIQAI8YPcZMBWdv489q8CzxlfRI 17 | RZ3Gv/G/8CH+EOExcmkVZ89mVHngCdAPDOYCl8twWXC1lwJuLDBtkUOHXNuR5+Jcl5zFOUyl 18 | dq1Hv8u03vjnGT7lLJkJoqpGl9QD8nBqRvBU7EM+CU7kP8+09b+088pULil+8x46PwgXkvOQ 19 | wfVKSOr740Q4J4nm/nUOyTNtToYntmt2fAVWDTIuyPpAqA6jcqSOC7Xoz9cYxkVWnYMLBUyS 20 | XmSS0uxl3p+wK0lMG0my/gb+alke5PAQjcE5dtXYzCn+8Lj0uSfCk8Gy0ZOK2oiUjaCGYN6D 21 | u72qDRFBnR3jaoFqi03bGBIMnglGuAPyBZiI7LJgzuT9xumjKTJW3kN4YJxMNYu1FzmIyFZp 22 | yvZ7930vB2UpCOiIaRdZiX4Z6ZN2frD3a/vBxBNqiNh/BO+Dex+PDfI4TqwF8zlcjt4XZ2te 23 | Q8nNMR/D8oiYTUW8hwR4laEmDy7ASxe0p5aijmUApWq5UTsF+s/QbwugccU0iR5orksM5u9M 24 | ZH4J/mFGKzOltfGXNLYI6D5Mtwrnyi0BsF5eY0u6vkdivtdqrq2DXY+ftuqLOQ7b+t1Rctbc 25 | MHGPptlxFuN9ufP5TiTWSpfqDwmHCLsTk2vFiMwcHdLpQ1IH8ORVRgPPsiBnBOJ/kIiXG2Sx 26 | PUTjjEGOVgeA 27 | =/Tod 28 | -----END PGP PUBLIC KEY BLOCK----- 29 | -------------------------------------------------------------------------------- /files/gpg/ceph_com_keys_release: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQINBFX4hgkBEADLqn6O+UFp+ZuwccNldwvh5PzEwKUPlXKPLjQfXlQRig1flpCH 5 | E0HJ5wgGlCtYd3Ol9f9+qU24kDNzfbs5bud58BeE7zFaZ4s0JMOMuVm7p8JhsvkU 6 | C/Lo/7NFh25e4kgJpjvnwua7c2YrA44ggRb1QT19ueOZLK5wCQ1mR+0GdrcHRCLr 7 | 7Sdw1d7aLxMT+5nvqfzsmbDullsWOD6RnMdcqhOxZZvpay8OeuK+yb8FVQ4sOIzB 8 | FiNi5cNOFFHg+8dZQoDrK3BpwNxYdGHsYIwU9u6DWWqXybBnB9jd2pve9PlzQUbO 9 | eHEa4Z+jPqxY829f4ldaql7ig8e6BaInTfs2wPnHJ+606g2UH86QUmrVAjVzlLCm 10 | nqoGymoAPGA4ObHu9X3kO8viMBId9FzooVqR8a9En7ZE0Dm9O7puzXR7A1f5sHoz 11 | JdYHnr32I+B8iOixhDUtxIY4GA8biGATNaPd8XR2Ca1hPuZRVuIiGG9HDqUEtXhV 12 | fY5qjTjaThIVKtYgEkWMT+Wet3DPPiWT3ftNOE907e6EWEBCHgsEuuZnAbku1GgD 13 | LBH4/a/yo9bNvGZKRaTUM/1TXhM5XgVKjd07B4cChgKypAVHvef3HKfCG2U/DkyA 14 | LjteHt/V807MtSlQyYaXUTGtDCrQPSlMK5TjmqUnDwy6Qdq8dtWN3DtBWQARAQAB 15 | tCpDZXBoLmNvbSAocmVsZWFzZSBrZXkpIDxzZWN1cml0eUBjZXBoLmNvbT6JAjgE 16 | EwECACIFAlX4hgkCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOhKwsBG 17 | DzmUXdIQAI8YPcZMBWdv489q8CzxlfRIRZ3Gv/G/8CH+EOExcmkVZ89mVHngCdAP 18 | DOYCl8twWXC1lwJuLDBtkUOHXNuR5+Jcl5zFOUyldq1Hv8u03vjnGT7lLJkJoqpG 19 | l9QD8nBqRvBU7EM+CU7kP8+09b+088pULil+8x46PwgXkvOQwfVKSOr740Q4J4nm 20 | /nUOyTNtToYntmt2fAVWDTIuyPpAqA6jcqSOC7Xoz9cYxkVWnYMLBUySXmSS0uxl 21 | 3p+wK0lMG0my/gb+alke5PAQjcE5dtXYzCn+8Lj0uSfCk8Gy0ZOK2oiUjaCGYN6D 22 | u72qDRFBnR3jaoFqi03bGBIMnglGuAPyBZiI7LJgzuT9xumjKTJW3kN4YJxMNYu1 23 | FzmIyFZpyvZ7930vB2UpCOiIaRdZiX4Z6ZN2frD3a/vBxBNqiNh/BO+Dex+PDfI4 24 | TqwF8zlcjt4XZ2teQ8nNMR/D8oiYTUW8hwR4laEmDy7ASxe0p5aijmUApWq5UTsF 25 | +s/QbwugccU0iR5orksM5u9MZH4J/mFGKzOltfGXNLYI6D5Mtwrnyi0BsF5eY0u6 26 | vkdivtdqrq2DXY+ftuqLOQ7b+t1RctbcMHGPptlxFuN9ufP5TiTWSpfqDwmHCLsT 27 | k2vFiMwcHdLpQ1IH8ORVRgPPsiBnBOJ/kIiXG2SxPUTjjEGOVgeA 28 | =/Tod 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Restart os services 17 | ansible.builtin.service: 18 | name: "{{ item }}" 19 | state: restarted 20 | with_items: "{{ ceph_client_filtered_services }}" 21 | failed_when: false 22 | -------------------------------------------------------------------------------- /manual-test.rc: -------------------------------------------------------------------------------- 1 | export VIRTUAL_ENV=$(pwd) 2 | export ANSIBLE_HOST_KEY_CHECKING=False 3 | export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r 4 | 5 | # TODO (odyssey4me) These are only here as they are non-standard folder 6 | # names for Ansible 1.9.x. We are using the standard folder names for 7 | # Ansible v2.x. We can remove this when we move to Ansible 2.x. 8 | export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action 9 | export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback 10 | export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter 11 | export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup 12 | 13 | # This is required as the default is the current path or a path specified 14 | # in ansible.cfg 15 | export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library 16 | 17 | # This is required as the default is '/etc/ansible/roles' or a path 18 | # specified in ansible.cfg 19 | export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. 20 | 21 | export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ 22 | -o UserKnownHostsFile=/dev/null \ 23 | -o StrictHostKeyChecking=no \ 24 | -o ServerAliveInterval=64 \ 25 | -o ServerAliveCountMax=1024 \ 26 | -o Compression=no \ 27 | -o TCPKeepAlive=yes \ 28 | -o VerifyHostKeyDNS=no \ 29 | -o ForwardX11=no \ 30 | -o ForwardAgent=yes" 31 | 32 | echo "Run manual functional tests by executing the following:" 33 | echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" 34 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | galaxy_info: 17 | author: openstack 18 | description: Installation and configuration of the ceph client 19 | company: OpenStack Foundation 20 | role_name: ceph_client 21 | namespace: openstack 22 | license: Apache2 23 | min_ansible_version: "2.10" 24 | platforms: 25 | - name: Debian 26 | versions: 27 | - bullseye 28 | - name: Ubuntu 29 | versions: 30 | - focal 31 | - jammy 32 | - name: EL 33 | versions: 34 | - "9" 35 | 36 | galaxy_tags: 37 | - cloud 38 | - ceph 39 | - development 40 | - openstack 41 | 42 | dependencies: 43 | - role: apt_package_pinning 44 | apt_pinned_packages: "{{ ceph_apt_pinned_packages }}" 45 | apt_package_pinning_file_name: "ceph_client_pin.pref" 46 | when: 47 | - ansible_facts['pkg_mgr'] == 'apt' 48 | -------------------------------------------------------------------------------- /meta/openstack-ansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # (c) 2017, Jean-Philippe Evrard 17 | 18 | maturity_info: 19 | status: incubated 20 | created_during: newton 21 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-ceph_client/99e042710ca2d3bec711c969eb3839f20f667ceb/releasenotes/notes/.placeholder -------------------------------------------------------------------------------- /releasenotes/notes/Add-CentOS-support-05f2d1302b7ee2e7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - CentOS7/RHEL support has been added to the ceph_client role. 4 | - Only Ceph repos are supported for now. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/align_ceph_repo_vars-222f6af6a7d349a2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The configuration of repositories for the ceph_client role through 5 | the `ceph_yum_repo_url` and `ceph_repo_url` variable is changed. 6 | These variables were replaced by unified `ceph_repo_url` variable. 7 | With that `ceph_apt_repos` has bee replaced by `ceph_repos` variable 8 | which should follow deb822_repository format for Debian/Ubuntu and 9 | `yum_repository` for CentOS Stream/Rocky Linux. 10 | 11 | deprecations: 12 | - | 13 | In order to unify Ceph client installation approaches for EL and Debian 14 | platforms following variables were deprecated and are silently ignored: 15 | 16 | * ceph_yum_repo_url 17 | * ceph_apt_repo_url 18 | * ceph_apt_repos 19 | -------------------------------------------------------------------------------- /releasenotes/notes/apt-source-filenamed-4b0f490c2bd97c19.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The filename of the apt source for the ubuntu 4 | cloud archive used in ceph client can now be 5 | defined by giving a filename in the uca part 6 | of the dict ``ceph_apt_repos``. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph-caches-a12dbce748838ddc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Support and documentation is added to the ceph_client role for 5 | enabling the Ceph Immutable Object Cache and the Peristent Write Log cache. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph-extra-components-71f1c130b9b47ba5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | A new variable called ``ceph_extra_components`` is available for the 5 | ceph_client role. Extra components, packages, and services that are not 6 | shipped by default by OpenStack-Ansible can be defined here. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph-pkg-src-remove-uca-4ef147673821ed9b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | In the ``ceph_client`` role, the only valid values for ``ceph_pkg_source`` 5 | are now ``ceph`` and ``distro``. For Ubuntu, the Ubuntu Cloud Archive apt 6 | source is already setup by the ``openstack_hosts`` role, so there is no 7 | need for it to also be setup by the ``ceph_client`` role. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph_ceph_conf_overrides-7b3a09ac34f94a6b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added possibility to override ceph.conf partially by defining 5 | `ceph_client_ceph_conf_overrides` variable. It uses regular format of 6 | OpenStack-Ansible overrides. 7 | From now on, config_template plugin should be present for ansible. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph_cluster_name-d391e623588b3008.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added variable ``ceph_cluster_name`` that allows ceph_client role to work 5 | with clusters that have non-default cluster name. It defaults to ``ceph``. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph_components_format-3a947aa47ed2ff71.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | deprecations: 4 | - | 5 | Format of ``client`` key inside ``ceph_extra_components`` variable has been 6 | deprecated in favor of a mapping with one required attribute ``name``. 7 | Having ``client`` key defined as a simple list is kept for backwards compatibility 8 | but will be removed in future releases. 9 | 10 | fixes: 11 | - | 12 | Backwards compatibility of ``client`` key inside ``ceph_extra_components`` variable 13 | has been fixed to support both a list and a list of mappings. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/ceph_keyrings_in_files-7d6a01e64861f8c6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Get ceph keyrings from files, if variable``ceph_keyrings_dir`` is defined 5 | the keyrings will be extracted from files. All files in the directory 6 | must have ``.keyring`` extention and be named with its corresponding 7 | ``ceph_client`` name. For example, if ``cinder_ceph_client`` is ``cinder`` 8 | the cinder keyring file must be named ``cinder.keyring``. 9 | Each file must contain username and the key and nothing more, below 10 | an example for cinder.keyring content. 11 | 12 | .. code-block:: text 13 | 14 | [client.cinder] 15 | key = XXXXXXXXXXX 16 | -------------------------------------------------------------------------------- /releasenotes/notes/distribute-extra-keys-d01164639ff9bdf9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Properly distrubute client keys to nova hypervisors 4 | when extra ceph clusters are being deployed. 5 | - Properly remove temporary files used to transfer 6 | ceph client keys from the deploy host and hypervisors. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/extra-ceph-clusters-00ad154ffb0589a6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Variable ``ceph_extra_confs`` has been expanded to support 4 | retrieving additional ceph.conf and keyrings from multiple 5 | ceph clusters automatically. 6 | - Additional libvirt ceph client secrets can be defined to 7 | support attaching volumes from different ceph clusters. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/extra-ceph-conf-337b9371b49219ff.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - New variable ``ceph_extra_confs`` may be defined to support 4 | deployment of extra Ceph config files. This is useful for cinder 5 | deployments that utilize multiple Ceph clusters as cinder backends. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/jewel-default-release-cf139062bb5fc972.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The latest stable release of Ceph, Jewel, is now used as the default client 4 | version since Hammer was scheduled for EOL in November 2016. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/libvirt_packages-e826dec75312c077.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Variable `libvirt_package` in ceph_client role has been renamed to 5 | `libvirt_packages` and converted from string to a list. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/manila-63e49e98c888385d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ceph_client role will now look for and configure manila services to 4 | work with ceph and cephfs. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/move-gnocchi-component-118ae07fce3562e1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The gnocchi ceph component has been moved out as a default component 5 | required by the ceph_client role. It can now be optionally specified 6 | through the use of the ``ceph_extra_components`` variable. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/renamed_variable_python_ceph_package-9575466eb146e500.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The internal variable ``python_ceph_package`` has been renamed to 5 | ``python_ceph_packages`` and is now a list instead of a string. 6 | If you are using gnocchi with ceph and are using this internal 7 | variable in your ``ceph_extra_components`` overrides, 8 | please update it to ``python_ceph_packages``. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/use_vendored_gpg_keys-f268bd4f4cb7d105.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The data structure for ``ceph_gpg_keys`` has been changed to be a list of 5 | dicts, each of which is passed directly to the applicable apt_key/rpm_key 6 | module. As such any overrides would need to be reviewed to ensure that they 7 | do not pass any key/value pairs which would cause the module to fail. 8 | - | 9 | The default values for ``ceph_gpg_keys`` have been changed for all 10 | supported platforms and now use vendored keys. This means that the task 11 | execution will no longer reach out to the internet to add the keys, 12 | making offline or proxy-based installations easier and more reliable. 13 | - | 14 | A new value ``epel_gpg_keys`` can be overridden to use a different GPG key 15 | for the EPEL-7 RPM package repo instead of the vendored key used by default. 16 | 17 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-ceph_client/99e042710ca2d3bec711c969eb3839f20f667ceb/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-ceph_client/99e042710ca2d3bec711c969eb3839f20f667ceb/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'reno.sphinxext', 41 | ] 42 | 43 | # Add any paths that contain templates here, relative to this directory. 44 | templates_path = ['_templates'] 45 | 46 | # The suffix of source filenames. 47 | source_suffix = '.rst' 48 | 49 | # The encoding of source files. 50 | # source_encoding = 'utf-8-sig' 51 | 52 | # The master toctree document. 53 | master_doc = 'index' 54 | 55 | # General information about the project. 56 | author = 'OpenStack-Ansible Contributors' 57 | category = 'Miscellaneous' 58 | copyright = '2014-2016, OpenStack-Ansible Contributors' 59 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 60 | project = 'OpenStack-Ansible' 61 | role_name = 'ceph_client' 62 | target_name = 'openstack-ansible-' + role_name 63 | title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' 64 | 65 | # Release notes do not need a version number in the title, 66 | # they cover multiple versions. 67 | # The full version, including alpha/beta/rc tags. 68 | release = '' 69 | # The short X.Y version. 70 | version = '' 71 | 72 | # openstackdocstheme options 73 | openstackdocs_repo_name = 'openstack/' + target_name 74 | openstackdocs_bug_project = project.lower() 75 | openstackdocs_bug_tag = '' 76 | 77 | # The language for content autogenerated by Sphinx. Refer to documentation 78 | # for a list of supported languages. 79 | # language = None 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | 116 | # -- Options for HTML output ---------------------------------------------- 117 | 118 | # The theme to use for HTML and HTML Help pages. See the documentation for 119 | # a list of builtin themes. 120 | html_theme = 'openstackdocs' 121 | 122 | # Theme options are theme-specific and customize the look and feel of a theme 123 | # further. For a list of options available for each theme, see the 124 | # documentation. 125 | # html_theme_options = {} 126 | 127 | # Add any paths that contain custom themes here, relative to this directory. 128 | # html_theme_path = [] 129 | 130 | # The name for this set of Sphinx documents. If None, it defaults to 131 | # " v documentation". 132 | # html_title = None 133 | 134 | # A shorter title for the navigation bar. Default is the same as html_title. 135 | # html_short_title = None 136 | 137 | # The name of an image file (relative to this directory) to place at the top 138 | # of the sidebar. 139 | # html_logo = None 140 | 141 | # The name of an image file (within the static path) to use as favicon of the 142 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 143 | # pixels large. 144 | # html_favicon = None 145 | 146 | # Add any paths that contain custom static files (such as style sheets) here, 147 | # relative to this directory. They are copied after the builtin static files, 148 | # so a file named "default.css" will overwrite the builtin "default.css". 149 | html_static_path = ['_static'] 150 | 151 | # Add any extra paths that contain custom files (such as robots.txt or 152 | # .htaccess) here, relative to this directory. These files are copied 153 | # directly to the root of the documentation. 154 | # html_extra_path = [] 155 | 156 | # If true, SmartyPants will be used to convert quotes and dashes to 157 | # typographically correct entities. 158 | # html_use_smartypants = True 159 | 160 | # Custom sidebar templates, maps document names to template names. 161 | # html_sidebars = {} 162 | 163 | # Additional templates that should be rendered to pages, maps page names to 164 | # template names. 165 | # html_additional_pages = {} 166 | 167 | # If false, no module index is generated. 168 | # html_domain_indices = True 169 | 170 | # If false, no index is generated. 171 | # html_use_index = True 172 | 173 | # If true, the index is split into individual pages for each letter. 174 | # html_split_index = False 175 | 176 | # If true, links to the reST sources are added to the pages. 177 | # html_show_sourcelink = True 178 | 179 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 180 | # html_show_sphinx = True 181 | 182 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 183 | # html_show_copyright = True 184 | 185 | # If true, an OpenSearch description file will be output, and all pages will 186 | # contain a tag referring to it. The value of this option must be the 187 | # base URL from which the finished HTML is served. 188 | # html_use_opensearch = '' 189 | 190 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 191 | # html_file_suffix = None 192 | 193 | # Output file base name for HTML help builder. 194 | htmlhelp_basename = target_name + '-docs' 195 | 196 | 197 | # -- Options for LaTeX output --------------------------------------------- 198 | 199 | latex_elements = { 200 | # The paper size ('letterpaper' or 'a4paper'). 201 | # 'papersize': 'letterpaper', 202 | 203 | # The font size ('10pt', '11pt' or '12pt'). 204 | # 'pointsize': '10pt', 205 | 206 | # Additional stuff for the LaTeX preamble. 207 | # 'preamble': '', 208 | } 209 | 210 | # Grouping the document tree into LaTeX files. List of tuples 211 | # (source start file, target name, title, 212 | # author, documentclass [howto, manual, or own class]). 213 | latex_documents = [ 214 | (master_doc, target_name + '.tex', 215 | title, author, 'manual'), 216 | ] 217 | 218 | # The name of an image file (relative to this directory) to place at the top of 219 | # the title page. 220 | # latex_logo = None 221 | 222 | # For "manual" documents, if this is true, then toplevel headings are parts, 223 | # not chapters. 224 | # latex_use_parts = False 225 | 226 | # If true, show page references after internal links. 227 | # latex_show_pagerefs = False 228 | 229 | # If true, show URL addresses after external links. 230 | # latex_show_urls = False 231 | 232 | # Documents to append as an appendix to all manuals. 233 | # latex_appendices = [] 234 | 235 | # If false, no module index is generated. 236 | # latex_domain_indices = True 237 | 238 | 239 | # -- Options for manual page output --------------------------------------- 240 | 241 | # One entry per manual page. List of tuples 242 | # (source start file, name, description, authors, manual section). 243 | man_pages = [ 244 | (master_doc, target_name, 245 | title, [author], 1) 246 | ] 247 | 248 | # If true, show URL addresses after external links. 249 | # man_show_urls = False 250 | 251 | 252 | # -- Options for Texinfo output ------------------------------------------- 253 | 254 | # Grouping the document tree into Texinfo files. List of tuples 255 | # (source start file, target name, title, author, 256 | # dir menu entry, description, category) 257 | texinfo_documents = [ 258 | (master_doc, target_name, 259 | title, author, project, 260 | description, category), 261 | ] 262 | 263 | # Documents to append as an appendix to all manuals. 264 | # texinfo_appendices = [] 265 | 266 | # If false, no module index is generated. 267 | # texinfo_domain_indices = True 268 | 269 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 270 | # texinfo_show_urls = 'footnote' 271 | 272 | # If true, do not generate a @detailmenu in the "Top" node's menu. 273 | # texinfo_no_detailmenu = False 274 | 275 | # -- Options for Internationalization output ------------------------------ 276 | locale_dirs = ['locale/'] 277 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | OpenStack-Ansible Release Notes 3 | ================================ 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | zed 10 | ussuri 11 | train 12 | stein 13 | rocky 14 | queens 15 | pike 16 | ocata 17 | newton 18 | -------------------------------------------------------------------------------- /releasenotes/source/newton.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Newton Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/newton 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Ocata Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Pike Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Queens Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Rocky Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Stein Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Train Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # PURPOSE: 17 | # This script clones the openstack-ansible-tests repository to the 18 | # tests/common folder in order to be able to re-use test components 19 | # for role testing. This is intended to be the thinnest possible 20 | # shim for test execution outside of OpenStack CI. 21 | 22 | # WARNING: 23 | # This file is maintained in the openstack-ansible-tests repository. 24 | # https://opendev.org/openstack/openstack-ansible-tests/src/run_tests.sh 25 | # If you need to modify this file, update the one in the openstack-ansible-tests 26 | # repository and then update this file as well. The purpose of this file is to 27 | # prepare the host and then execute all the tox tests. 28 | # 29 | 30 | ## Shell Opts ---------------------------------------------------------------- 31 | set -xeu 32 | 33 | ## Vars ---------------------------------------------------------------------- 34 | 35 | WORKING_DIR="$(readlink -f $(dirname $0))" 36 | OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)" 37 | 38 | COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" 39 | TESTING_HOME=${TESTING_HOME:-$HOME} 40 | ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/opendev.org/openstack/openstack-ansible-tests" 41 | 42 | # Use .gitreview as the key to determine the appropriate 43 | # branch to clone for tests. 44 | TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") 45 | if [[ "${TESTING_BRANCH}" == "" ]]; then 46 | TESTING_BRANCH="master" 47 | fi 48 | 49 | ## Main ---------------------------------------------------------------------- 50 | 51 | # Source distribution information 52 | source /etc/os-release || source /usr/lib/os-release 53 | 54 | # Figure out the appropriate package install command 55 | case ${ID,,} in 56 | centos|rhel|fedora|rocky) pkg_mgr_cmd="dnf install -y" ;; 57 | ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; 58 | *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; 59 | esac 60 | 61 | # Install git so that we can clone the tests repo if git is not available 62 | which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git 63 | 64 | # Clone the tests repo for access to the common test script 65 | if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then 66 | # The tests repo doesn't need a clone, we can just 67 | # symlink it. 68 | if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then 69 | ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" 70 | 71 | # In zuul v3 any dependent repository is placed into 72 | # /home/zuul/src/opendev.org, so we check to see 73 | # if there is a tests checkout there already. If so, we 74 | # symlink that and use it. 75 | elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then 76 | ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" 77 | 78 | # Otherwise we're clearly not in zuul or using a previously setup 79 | # repo in some way, so just clone it from upstream. 80 | else 81 | git clone -b "${TESTING_BRANCH}" \ 82 | https://opendev.org/openstack/openstack-ansible-tests \ 83 | "${COMMON_TESTS_PATH}" 84 | fi 85 | fi 86 | 87 | # Execute the common test script 88 | source tests/common/run_tests_common.sh 89 | -------------------------------------------------------------------------------- /tasks/ceph_auth.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create cephkeys_access_group group 17 | ansible.builtin.group: 18 | name: "{{ cephkeys_access_group }}" 19 | 20 | - name: Including ceph_get_keyrings_from_mons tasks 21 | ansible.builtin.include_tasks: ceph_get_keyrings_from_mons.yml 22 | when: ceph_keyrings_dir is not defined 23 | 24 | - name: Including ceph_get_keyrings_from_files tasks 25 | ansible.builtin.include_tasks: ceph_get_keyrings_from_files.yml 26 | when: ceph_keyrings_dir is defined 27 | 28 | - name: Add OpenStack service to cephkeys_access_group group 29 | ansible.builtin.user: 30 | name: "{{ openstack_service_system_user }}" 31 | groups: "{{ cephkeys_access_group }}" 32 | append: true 33 | notify: 34 | - Restart os services 35 | 36 | - name: Make sure libvirt is started 37 | ansible.builtin.service: 38 | name: "{{ libvirt_service_name }}" 39 | state: "started" 40 | when: inventory_hostname in groups.nova_compute 41 | 42 | - name: Check if nova secret is defined in libvirt 43 | ansible.builtin.shell: virsh secret-list|grep {{ nova_ceph_client_uuid }} 44 | when: 45 | - inventory_hostname in groups.nova_compute 46 | changed_when: false 47 | failed_when: false 48 | register: libvirt_nova_defined 49 | tags: 50 | - always 51 | 52 | - name: Provide xml file to create the secret 53 | ansible.builtin.template: 54 | src: secret.xml.j2 55 | dest: /tmp/nova-secret.xml 56 | mode: "0600" 57 | with_items: 58 | - secret_uuid: "{{ nova_ceph_client_uuid }}" 59 | client_name: "{{ nova_ceph_client }}" 60 | when: 61 | - inventory_hostname in groups.nova_compute 62 | - libvirt_nova_defined.rc is defined 63 | - libvirt_nova_defined.rc != 0 64 | tags: 65 | - always 66 | 67 | - name: Define libvirt nova secret 68 | ansible.builtin.command: virsh secret-define --file /tmp/nova-secret.xml # noqa: no-changed-when 69 | when: 70 | - inventory_hostname in groups.nova_compute 71 | - libvirt_nova_defined.rc is defined 72 | - libvirt_nova_defined.rc != 0 73 | notify: 74 | - Restart os services 75 | tags: 76 | - always 77 | 78 | - name: Check if nova secret value is set in libvirt 79 | ansible.builtin.command: virsh secret-get-value {{ nova_ceph_client_uuid }} 80 | when: 81 | - inventory_hostname in groups.nova_compute 82 | - ceph_nova_secret is defined 83 | changed_when: false 84 | failed_when: false 85 | register: libvirt_nova_set 86 | tags: 87 | - always 88 | 89 | - name: Set nova secret value in libvirt 90 | ansible.builtin.command: virsh secret-set-value --secret {{ nova_ceph_client_uuid }} --base64 {{ ceph_nova_secret.stdout }} 91 | changed_when: false 92 | when: 93 | - inventory_hostname in groups.nova_compute 94 | - libvirt_nova_set.rc is defined 95 | - libvirt_nova_set.rc != 0 or 96 | (libvirt_nova_set.rc == 0 and 97 | libvirt_nova_set.stdout != ceph_nova_secret.stdout) 98 | notify: 99 | - Restart os services 100 | tags: 101 | - ceph-config 102 | 103 | - name: Remove libvirt nova secret file 104 | ansible.builtin.file: 105 | path: "/tmp/nova-secret.xml" 106 | state: "absent" 107 | when: 108 | - inventory_hostname in groups.nova_compute and libvirt_nova_set 109 | tags: 110 | - always 111 | 112 | - name: Detect correct group for extra auth 113 | ansible.builtin.set_fact: 114 | ceph_in_extra_auth_group: true 115 | with_items: "{{ ceph_extra_auth_groups }}" 116 | when: 117 | - ceph_extra_confs is defined 118 | - inventory_hostname in groups[item] 119 | 120 | - name: Including ceph_auth_extra tasks 121 | ansible.builtin.include_tasks: ceph_auth_extra.yml 122 | when: 123 | - ceph_in_extra_auth_group is defined 124 | - ceph_in_extra_auth_group | bool 125 | 126 | - name: Detect extra nova uuid secret 127 | ansible.builtin.set_fact: 128 | ceph_extra_nova_uuid: true 129 | with_items: "{{ ceph_extra_confs | default([]) }}" 130 | when: 131 | - inventory_hostname in groups[ceph_extra_compute_group] 132 | - item.secret_uuid is defined 133 | 134 | - name: Including ceph_auth_extra_compute tasks 135 | ansible.builtin.include_tasks: ceph_auth_extra_compute.yml 136 | when: 137 | - ceph_extra_nova_uuid is defined 138 | - ceph_extra_nova_uuid | bool 139 | -------------------------------------------------------------------------------- /tasks/ceph_auth_extra.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Walmart Stores, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | - name: Create keyring files for openstack clients from extra cluster(s) 16 | ansible.builtin.shell: >- 17 | ceph auth get client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} >/dev/null && 18 | ceph auth get-or-create client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} 19 | > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp 20 | with_items: "{{ ceph_extra_confs }}" 21 | changed_when: false 22 | delegate_to: "{{ item.mon_host }}" 23 | when: 24 | - item.client_name is defined 25 | - item.mon_host is defined 26 | 27 | - name: Get extra keyring files 28 | ansible.builtin.command: "scp {{ item.mon_host }}:/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp {{ item.keyring_src }}" 29 | changed_when: false 30 | delegate_to: localhost 31 | with_items: "{{ ceph_extra_confs }}" 32 | when: 33 | - item.mon_host is defined 34 | - item.keyring_src is defined 35 | - item.client_name is defined 36 | 37 | - name: Secure extra keyring file permissions 38 | ansible.builtin.file: 39 | path: "{{ item.keyring_src }}" 40 | state: file 41 | mode: "0600" 42 | delegate_to: localhost 43 | with_items: "{{ ceph_extra_confs }}" 44 | when: 45 | - item.keyring_src is defined 46 | 47 | - name: Remove temp extra keyring files 48 | ansible.builtin.file: 49 | path: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp" 50 | state: absent 51 | delegate_to: "{{ item.mon_host }}" 52 | with_items: "{{ ceph_extra_confs }}" 53 | when: 54 | - item.mon_host is defined 55 | - item.keyring_src is defined 56 | - item.client_name is defined 57 | 58 | - name: Create extra keyring files 59 | ansible.builtin.copy: 60 | src: "{{ item.keyring_src }}" 61 | dest: "{{ item.keyring_dest }}" 62 | owner: root 63 | group: "{{ cephkeys_access_group }}" 64 | mode: "0640" 65 | notify: 66 | - Restart os services 67 | with_items: "{{ ceph_extra_confs }}" 68 | when: 69 | - item.keyring_src is defined 70 | - item.keyring_dest is defined 71 | -------------------------------------------------------------------------------- /tasks/ceph_auth_extra_compute.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Walmart Stores, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | - name: Create key files for nova_compute on extra cluster(s) 16 | ansible.builtin.shell: >- 17 | ceph auth get-key client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} 18 | > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp 19 | with_items: "{{ ceph_extra_confs }}" 20 | changed_when: false 21 | delegate_to: "{{ item.mon_host }}" 22 | when: 23 | - item.client_name is defined 24 | - item.mon_host is defined 25 | 26 | - name: Get extra key files 27 | ansible.builtin.command: >- 28 | scp {{ item.mon_host }}:/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp 29 | /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp 30 | changed_when: false 31 | delegate_to: localhost 32 | with_items: "{{ ceph_extra_confs }}" 33 | when: 34 | - item.mon_host is defined 35 | - item.client_name is defined 36 | 37 | - name: Distribute extra key files from monitor host 38 | ansible.builtin.copy: 39 | src: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp" 40 | dest: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp" 41 | mode: "0640" 42 | with_items: "{{ ceph_extra_confs }}" 43 | when: 44 | - item.mon_host is defined 45 | - item.client_name is defined 46 | 47 | - name: Create extra key files from keyring files 48 | ansible.builtin.copy: 49 | src: "{{ item.keyring_src }}" 50 | dest: "/tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp" 51 | mode: "0640" 52 | with_items: "{{ ceph_extra_confs }}" 53 | when: 54 | - item.keyring_src is defined 55 | - item.client_name is defined 56 | - item.secret_uuid is defined 57 | 58 | - name: Remove temp extra key files 59 | ansible.builtin.file: 60 | path: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp" 61 | state: absent 62 | delegate_to: "{{ item.mon_host }}" 63 | with_items: "{{ ceph_extra_confs }}" 64 | when: 65 | - item.mon_host is defined 66 | - item.keyring_src is defined 67 | - item.client_name is defined 68 | 69 | - name: Provide extra xml files to create the secrets 70 | ansible.builtin.template: 71 | src: secret.xml.j2 72 | dest: /tmp/{{ item.secret_uuid }}{{ item.client_name }}-secret.xml 73 | mode: "0600" 74 | with_items: "{{ ceph_extra_confs }}" 75 | when: 76 | - item.client_name is defined 77 | - item.secret_uuid is defined 78 | 79 | - name: Check if extra secret(s) are defined in libvirt pt1 80 | ansible.builtin.shell: "virsh secret-dumpxml {{ item.secret_uuid }} 2>&1 >/dev/null && touch /tmp/{{ item.secret_uuid }}.libvirt_secret_exists" 81 | changed_when: false 82 | failed_when: false 83 | with_items: "{{ ceph_extra_confs }}" 84 | when: 85 | - item.secret_uuid is defined 86 | tags: 87 | - always 88 | 89 | - name: Check if extra secret(s) are defined in libvirt pt2 90 | ansible.builtin.shell: "ls /tmp | grep \\.libvirt_secret_exists | awk -F'.' '{print $1}'" 91 | changed_when: false 92 | failed_when: false 93 | register: libvirt_secret_exists 94 | with_items: "{{ ceph_extra_confs }}" 95 | when: 96 | - item.secret_uuid is defined 97 | tags: 98 | - always 99 | 100 | - name: Define libvirt nova extra secret(s) 101 | ansible.builtin.command: "virsh secret-define --file /tmp/{{ item.secret_uuid }}{{ item.client_name }}-secret.xml" 102 | changed_when: false 103 | loop: "{{ ceph_extra_confs }}" 104 | loop_control: 105 | index_var: index 106 | when: 107 | - "'client_name' in item" 108 | - "'secret_uuid' in item" 109 | - item.secret_uuid not in libvirt_secret_exists.results[index].stdout_lines 110 | notify: 111 | - Restart os services 112 | 113 | - name: Check if extra secret values are set in libvirt pt1 114 | ansible.builtin.shell: "virsh secret-get-value {{ item.secret_uuid }} 2>&1 >/dev/null && touch /tmp/{{ item.secret_uuid }}.libvirt_secret_value_exists " 115 | changed_when: false 116 | failed_when: false 117 | register: libvirt_nova_set 118 | with_items: "{{ ceph_extra_confs }}" 119 | when: 120 | - item.secret_uuid is defined 121 | 122 | - name: Check if extra secret values are set in libvirt pt2 123 | ansible.builtin.shell: "ls /tmp | grep \\.libvirt_secret_value_exists | awk -F'.' '{print $1}'" 124 | changed_when: false 125 | failed_when: false 126 | register: libvirt_secret_value_exists 127 | with_items: "{{ ceph_extra_confs }}" 128 | when: 129 | - item.secret_uuid is defined 130 | tags: 131 | - always 132 | 133 | - name: Set extra secret value(s) in libvirt from monitor host # noqa: no-changed-when 134 | ansible.builtin.shell: "virsh secret-set-value --secret {{ item.secret_uuid }} --base64 $(cat /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp)" 135 | loop: "{{ ceph_extra_confs }}" 136 | loop_control: 137 | index_var: index 138 | when: 139 | - "'client_name' in item" 140 | - "'mon_host' in item" 141 | - "'secret_uuid' in item" 142 | - item.secret_uuid not in libvirt_secret_value_exists.results[index].stdout_lines 143 | notify: 144 | - Restart os services 145 | 146 | - name: Set extra secret value(s) in libvirt from keyring # noqa: no-changed-when 147 | ansible.builtin.shell: >- 148 | virsh secret-set-value --secret {{ item.secret_uuid }} --base64 149 | $(awk '/key = /{print $3}' /tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp) 150 | loop: "{{ ceph_extra_confs }}" 151 | loop_control: 152 | index_var: index 153 | when: 154 | - "'client_name' in item" 155 | - "'keyring_src' in item" 156 | - "'secret_uuid' in item" 157 | - item.secret_uuid not in libvirt_secret_value_exists.results[index].stdout_lines 158 | notify: 159 | - Restart os services 160 | 161 | # Cleanup temp files 162 | - name: Remove libvirt nova secret detection file 163 | ansible.builtin.file: 164 | path: "/tmp/{{ item.secret_uuid }}.libvirt_secret_exists" 165 | state: "absent" 166 | with_items: "{{ ceph_extra_confs }}" 167 | when: 168 | - item.secret_uuid is defined 169 | tags: 170 | - always 171 | 172 | - name: Remove libvirt nova secret value detection file 173 | ansible.builtin.file: 174 | path: "/tmp/{{ item.secret_uuid }}.libvirt_secret_value_exists" 175 | state: "absent" 176 | with_items: "{{ ceph_extra_confs }}" 177 | when: 178 | - item.secret_uuid is defined 179 | tags: 180 | - always 181 | 182 | - name: Remove libvirt nova secret file 183 | ansible.builtin.file: 184 | path: "/tmp/{{ item.secret_uuid }}{{ item.client_name }}-secret.xml" 185 | state: "absent" 186 | with_items: "{{ ceph_extra_confs }}" 187 | when: 188 | - item.secret_uuid is defined 189 | - item.client_name is defined 190 | tags: 191 | - always 192 | 193 | - name: Remove libvirt key file from monitor host 194 | ansible.builtin.file: 195 | path: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp" 196 | state: "absent" 197 | with_items: "{{ ceph_extra_confs }}" 198 | when: 199 | - item.mon_host is defined 200 | - item.client_name is defined 201 | tags: 202 | - always 203 | 204 | - name: Remove libvirt key file from keyring 205 | ansible.builtin.file: 206 | path: "/tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp" 207 | state: "absent" 208 | with_items: "{{ ceph_extra_confs }}" 209 | when: 210 | - item.secret_uuid is defined 211 | - item.client_name is defined 212 | tags: 213 | - always 214 | 215 | - name: Remove libvirt key file localhost 216 | ansible.builtin.file: 217 | path: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp" 218 | state: "absent" 219 | delegate_to: localhost 220 | when: 221 | - item.mon_host is defined 222 | - item.client_name is defined 223 | with_items: "{{ ceph_extra_confs }}" 224 | tags: 225 | - always 226 | -------------------------------------------------------------------------------- /tasks/ceph_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Provide ceph configuration directory 17 | ansible.builtin.file: 18 | dest: /etc/ceph 19 | state: directory 20 | owner: root 21 | group: root 22 | mode: "0755" 23 | 24 | - name: Get ceph.conf and store contents when ceph_conf_file is not defined 25 | ansible.builtin.slurp: 26 | src: "/etc/ceph/{{ ceph_cluster_name }}.conf" 27 | register: ceph_conf_content_mon 28 | delegate_to: "{{ ceph_mon_host }}" 29 | changed_when: false 30 | when: 31 | - ceph_conf_file is not defined 32 | 33 | - name: Register ceph_conf fact when ceph_conf_file is not defined 34 | ansible.builtin.set_fact: 35 | ceph_conf: "{{ ceph_conf_content_mon.content | b64decode }}" 36 | when: 37 | - ceph_conf_file is not defined 38 | 39 | - name: Register ceph_conf fact when ceph_conf_file is defined 40 | ansible.builtin.set_fact: 41 | ceph_conf: "{{ ceph_conf_file }}\n\n" 42 | when: 43 | - ceph_conf_file is defined 44 | 45 | - name: Create ceph.conf from mon host 46 | openstack.config_template.config_template: 47 | content: "{{ ceph_conf }}" 48 | dest: "/etc/ceph/{{ ceph_cluster_name }}.conf" 49 | owner: root 50 | group: root 51 | mode: "0644" 52 | config_type: ini 53 | config_overrides: "{{ ceph_client_ceph_conf_overrides }}" 54 | notify: 55 | - Restart os services 56 | 57 | - name: Detect correct group for extra config 58 | ansible.builtin.set_fact: 59 | ceph_in_extra_config_group: true 60 | when: 61 | - ceph_extra_confs is defined 62 | - inventory_hostname in groups[item] 63 | with_items: "{{ ceph_extra_config_groups }}" 64 | 65 | - name: Including ceph_config_extra tasks 66 | ansible.builtin.include_tasks: ceph_config_extra.yml 67 | when: 68 | - ceph_in_extra_config_group is defined 69 | - ceph_in_extra_config_group | bool 70 | -------------------------------------------------------------------------------- /tasks/ceph_config_extra.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Walmart Stores, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | - name: Get extra ceph.conf files 16 | ansible.builtin.command: "scp {{ item.mon_host }}:/etc/ceph/{{ item.cluster_name | default(ceph_cluster_name) }}.conf {{ item.src }}" 17 | changed_when: false 18 | delegate_to: localhost 19 | with_items: "{{ ceph_extra_confs }}" 20 | when: 21 | - item.mon_host is defined 22 | - item.src is defined 23 | 24 | - name: Create extra ceph.conf files 25 | ansible.builtin.copy: 26 | src: "{{ item.src }}" 27 | dest: "{{ item.dest }}" 28 | owner: root 29 | group: root 30 | mode: "0644" 31 | notify: 32 | - Restart os services 33 | with_items: "{{ ceph_extra_confs }}" 34 | when: 35 | - item.src is defined 36 | - item.dest is defined 37 | 38 | - name: Add keyring section to extra ceph.conf files 39 | community.general.ini_file: 40 | dest: "{{ item.dest }}" 41 | section: "client.{{ item.client_name }}" 42 | option: keyring 43 | value: "{{ item.keyring_dest }}" 44 | mode: "0644" 45 | with_items: "{{ ceph_extra_confs }}" 46 | when: 47 | - item.src is defined 48 | - item.dest is defined 49 | - item.keyring_dest is defined 50 | - item.client_name is defined 51 | -------------------------------------------------------------------------------- /tasks/ceph_get_keyrings_from_files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Ceph client keyrings 17 | 18 | - name: From files | Retrieve keyrings for openstack clients 19 | ansible.builtin.set_fact: 20 | ceph_client_keys: |- 21 | {% set _keys = {} %} 22 | {% for client in ceph_client_filtered_clients %} 23 | {% set _ = _keys.update({ 24 | client['name']: lookup('file', ceph_keyrings_dir ~ '/' ~ client['name'] ~ '.keyring') 25 | }) 26 | %} 27 | {% endfor %} 28 | {{ _keys }} 29 | changed_when: false 30 | delegate_facts: false 31 | delegate_to: localhost 32 | tags: 33 | - ceph-config 34 | - always 35 | 36 | - name: From files | Provision ceph client keyrings 37 | ansible.builtin.copy: 38 | dest: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item['name'] }}.keyring" 39 | content: | 40 | {{ ceph_client_keys[item['name']] }} 41 | owner: "{{ client['owner'] | default('root') }}" 42 | group: "{{ client['group'] | default(cephkeys_access_group) }}" 43 | # ideally the permission will be: 0600 and the owner/group will be either 44 | # glance , nova or cinder. For keys that require access by different users 45 | # (the cinder one) we should probably create a group 'cephkeys' and add 46 | # nova/cinder to it. 47 | # If I'm correct, the use case for multiple users is on the computre nodes, 48 | # access needed by users libvirt-qemu and nova 49 | mode: "{{ client['mode'] | default('0640') }}" 50 | with_items: "{{ ceph_client_filtered_clients }}" 51 | notify: 52 | - Restart os services 53 | 54 | - name: From file | Retrieve nova secret 55 | ansible.builtin.set_fact: 56 | ceph_nova_secret: 57 | stdout: "{{ (ceph_client_keys[nova_ceph_client] | regex_search('.*^\\s*key\\s*=\\s*(.*)$.*', '\\1', multiline=True))[0] }}" 58 | when: 59 | - inventory_hostname in groups.nova_compute 60 | - nova_ceph_client in ceph_client_filtered_clients | map(attribute='name') | list 61 | delegate_to: localhost 62 | tags: 63 | - always 64 | -------------------------------------------------------------------------------- /tasks/ceph_get_keyrings_from_mons.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Ceph client keyrings 17 | 18 | # TODO: also be able to create users, keys and pools on ceph 19 | - name: Retrieve keyrings for openstack clients 20 | # the first get makes sure the client exists, so the second only runs when it 21 | # exists, the trick is the different output of both, the second has the right 22 | # output to put in a keyring; ceph admin should have already created the user 23 | ansible.builtin.shell: >- 24 | ceph auth get client.{{ item['name'] }} --cluster {{ ceph_cluster_name }} >/dev/null && 25 | ceph auth get-or-create client.{{ item['name'] }} --cluster {{ ceph_cluster_name }} 26 | with_items: "{{ ceph_client_filtered_clients }}" 27 | changed_when: false 28 | delegate_to: "{{ ceph_mon_host }}" 29 | register: ceph_client_keyrings 30 | until: ceph_client_keyrings is success 31 | retries: 3 32 | tags: 33 | - ceph-config 34 | - always 35 | 36 | - name: Provision ceph client keyrings 37 | # TODO: do we really need a template for this? what's the added value compare to 38 | # ceph get-or-create ... ... -o file? 39 | ansible.builtin.template: 40 | src: ceph.client.keyring.j2 41 | dest: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.item['name'] }}.keyring" 42 | backup: true 43 | owner: "{{ item.item.owner | default('root') }}" 44 | # TODO 45 | group: "{{ item.item.group | default(cephkeys_access_group) }}" 46 | # ideally the permission will be: 0600 and the owner/group will be either 47 | # glance , nova or cinder. For keys that require access by different users 48 | # (the cinder one) we should probably create a group 'cephkeys' and add 49 | # nova/cinder to it. 50 | # If I'm correct, the use case for multiple users is on the computre nodes, 51 | # access needed by users libvirt-qemu and nova 52 | mode: "{{ item.item.mode | default('0640') }}" 53 | with_items: "{{ ceph_client_keyrings.results }}" 54 | when: 55 | - not item is skipped 56 | notify: 57 | - Restart os services 58 | 59 | ## Ceph nova client libvirt secret 60 | - name: Retrieve nova secret from cephcluster 61 | ansible.builtin.command: ceph auth get-key client.{{ nova_ceph_client }} --cluster {{ ceph_cluster_name }} 62 | when: 63 | - inventory_hostname in groups.nova_compute 64 | - nova_ceph_client in ceph_client_filtered_clients | map(attribute='name') | list 65 | changed_when: false 66 | delegate_to: "{{ ceph_mon_host }}" 67 | register: ceph_nova_secret 68 | tags: 69 | - always 70 | -------------------------------------------------------------------------------- /tasks/ceph_get_mon_host.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # look for 1 ceph monitor host that is up 17 | - name: Verify Ceph monitors are up 18 | ansible.builtin.wait_for_connection: 19 | connect_timeout: 3 20 | timeout: 10 21 | delegate_to: "{{ item }}" 22 | with_items: "{{ ceph_mons }}" 23 | changed_when: false 24 | failed_when: false 25 | register: ceph_mon_upcheck 26 | 27 | - name: Set ceph_mon_host to an online monitor host 28 | ansible.builtin.set_fact: 29 | ceph_mon_host: "{{ item.item }}" 30 | when: 31 | - item is success 32 | # Use the first available monitor 33 | - ceph_mon_host is not defined 34 | with_items: "{{ ceph_mon_upcheck.results }}" 35 | 36 | - name: Fail when no ceph_mon_host is reachable 37 | ansible.builtin.fail: 38 | msg: "No Ceph Monitor reachable" 39 | when: 40 | - ceph_mon_host is undefined 41 | -------------------------------------------------------------------------------- /tasks/ceph_immutable_object_cache.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2023, BBC R&D 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Set permissions on immutable object cache directory 17 | ansible.builtin.file: 18 | path: "{{ ceph_immutable_object_cache_dir }}" 19 | owner: "{{ ceph_immutable_object_cache_owner }}" 20 | group: "{{ ceph_immutable_object_cache_group }}" 21 | mode: "{{ ceph_immutable_object_cache_mode }}" 22 | 23 | - name: Add libvirt-qemu user to ceph group 24 | ansible.builtin.user: 25 | append: true 26 | name: "{{ ceph_immutable_object_cache_group }}" 27 | groups: "ceph" 28 | 29 | - name: Create ceph immutable object cache service overrides 30 | ansible.builtin.import_role: 31 | name: systemd_service 32 | vars: 33 | systemd_services: 34 | - service_name: "{{ ceph_immutable_object_cache_service_name }}" 35 | systemd_overrides_only: true 36 | load: false 37 | systemd_overrides: 38 | Service: 39 | UMask: "{{ ceph_immutable_object_cache_umask }}" 40 | ExecStart: >- 41 | {{ 42 | [ 43 | '', 44 | '/usr/bin/ceph-immutable-object-cache -f --cluster ${CLUSTER} --name client.immutable-object-cache --setuser ' ~ 45 | ceph_immutable_object_cache_owner ~ 46 | ' --setgroup ' ~ 47 | ceph_immutable_object_cache_group 48 | ] 49 | }} 50 | 51 | - name: Ensure ceph immutable object cache service is running 52 | ansible.builtin.service: 53 | name: "{{ ceph_immutable_object_cache_service_name }}1.service" 54 | state: started 55 | enabled: true 56 | -------------------------------------------------------------------------------- /tasks/ceph_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Install ceph packages 17 | ansible.builtin.package: 18 | name: "{{ ceph_client_filtered_packages }}" 19 | state: "{{ ceph_client_package_state }}" 20 | update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}" 21 | cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}" 22 | register: install_packages 23 | until: install_packages is success 24 | retries: 5 25 | delay: 2 26 | notify: 27 | - Restart os services 28 | -------------------------------------------------------------------------------- /tasks/ceph_install_python_libs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Find the venv's python version 17 | ansible.builtin.find: 18 | paths: "{{ openstack_service_venv_bin | dirname }}/lib/" 19 | patterns: "python*" 20 | file_type: directory 21 | recurse: false 22 | register: python_venv_details 23 | 24 | - name: Set python venvs details 25 | ansible.builtin.set_fact: 26 | venv_python_lib_folder: "{{ python_venv_details.files[0].path }}" 27 | ceph_python_interp: "/usr/bin/python3" 28 | 29 | - name: Register rados module path 30 | ansible.builtin.command: "{{ ceph_python_interp }} -c 'import rados; print(rados.__file__)'" 31 | changed_when: false 32 | register: rados_module_path 33 | 34 | - name: Register rbd module path 35 | ansible.builtin.command: "{{ ceph_python_interp }} -c 'import rbd; print(rbd.__file__)'" 36 | changed_when: false 37 | register: rbd_module_path 38 | 39 | - name: Register cephfs module path 40 | ansible.builtin.command: "{{ ceph_python_interp }} -c 'import cephfs; print(cephfs.__file__)'" 41 | changed_when: false 42 | failed_when: false 43 | register: cephfs_module_path 44 | 45 | - name: Register ceph_volume_client path 46 | ansible.builtin.command: "{{ ceph_python_interp }} -c 'import ceph_volume_client; print(ceph_volume_client.__file__)'" 47 | changed_when: false 48 | failed_when: false 49 | register: ceph_volume_client_module_path 50 | 51 | - name: Register ceph_argparse path 52 | ansible.builtin.command: "{{ ceph_python_interp }} -c 'import ceph_argparse; print(ceph_argparse.__file__)'" 53 | changed_when: false 54 | failed_when: false 55 | register: ceph_argparse_module_path 56 | 57 | - name: Link rados module into the venv 58 | ansible.builtin.file: 59 | src: "{{ rados_module_path.stdout | replace('.pyc', '.py') }}" 60 | dest: "{{ venv_python_lib_folder }}/site-packages/{{ rados_module_path.stdout | basename | replace('.pyc', '.py') }}" 61 | state: link 62 | force: "yes" 63 | notify: 64 | - Restart os services 65 | 66 | - name: Link rbd module into the venv 67 | ansible.builtin.file: 68 | src: "{{ rbd_module_path.stdout | replace('.pyc', '.py') }}" 69 | dest: "{{ venv_python_lib_folder }}/site-packages/{{ rbd_module_path.stdout | basename | replace('.pyc', '.py') }}" 70 | state: link 71 | force: "yes" 72 | notify: 73 | - Restart os services 74 | 75 | - name: Link cephfs module into the venv 76 | ansible.builtin.file: 77 | src: "{{ cephfs_module_path.stdout | replace('.pyc', '.py') }}" 78 | dest: "{{ venv_python_lib_folder }}//site-packages/{{ cephfs_module_path.stdout | basename | replace('.pyc', '.py') }}" 79 | state: link 80 | force: "yes" 81 | when: 82 | - cephfs_module_path.rc == 0 83 | notify: 84 | - Restart os services 85 | 86 | - name: Link ceph_volume_client module into the venv 87 | ansible.builtin.file: 88 | src: "{{ ceph_volume_client_module_path.stdout | replace('.pyc', '.py') }}" 89 | dest: "{{ venv_python_lib_folder }}/site-packages/{{ ceph_volume_client_module_path.stdout | basename | replace('.pyc', '.py') }}" 90 | state: link 91 | force: "yes" 92 | when: 93 | - ceph_volume_client_module_path.rc == 0 94 | notify: 95 | - Restart os services 96 | 97 | - name: Link ceph_argparse module into the venv 98 | ansible.builtin.file: 99 | src: "{{ ceph_argparse_module_path.stdout | replace('.pyc', '.py') }}" 100 | dest: "{{ venv_python_lib_folder }}/site-packages/{{ ceph_argparse_module_path.stdout | basename | replace('.pyc', '.py') }}" 101 | state: link 102 | force: "yes" 103 | when: 104 | - ceph_argparse_module_path.rc == 0 105 | notify: 106 | - Restart os services 107 | -------------------------------------------------------------------------------- /tasks/ceph_preinstall_apt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016 IBM Corp 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Validate repo config is deb822 format 17 | vars: 18 | _repo_check: "{{ ceph_repos | selectattr('repo', 'defined') | map(attribute='repo') }}" 19 | ansible.builtin.assert: 20 | that: _repo_check | length == 0 21 | fail_msg: "The following repository definitions must be updated to deb822 format {{ _repo_check }}" 22 | when: 23 | - ceph_pkg_source == 'ceph' 24 | 25 | # NOTE(jrosser) remove this task for the 2025.2 release 26 | - name: Find legacy repository files 27 | ansible.builtin.find: 28 | paths: /etc/apt/sources.list.d/ 29 | patterns: "{{ ceph_repo_url | urlsplit('hostname') | replace('.', '_') }}_*.list" 30 | register: _legacy_apt_repos 31 | 32 | - name: Clean up legacy repository config not in deb822 format 33 | ansible.builtin.file: 34 | path: "{{ item['path'] }}" 35 | state: absent 36 | with_items: "{{ _legacy_apt_repos['files'] }}" 37 | register: apt_repo_removed 38 | 39 | - name: Ensure python3-debian package is available 40 | ansible.builtin.apt: 41 | name: python3-debian 42 | 43 | - name: Manage apt repositories 44 | vars: 45 | loop_label: 46 | name: "{{ item.name }}" 47 | uris: "{{ item.uris | default('') }}" 48 | state: "{{ item.state | default('present') }}" 49 | suites: "{{ item.suites | default('') }}" 50 | ansible.builtin.deb822_repository: 51 | allow_downgrade_to_insecure: "{{ item.allow_downgrade_to_insecure | default(omit) }}" 52 | allow_insecure: "{{ item.allow_insecure | default(omit) }}" 53 | allow_weak: "{{ item.allow_weak | default(omit) }}" 54 | architectures: "{{ item.architectures | default(omit) }}" 55 | by_hash: "{{ item.by_hash | default(omit) }}" 56 | check_date: "{{ item.check_date | default(omit) }}" 57 | check_valid_until: "{{ item.check_valid_until | default(omit) }}" 58 | components: "{{ item.components | default(omit) }}" 59 | date_max_future: "{{ item.date_max_future | default(omit) }}" 60 | enabled: "{{ item.enabled | default(omit) }}" 61 | inrelease_path: "{{ item.inrelease_path | default(omit) }}" 62 | languages: "{{ item.languages | default(omit) }}" 63 | mode: "{{ item.mode | default(omit) }}" 64 | name: "{{ item.name }}" 65 | pdiffs: "{{ item.pdiffs | default(omit) }}" 66 | signed_by: "{{ item.signed_by | default(omit) }}" 67 | state: "{{ item.state | default(omit) }}" 68 | suites: "{{ item.suites | default(omit) }}" 69 | targets: "{{ item.targets | default(omit) }}" 70 | trusted: "{{ item.trusted | default(omit) }}" 71 | types: "{{ item.types | default(omit) }}" 72 | uris: "{{ item.uris | default(omit) }}" 73 | loop: "{{ ceph_repos }}" 74 | loop_control: 75 | label: "{{ loop_label | to_json }}" 76 | register: deb822_repos 77 | 78 | - name: Update Apt cache 79 | ansible.builtin.apt: 80 | update_cache: true 81 | when: (apt_repo_removed is changed) or (deb822_repos is changed) 82 | register: update_apt_cache 83 | until: update_apt_cache is success 84 | retries: 5 85 | delay: 2 86 | -------------------------------------------------------------------------------- /tasks/ceph_preinstall_dnf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017 Marc Gariépy 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Download EPEL gpg keys 17 | ansible.builtin.get_url: 18 | url: "{{ item.url }}" 19 | dest: "{{ item.key }}" 20 | mode: "0640" 21 | with_items: "{{ ceph_gpg_keys | selectattr('url', 'defined') }}" 22 | register: _get_yum_keys 23 | until: _get_yum_keys is success 24 | retries: 5 25 | delay: 2 26 | when: 27 | - ceph_pkg_source == 'ceph' 28 | 29 | - name: Copy Ceph gpg keyfile to the key location 30 | ansible.builtin.copy: 31 | src: "{{ item.src }}" 32 | dest: "{{ item.key }}" 33 | mode: "0640" 34 | with_items: "{{ ceph_gpg_keys | selectattr('src', 'defined') }}" 35 | when: 36 | - ceph_pkg_source == 'ceph' 37 | 38 | - name: Install Ceph gpg keys 39 | ansible.builtin.rpm_key: 40 | key: "{{ key['key'] }}" 41 | fingerprint: "{{ key['fingerprint'] | default(omit) }}" 42 | state: "{{ key['state'] | default('present') }}" 43 | with_items: "{{ ceph_gpg_keys }}" 44 | loop_control: 45 | loop_var: key 46 | register: _add_ceph_keys 47 | until: _add_ceph_keys is success 48 | retries: 5 49 | delay: 2 50 | 51 | - name: Install required repositories 52 | ansible.builtin.yum_repository: 53 | baseurl: "{{ item.baseurl }}" 54 | description: "{{ item.description | default(omit) }}" 55 | enabled: "{{ item.enabled | default(True) }}" 56 | file: "{{ item.file | default(omit) }}" 57 | includepkgs: "{{ item.includepkgs | default(omit) }}" 58 | gpgcheck: "{{ item.gpgcheck | default(omit) }}" 59 | gpgkey: "{{ item.gpgkey | default(omit) }}" 60 | name: "{{ item.name }}" 61 | priority: "{{ item.priority | default(omit) }}" 62 | state: "{{ item.state | default('present') }}" 63 | with_items: "{{ ceph_repos }}" 64 | register: install_repo 65 | until: install_repo is success 66 | retries: 5 67 | delay: 2 68 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: End playbook if disabled 17 | ansible.builtin.meta: end_play 18 | when: 19 | - ceph_mons | list | length == 0 and ceph_conf_file is not defined 20 | tags: 21 | - always 22 | 23 | - name: Gather variables for each operating system 24 | ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" 25 | vars: 26 | params: 27 | files: 28 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" 29 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 30 | - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 31 | - "{{ ansible_facts['distribution'] | lower }}.yml" 32 | - "{{ ansible_facts['os_family'] | lower }}.yml" 33 | paths: 34 | - "{{ role_path }}/vars" 35 | tags: 36 | - always 37 | 38 | - name: Fail if ceph_pkg_source uses an incorrect parameter 39 | ansible.builtin.fail: 40 | msg: "Invalid value for ceph_pkg_source. Valid parameters are ceph, distro." 41 | when: 42 | - ceph_pkg_source not in ['ceph', 'distro'] 43 | 44 | - name: Including ceph_preinstall tasks 45 | ansible.builtin.include_tasks: "ceph_preinstall_{{ ansible_facts['pkg_mgr'] }}.yml" 46 | args: 47 | apply: 48 | tags: 49 | - ceph-install 50 | tags: 51 | - ceph-install 52 | 53 | - name: Including ceph_install tasks 54 | ansible.builtin.include_tasks: ceph_install.yml 55 | args: 56 | apply: 57 | tags: 58 | - ceph-install 59 | tags: 60 | - ceph-install 61 | 62 | - name: Including ceph_install_python_libs tasks 63 | ansible.builtin.include_tasks: ceph_install_python_libs.yml 64 | when: 65 | - openstack_service_venv_bin | length > 0 66 | args: 67 | apply: 68 | tags: 69 | - ceph-install 70 | tags: 71 | - ceph-install 72 | 73 | - name: Including ceph_get_mon_host tasks 74 | ansible.builtin.include_tasks: ceph_get_mon_host.yml 75 | when: ceph_conf_file is not defined or ceph_keyrings_dir is not defined 76 | args: 77 | apply: 78 | tags: 79 | - ceph-config 80 | tags: 81 | - ceph-config 82 | 83 | - name: Including ceph_config tasks 84 | ansible.builtin.include_tasks: ceph_config.yml 85 | args: 86 | apply: 87 | tags: 88 | - ceph-config 89 | tags: 90 | - ceph-config 91 | 92 | - name: Including ceph_auth tasks 93 | ansible.builtin.include_tasks: ceph_auth.yml 94 | when: 95 | - cephx | bool 96 | args: 97 | apply: 98 | tags: 99 | - ceph-config 100 | tags: 101 | - ceph-config 102 | 103 | - name: Including ceph_immutable_object_cache tasks 104 | ansible.builtin.include_tasks: ceph_immutable_object_cache.yml 105 | when: 106 | - ceph_immutable_object_cache_enabled | bool 107 | args: 108 | apply: 109 | tags: 110 | - ceph-config 111 | tags: 112 | - ceph-config 113 | 114 | - name: Write AppArmor configuration for ceph immutable object caching 115 | ansible.builtin.blockinfile: 116 | create: true 117 | mode: "0644" 118 | path: /etc/apparmor.d/local/abstractions/libvirt-qemu 119 | marker: "### {mark} OSA CEPH_CLIENT IMMUTABLE OBJECT CACHE BLOCK ###" 120 | block: | 121 | {{ ceph_immutable_object_cache_dir }}/** r, 122 | {{ ceph_immutable_object_cache_socket }} rw, 123 | state: "{{ ceph_immutable_object_cache_enabled | bool | ternary('present', 'absent') }}" 124 | when: 125 | - ansible_facts['os_family'] == "Debian" 126 | - "'nova_compute' in group_names" 127 | tags: 128 | - ceph-config 129 | 130 | - name: Set permissions on persistent write log cache directory 131 | ansible.builtin.file: 132 | path: "{{ ceph_persistent_write_log_cache_dir }}" 133 | owner: "{{ ceph_persistent_write_log_cache_owner }}" 134 | group: "{{ ceph_persistent_write_log_cache_group }}" 135 | mode: "{{ ceph_persistent_write_log_cache_mode }}" 136 | when: ceph_persistent_write_log_cache_enabled | bool 137 | tags: 138 | - ceph-config 139 | 140 | - name: Write AppArmor configuration for ceph write log caching 141 | ansible.builtin.blockinfile: 142 | create: true 143 | mode: "0644" 144 | path: /etc/apparmor.d/local/abstractions/libvirt-qemu 145 | marker: "### {mark} OSA CEPH_CLIENT WRITE LOG CACHE BLOCK ###" 146 | block: | 147 | {{ ceph_persistent_write_log_cache_dir }}/** rwk, 148 | state: "{{ ceph_persistent_write_log_cache_enabled | bool | ternary('present', 'absent') }}" 149 | when: 150 | - ansible_facts['os_family'] == "Debian" 151 | - "'nova_compute' in group_names" 152 | tags: 153 | - ceph-config 154 | -------------------------------------------------------------------------------- /templates/ceph.client.keyring.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {{ item.stdout }} 3 | -------------------------------------------------------------------------------- /templates/ceph.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% for section in ceph_conf %} 3 | [{{ section }}] 4 | {% for key, value in ceph_conf[section]|dictsort %} 5 | {{ key }} = {{ value }} 6 | {% endfor %} 7 | {% endfor %} 8 | -------------------------------------------------------------------------------- /templates/secret.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | 3 | {{ item.secret_uuid }} 4 | 5 | client.{{ item.client_name }} secret 6 | 7 | 8 | -------------------------------------------------------------------------------- /tests/ansible-role-requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: apt_package_pinning 3 | src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning 4 | scm: git 5 | version: master 6 | - name: config_template 7 | src: https://opendev.org/openstack/ansible-config_template 8 | scm: git 9 | version: master 10 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | localhost 3 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Playbook for role testing 17 | hosts: localhost 18 | connection: local 19 | user: root 20 | become: true 21 | roles: 22 | - role: "ceph_client" 23 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 2.0 3 | skipsdist = True 4 | envlist = docs,linters,functional 5 | ignore_basepython_conflict = True 6 | 7 | [testenv] 8 | usedevelop = False 9 | basepython = python3 10 | commands = 11 | /usr/bin/find . -type f -name "*.pyc" -delete 12 | passenv = 13 | COMMON_TESTS_PATH 14 | HOME 15 | http_proxy 16 | HTTP_PROXY 17 | https_proxy 18 | HTTPS_PROXY 19 | no_proxy 20 | NO_PROXY 21 | TESTING_BRANCH 22 | TESTING_HOME 23 | USER 24 | allowlist_externals = 25 | bash 26 | setenv = 27 | PYTHONUNBUFFERED=1 28 | ROLE_NAME=ceph_client 29 | TEST_IDEMPOTENCE=false 30 | VIRTUAL_ENV={envdir} 31 | WORKING_DIR={toxinidir} 32 | 33 | [testenv:docs] 34 | deps = 35 | -r{toxinidir}/doc/requirements.txt 36 | -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 37 | commands = 38 | bash -c "rm -rf doc/build" 39 | doc8 doc 40 | sphinx-build --keep-going -b html doc/source doc/build/html 41 | 42 | [testenv:pdf-docs] 43 | deps = {[testenv:docs]deps} 44 | allowlist_externals = 45 | make 46 | commands = 47 | sphinx-build -W --keep-going -b latex doc/source doc/build/pdf 48 | make -C doc/build/pdf 49 | 50 | [doc8] 51 | extensions = .rst 52 | 53 | [testenv:releasenotes] 54 | basepython = python3 55 | deps = 56 | -r{toxinidir}/doc/requirements.txt 57 | -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} 58 | commands = 59 | sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html 60 | 61 | [testenv:venv] 62 | basepython = python3 63 | commands = 64 | {posargs} 65 | 66 | [testenv:pep8] 67 | basepython = python3 68 | commands = 69 | bash -c "{toxinidir}/tests/common/test-pep8.sh" 70 | 71 | [flake8] 72 | ignore = F403 73 | 74 | [testenv:bashate] 75 | commands = 76 | bash -c "{toxinidir}/tests/common/test-bashate.sh" 77 | 78 | [testenv:ansible-syntax] 79 | commands = 80 | bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" 81 | 82 | [testenv:ansible-lint] 83 | commands = 84 | bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" 85 | 86 | [testenv:functional] 87 | commands = 88 | bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" 89 | 90 | [testenv:linters] 91 | commands = 92 | bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" 93 | {[testenv:pep8]commands} 94 | {[testenv:bashate]commands} 95 | {[testenv:ansible-lint]commands} 96 | {[testenv:ansible-syntax]commands} 97 | -------------------------------------------------------------------------------- /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016 IBM Corp 3 | # Copyright 2015, Serge van Ginderachter 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | ## APT Cache Options 18 | cache_timeout: 600 19 | 20 | libvirt_packages: 21 | - libvirt-daemon-system 22 | 23 | libvirt_service_name: libvirtd 24 | 25 | python_ceph_packages: 26 | - python3-ceph 27 | - python3-cephfs 28 | - python3-rados 29 | - python3-rbd 30 | 31 | _ceph_repo_distro_suffix: debian 32 | _ceph_repos: 33 | - name: "ceph" 34 | suites: "{{ ansible_facts['distribution_release'] }}" 35 | uris: "{{ ceph_repo_url }}" 36 | signed_by: "{{ lookup('file', 'gpg/460f3994') }}" 37 | components: main 38 | architectures: "{{ ceph_architecture_mapping.get(ansible_facts['architecture']) }}" 39 | state: "{{ (ceph_pkg_source == 'ceph') | ternary('present', 'absent') }}" 40 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # http://ceph.com/docs/master/rbd/rbd-openstack/ 16 | 17 | ceph_components: 18 | - component: glance_api 19 | package: "{{ python_ceph_packages }}" 20 | client: 21 | - name: "{{ glance_ceph_client }}" 22 | service: "{{ ceph_glance_service_names }}" 23 | - component: cinder_volume 24 | package: "{{ ['ceph-common'] + python_ceph_packages }}" 25 | client: 26 | - name: "{{ cinder_ceph_client }}" 27 | service: "{{ ceph_cinder_service_names }}" 28 | - component: cinder_backup 29 | package: "{{ ['ceph-common'] + python_ceph_packages }}" 30 | client: 31 | - name: "{{ cinder_backup_ceph_client }}" 32 | service: "{{ ceph_cinder_service_names }}" 33 | - component: nova_compute 34 | package: "{{ (libvirt_packages + ['ceph-common'] + ceph_immutable_object_cache_packages + python_ceph_packages) | select }}" 35 | client: 36 | - name: "{{ nova_ceph_client }}" 37 | - name: "{{ immutable_object_cache_client }}" 38 | owner: "{{ ceph_immutable_object_cache_key_owner }}" 39 | group: "{{ ceph_immutable_object_cache_key_group }}" 40 | enabled: "{{ ceph_immutable_object_cache_enabled }}" 41 | service: "{{ ceph_nova_service_names }}" 42 | - component: manila_share 43 | package: "{{ ['ceph-common'] + python_ceph_packages }}" 44 | client: 45 | - name: "{{ manila_ceph_client }}" 46 | service: "{{ ceph_manila_service_names }}" 47 | 48 | # cache daemon package name is the same on ubuntu/centos 49 | ceph_immutable_object_cache_packages: 50 | - "{{ ceph_immutable_object_cache_enabled | ternary('ceph-immutable-object-cache', '') }}" 51 | 52 | ceph_extra_components: [] 53 | # Gnocchi has been moved out from the integrated OSA repo, but can still 54 | # be optionally enabled by using the configuration in the os_gnocchi role repo 55 | # under the 'extras' directory 56 | # - component: gnocchi_api 57 | # package: 58 | # - "{{ python_ceph_package }}" 59 | # client: 60 | # - name: '{{ gnocchi_ceph_client }}' 61 | # service: '{{ ceph_gnocchi_service_names }}' 62 | 63 | ceph_client_filtered_packages: |- 64 | {% set packages = [] %} 65 | {% for comp in (ceph_components + ceph_extra_components) %} 66 | {% if comp.component in group_names %} 67 | {% for pkg_name in comp.package %} 68 | {% if pkg_name not in packages %} 69 | {% set _ = packages.append(pkg_name) %} 70 | {% endif %} 71 | {% endfor %} 72 | {% endif %} 73 | {% endfor %} 74 | {{ packages }} 75 | 76 | ceph_client_filtered_services: |- 77 | {% set services = [] %} 78 | {% for comp in (ceph_components + ceph_extra_components) %} 79 | {% if comp.component in group_names and 'service' in comp %} 80 | {% set _ = services.append(comp.service) %} 81 | {% endif %} 82 | {% endfor %} 83 | {{ services }} 84 | 85 | ceph_client_filtered_clients: |- 86 | {% set clients = [] %} 87 | {% for comp in (ceph_components + ceph_extra_components) %} 88 | {% if comp.component in group_names %} 89 | {% if ((comp.component != 'cinder_backup') or 90 | ((cinder_service_backup_program_enabled is defined and 91 | cinder_service_backup_program_enabled | bool) and 92 | (cinder_service_backup_driver is defined and 93 | 'ceph' in cinder_service_backup_driver))) %} 94 | {% for client in comp.client %} 95 | {% if client is not mapping %} 96 | {% set _ = clients.append({'name': client}) %} 97 | {% elif client['enabled'] | default(true) | bool %} 98 | {% set _ = clients.append(client) %} 99 | {% endif %} 100 | {% endfor %} 101 | {% endif %} 102 | {% endif %} 103 | {% endfor %} 104 | {{ clients }} 105 | -------------------------------------------------------------------------------- /vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Serge van Ginderachter 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Ceph GPG Keys 17 | ceph_gpg_keys: 18 | # download.ceph.com/keys/release.asc 19 | - key: /etc/pki/rpm-gpg/ceph_com_keys_release 20 | src: gpg/ceph_com_keys_release 21 | state: "{{ (ceph_pkg_source == 'ceph') | ternary('present', 'absent') }}" 22 | - key: "/etc/pki/rpm-gpg/{{ ceph_centos_epel_key | basename }}" 23 | url: "{{ ceph_centos_epel_key }}" 24 | state: "{{ (ceph_pkg_source == 'ceph') | ternary('present', 'absent') }}" 25 | 26 | libvirt_packages: 27 | - libvirt-daemon-kvm 28 | - libvirt-client 29 | 30 | libvirt_service_name: libvirtd 31 | 32 | python_ceph_packages: 33 | - python3-cephfs 34 | - python3-rados 35 | - python3-rbd 36 | 37 | _ceph_repo_distro_suffix: rpm 38 | _ceph_repos: 39 | - name: ceph-client-deps 40 | baseurl: "{{ ceph_centos_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}" 41 | description: "Extra Packages for Enterprise Linux {{ ansible_facts['distribution_major_version'] }} - $basearch" 42 | gpgcheck: true 43 | gpgkey: "file:///etc/pki/rpm-gpg/{{ ceph_centos_epel_key.split('/')[-1] }}" 44 | enabled: true 45 | state: "{{ (ceph_pkg_source == 'ceph') | ternary('present', 'absent') }}" 46 | includepkgs: 47 | - fmt 48 | - leveldb 49 | - libarrow 50 | - libarrow-doc 51 | - libbabeltrace 52 | - liboath 53 | - "lttng-ust*" 54 | - parquet-libs 55 | - re2 56 | - thrift 57 | - userspace-rcu 58 | - name: ceph 59 | description: "Ceph packages for $basearch" 60 | file: ceph 61 | baseurl: "{{ ceph_repo_url }}/el$releasever/$basearch" 62 | gpgcheck: true 63 | enabled: true 64 | priority: 50 65 | state: "{{ (ceph_pkg_source == 'ceph') | ternary('present', 'absent') }}" 66 | - name: ceph-noarch 67 | description: "Ceph noarch packages" 68 | file: ceph 69 | baseurl: "{{ ceph_repo_url }}/el$releasever/noarch" 70 | gpgcheck: true 71 | enabled: true 72 | priority: 50 73 | state: "{{ (ceph_pkg_source == 'ceph') | ternary('present', 'absent') }}" 74 | 75 | # TODO mgariepy: add CentOS SIG ceph repo. 76 | -------------------------------------------------------------------------------- /zuul.d/project.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - project: 17 | templates: 18 | - openstack-ansible-linters-jobs 19 | - check-requirements 20 | - openstack-ansible-deploy-ceph-jobs 21 | - publish-openstack-docs-pti 22 | - build-release-notes-jobs-python3 23 | --------------------------------------------------------------------------------