-
Notifications
You must be signed in to change notification settings - Fork 54
/
cephadm-preflight.yml
325 lines (291 loc) · 12.5 KB
/
cephadm-preflight.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
---
# Copyright Red Hat
# SPDX-License-Identifier: Apache-2.0
#
# This playbook configures the Ceph repository.
# It also installs some prerequisites (podman, lvm2, chronyd, cephadm, ...)
#
# Usage:
#
# ansible-playbook -i <inventory host file> cephadm-preflight.yml
#
# You can limit the execution to a set of hosts by using `--limit` option:
#
# ansible-playbook -i <inventory host file> cephadm-preflight.yml --limit <my_osd_group|my_node_name>
#
# You can override variables using `--extra-vars` parameter:
#
# ansible-playbook -i <inventory host file> cephadm-preflight.yml --extra-vars "ceph_origin=rhcs"
#
- name: variables validations
ansible.builtin.import_playbook: validate/preflight.yml
- hosts: all
become: true
gather_facts: true
vars:
repos_4_to_disable:
- rhceph-4-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
- rhceph-4-mon-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
- rhceph-4-osd-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
repos_5_to_disable:
- rhceph-5-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
repos_6_to_disable:
- rhceph-6-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
packages_to_uninstall:
- ceph-mds
- ceph-mgr
- ceph-mon
- ceph-osd
- ceph-radosgw
- rbd-mirror
tasks:
- name: import_role ceph_defaults
import_role:
name: ceph_defaults
- name: redhat family of OS related tasks
when: ansible_facts['os_family'] == 'RedHat'
block:
- name: rhcs related tasks
when: ceph_origin == 'rhcs'
block:
- name: enable red hat ceph storage tools repository
rhsm_repository:
name: "rhceph-{{ ceph_rhcs_version }}-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms"
- name: disable older rhceph repositories if any on RHEL{{ansible_facts['distribution_major_version']}}
when: ansible_facts['distribution_major_version'] == '8'
rhsm_repository:
name: "{{ repos_4_to_disable + repos_5_to_disable }}"
state: absent
- name: disable older rhceph repositories if any on RHEL{{ansible_facts['distribution_major_version']}}
when: ansible_facts['distribution_major_version'] == '9'
rhsm_repository:
name: "{{ repos_5_to_disable + repos_6_to_disable }}"
state: absent
- name: enable ceph package repositories
when: ceph_origin in ['community', 'ibm']
block:
- name: set_fact _ceph_repo
set_fact:
_ceph_repo:
name: ceph_stable
description: "{{ 'Ceph Stable repo' if ceph_origin == 'community' else 'IBM Ceph repo' }}"
rpm_key: "{{ ceph_stable_key if ceph_origin == 'community' else ceph_ibm_key }}"
baseurl: "{{ ceph_community_repo_baseurl if ceph_origin == 'community' else ceph_ibm_repo_baseurl }}"
paths: "{{ [ 'noarch', '$basearch' ] if ceph_origin == 'community' else [ '$basearch' ] }}"
- name: configure ceph repository key
rpm_key:
key: "{{ _ceph_repo.rpm_key }}"
state: present
register: result
until: result is succeeded
- name: configure ceph stable repository
yum_repository:
name: "ceph_stable_{{ item }}"
description: "{{ _ceph_repo.description }} - {{ item }}"
gpgcheck: true
state: present
gpgkey: "{{ _ceph_repo.rpm_key }}"
baseurl: "{{ _ceph_repo.baseurl }}/{{ item }}"
file: "ceph_stable_{{ item }}"
priority: '2'
register: result
until: result is succeeded
loop: "{{ _ceph_repo.paths }}"
- name: enable repo from shaman - dev
when: ceph_origin == 'shaman'
block:
- name: fetch ceph development repository
uri:
url:
"https://shaman.ceph.com/api/repos/ceph/\
{{ ceph_dev_branch }}/\
{{ ceph_dev_sha1 }}/\
centos/{{ ansible_facts['distribution_major_version'] }}/\
repo?arch={{ ansible_facts['architecture'] }}"
return_content: true
register: ceph_dev_yum_repo
- name: configure ceph development repository
copy:
content: "{{ ceph_dev_yum_repo.content }}"
dest: /etc/yum.repos.d/ceph-dev.repo
owner: root
group: root
mode: '0644'
backup: true
- name: remove ceph_stable repositories
yum_repository:
name: '{{ item }}'
file: ceph_stable
state: absent
with_items:
- ceph_stable
- ceph_stable_noarch
- name: enable custom repo
when: ceph_origin == 'custom'
block:
- name: set_fact ceph_custom_repositories
set_fact:
ceph_custom_repositories:
- name: ceph_custom
description: Ceph custom repo
gpgcheck: "{{ 'yes' if custom_repo_gpgkey is defined else 'no' }}"
state: "{{ custom_repo_state | default('present') }}"
gpgkey: "{{ custom_repo_gpgkey | default(omit) }}"
baseurl: "{{ custom_repo_url }}"
enabled: "{{ custom_repo_enabled | default(1) }}"
file: ceph_custom
priority: '2'
when: ceph_custom_repositories is undefined
- name: setup custom repositories
yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
state: "{{ item.state | default(omit) }}"
gpgcheck: "{{ item.gpgcheck | default(omit) }}"
gpgkey: "{{ item.gpgkey | default(omit) }}"
baseurl: "{{ item.baseurl }}"
file: "{{ item.ceph_custom | default(omit) }}"
priority: "{{ item.priority | default(omit) }}"
enabled: "{{ item.enabled | default(omit) }}"
register: result
until: result is succeeded
loop: "{{ ceph_custom_repositories }}"
- name: install epel-release
when: ansible_facts['distribution'] != 'RedHat'
block:
- name: enable required CentOS repository for epel
command: dnf config-manager --set-enabled "{{ 'powertools' if ansible_facts['distribution_major_version'] == '8' else 'crb' }}"
changed_when: false
- name: install epel package
package:
name: epel-release
state: present
register: result
until: result is succeeded
- name: remove remaining local services ceph packages
dnf:
name: "{{ packages_to_uninstall }}"
state: absent
autoremove: false
- name: install ceph-common on rhel
package:
name: ceph-common
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
register: result
until: result is succeeded
- name: install prerequisites packages on servers
package:
name: "{{ ceph_pkgs + infra_pkgs }}"
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
register: result
until: result is succeeded
when: group_names != [client_group]
- name: install prerequisites packages on clients
package:
name: "{{ ceph_client_pkgs }}"
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
register: result
until: result is succeeded
when: client_group in group_names
- name: ensure chronyd is running
service:
name: chronyd
state: started
enabled: true
- name: Ubuntu related tasks
when: ansible_facts['distribution'] == 'Ubuntu'
block:
- name: enable repo from download.ceph.com
block:
- name: prevent ceph certificate error
apt:
name: ca-certificates
state: latest
update_cache: true
register: result
until: result is succeeded
- name: configure ceph community repository stable key
apt_key:
url: "{{ ceph_stable_key }}"
state: present
- name: configure Ceph community repository
when: ceph_origin == 'community'
apt_repository:
repo: "deb https://download.ceph.com/debian-{{ ceph_release }}/ {{ ansible_facts['distribution_release'] }} main"
state: present
filename: ceph
update_cache: false
- name: configure Ceph testing repository
when: ceph_origin == 'testing'
apt_repository:
repo: "deb https://download.ceph.com/debian-testing/ {{ ansible_facts['distribution_release'] }} main"
state: present
filename: ceph
update_cache: false
- name: configure Ceph custom repositories
when: ceph_origin == 'custom'
apt_repository:
repo: "deb {{ item.baseurl }}/ {{ ansible_facts['distribution_release'] }} {{ item.components }}"
state: "{{ item.state | default(omit) }}"
filename: ceph_custom
update_cache: false
loop: "{{ ceph_custom_repositories }}"
- name: install prerequisites packages
apt:
name: "{{ ['python3','chrony'] + ceph_pkgs }}"
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
update_cache: true
register: result
until: result is succeeded
- name: ensure chronyd is running
service:
name: chronyd
state: started
enabled: true
- name: install container engine
block:
- name: install podman
when: ansible_facts['distribution_version'] is version('20.10', '>=')
apt:
name: podman
state: present
update_cache: true
register: result
until: result is succeeded
- name: install docker
when: ansible_facts['distribution_version'] is version('20.10', '<')
block:
- name: uninstall old version packages
apt:
name: "{{ item }}"
state: absent
loop:
- docker
- docker-engine
- docker.io
- containerd
- runc
- name: configure docker repository key
apt_key:
url: "https://download.docker.com/linux/ubuntu/gpg"
state: present
- name: setup docker repository
apt_repository:
repo: "deb https://download.docker.com/linux/ubuntu {{ ansible_facts['distribution_release'] }} stable"
state: present
filename: docker
update_cache: false
- name: install docker
apt:
name: "{{ item }}"
state: present
update_cache: true
register: result
until: result is succeeded
loop:
- docker-ce
- docker-ce-cli
- containerd.io
- name: set insecure container registry in /etc/containers/registries.conf
ansible.builtin.import_playbook: cephadm-set-container-insecure-registries.yml
when: set_insecure_registries | default(false) | bool