Add a playbook to generate Kayobe configuration for Ceph via Cephadm

markgoddard · markgoddard · commit 6db34c494e7e · 2022-07-28T20:31:20.000+01:00
diff --git a/etc/kayobe/ansible/cephadm-gather-keys.yml b/etc/kayobe/ansible/cephadm-gather-keys.yml
@@ -0,0 +1,82 @@
+---
+- name: Gather Ceph configuration and keys and populate kayobe-config
+  gather_facts: false
+  hosts: mons
+  run_once: true
+  tags:
+    - cephadm
+    - cephadm-gather-keys
+  vars:
+    # Map from an OpenStack service to the directory in which to store Ceph keys for it.
+    kolla_service_to_key_dir:
+      cinder-backup: cinder/cinder-backup
+      cinder-volume: cinder/cinder-volume
+      glance: glance
+      manila: manila
+      nova: nova
+    # Map from an OpenStack service to the directory in which to store Ceph configuration for it.
+    kolla_service_to_conf_dir:
+      cinder-backup: cinder
+      cinder-volume: cinder
+      glance: glance
+      manila: manila
+      nova: nova
+  tasks:
+    - name: Get Ceph keys
+      stackhpc.cephadm.cephadm_key:
+        name: "{{ item }}"
+        state: info
+      register: cephadm_key_info
+      become: true
+      loop: "{{ kolla_ceph_services | selectattr('required') | map(attribute='keys') | flatten | unique }}"
+
+    - name: Generate ceph.conf
+      command: "cephadm shell -- ceph config generate-minimal-conf"
+      become: true
+      register: cephadm_ceph_conf
+      changed_when: false
+
+    - name: Ensure Kolla config directories are present
+      file:
+        state: directory
+        path: "{{ kayobe_env_config_path }}/kolla/config/{{ kolla_service_to_key_dir[item.name] }}"
+      loop: "{{ kolla_ceph_services | selectattr('required') }}"
+      loop_control:
+        label:
+          service: "{{ item.name }}"
+      delegate_to: localhost
+
+    - name: Save Ceph keys to Kayobe configuration
+      vars:
+        key_info: "{{ cephadm_key_info.results | selectattr('item', 'equalto', item.1) | first }}"
+        cephadm_key: "{{ (key_info.stdout | from_json | first)['key'] }}"
+        cephadm_user: "{{ (key_info.stdout | from_json | first)['entity'] }}"
+      copy:
+        content: "{{ cephadm_key }}"
+        dest: "{{ kayobe_env_config_path }}/kolla/config/{{ kolla_service_to_key_dir[item.0.name] }}/ceph.{{ cephadm_user }}.keyring"
+      loop: "{{ query('subelements', kolla_ceph_services | selectattr('required'), 'keys') }}"
+      loop_control:
+        label:
+          service: "{{ item.0.name }}"
+          key: "{{ item.1 }}"
+      delegate_to: localhost
+      notify: Please add and commit the Kayobe configuration
+
+    - name: Save ceph.conf to Kayobe configuration
+      copy:
+        content: "{{ cephadm_ceph_conf.stdout }}"
+        dest: "{{ kayobe_env_config_path }}/kolla/config/{{ kolla_service_to_conf_dir[item.0.name] }}/ceph.conf"
+      loop: "{{ query('subelements', kolla_ceph_services | selectattr('required'), 'keys') }}"
+      loop_control:
+        label:
+          service: "{{ item.0.name }}"
+          key: "{{ item.1 }}"
+      delegate_to: localhost
+      notify: Please add and commit the Kayobe configuration
+
+  handlers:
+    - name: Please add and commit the Kayobe configuration
+      debug:
+        msg: >-
+          Please add and commit the Ceph configuration files and keys in Kayobe
+          configuration. Remember to encrypt the keys using Ansible Vault.
diff --git a/etc/kayobe/cephadm.yml b/etc/kayobe/cephadm.yml
@@ -56,3 +56,45 @@ cephadm_cluster_network: "{{ storage_mgmt_net_name | net_cidr }}"
 
 # List of Cephx keys. See stackhpc.cephadm.keys role for format.
 #cephadm_keys:
+
+###############################################################################
+# Kolla Ceph auto-configuration.
+
+# List of Kolla Ansible services that require Ceph configuration files.
+kolla_ceph_services:
+  - name: cinder-backup
+    keys:
+      - client.cinder
+      - client.cinder-backup
+    required: "{{ kolla_ceph_cinder_backup_required | bool }}"
+  - name: cinder-volume
+    keys:
+      - client.cinder
+    required: "{{ kolla_ceph_cinder_volume_required | bool }}"
+  - name: glance
+    keys:
+      - client.glance
+    required: "{{ kolla_ceph_glance_required | bool }}"
+  - name: manila
+    keys:
+      - client.manila
+    required: "{{ kolla_ceph_manila_required | bool }}"
+  - name: nova
+    keys:
+      - client.cinder
+    required: "{{ kolla_ceph_nova_required | bool }}"
+
+# Whether to generate Ceph configuration for Cinder volume.
+kolla_ceph_cinder_volume_required: "{{ kolla_enable_cinder | bool }}"
+
+# Whether to generate Ceph configuration for Cinder backup.
+kolla_ceph_cinder_backup_required: "{{ kolla_enable_cinder_backup | default(false) | bool }}"
+
+# Whether to generate Ceph configuration for Glance.
+kolla_ceph_glance_required: "{{ kolla_enable_glance | bool }}"
+
+# Whether to generate Ceph configuration for Manila.
+kolla_ceph_manila_required: "{{ kolla_enable_manila | bool }}"
+
+# Whether to generate Ceph configuration for Nova.
+kolla_ceph_nova_required: "{{ kolla_enable_nova | bool }}"
