-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy pathcephadm-preflight.yml
339 lines (302 loc) · 13.4 KB
/
cephadm-preflight.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
---
# Copyright Red Hat
# SPDX-License-Identifier: Apache-2.0
#
# This playbook configures the Ceph repository.
# It also installs some prerequisites (podman, lvm2, chronyd, cephadm, ...)
#
# Usage:
#
# ansible-playbook -i <inventory host file> cephadm-preflight.yml
#
# You can limit the execution to a set of hosts by using `--limit` option:
#
# ansible-playbook -i <inventory host file> cephadm-preflight.yml --limit <my_osd_group|my_node_name>
#
# You can override variables using `--extra-vars` parameter:
#
# ansible-playbook -i <inventory host file> cephadm-preflight.yml --extra-vars "ceph_origin=rhcs"
#
- name: Variables validations
ansible.builtin.import_playbook: validate/preflight.yml
- name: Pre-requisites playbook
hosts: all
become: true
gather_facts: true
vars:
repos_4_to_disable:
- rhceph-4-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
- rhceph-4-mon-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
- rhceph-4-osd-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
repos_5_to_disable:
- rhceph-5-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
repos_6_to_disable:
- rhceph-6-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms
packages_to_uninstall:
- ceph-mds
- ceph-mgr
- ceph-mon
- ceph-osd
- ceph-radosgw
- rbd-mirror
tasks:
- name: Import_role ceph_defaults
ansible.builtin.import_role:
name: ceph_defaults
- name: Run Preflight Checks
ansible.builtin.import_tasks: checks.yml
when: ansible_facts['distribution'] == "RedHat"
- name: Redhat family of OS related tasks
when: ansible_facts['os_family'] == 'RedHat'
block:
- name: RHCS related tasks
when: ceph_origin == 'rhcs'
block:
- name: Enable red hat ceph storage tools repository
community.general.rhsm_repository:
name: "rhceph-{{ ceph_rhcs_version }}-tools-for-rhel-{{ ansible_facts['distribution_major_version'] }}-{{ ansible_facts['architecture'] }}-rpms"
- name: Disable older rhceph repositories if any on RHEL{{ ansible_facts['distribution_major_version'] }}
when: ansible_facts['distribution_major_version'] == '8'
community.general.rhsm_repository:
name: "{{ repos_4_to_disable + repos_5_to_disable }}"
state: absent
- name: Disable older rhceph repositories if any on RHEL{{ ansible_facts['distribution_major_version'] }}
when: ansible_facts['distribution_major_version'] == '9'
community.general.rhsm_repository:
name: "{{ repos_5_to_disable + repos_6_to_disable }}"
state: absent
- name: Enable ceph package repositories
when: ceph_origin in ['community', 'ibm']
block:
- name: Set_fact _ceph_repo
ansible.builtin.set_fact:
_ceph_repo:
name: ceph_stable
description: "{{ 'Ceph Stable repo' if ceph_origin == 'community' else 'IBM Ceph repo' }}"
rpm_key: "{{ ceph_stable_key if ceph_origin == 'community' else ceph_ibm_key }}"
baseurl: "{{ ceph_community_repo_baseurl if ceph_origin == 'community' else ceph_ibm_repo_baseurl }}"
paths: "{{ ['noarch', '$basearch'] if ceph_origin == 'community' else ['$basearch'] }}"
- name: Configure ceph repository key
ansible.builtin.rpm_key:
key: "{{ _ceph_repo.rpm_key }}"
state: present
register: result
until: result is succeeded
- name: Configure ceph stable repository
ansible.builtin.yum_repository:
name: "ceph_stable_{{ item }}"
description: "{{ _ceph_repo.description }} - {{ item }}"
gpgcheck: true
state: present
gpgkey: "{{ _ceph_repo.rpm_key }}"
baseurl: "{{ _ceph_repo.baseurl }}/{{ item }}"
file: "ceph_stable_{{ item }}"
priority: '2'
register: result
until: result is succeeded
loop: "{{ _ceph_repo.paths }}"
- name: Enable repo from shaman - dev
when: ceph_origin == 'shaman'
block:
- name: Fetch ceph development repository
ansible.builtin.uri:
url:
"https://shaman.ceph.com/api/repos/ceph/\
{{ ceph_dev_branch }}/\
{{ ceph_dev_sha1 }}/\
centos/{{ ansible_facts['distribution_major_version'] }}/\
repo?arch={{ ansible_facts['architecture'] }}"
return_content: true
register: ceph_dev_yum_repo
- name: Configure ceph development repository
ansible.builtin.copy:
content: "{{ ceph_dev_yum_repo.content }}"
dest: /etc/yum.repos.d/ceph-dev.repo
owner: root
group: root
mode: '0644'
backup: true
- name: Remove ceph_stable repositories
ansible.builtin.yum_repository:
name: '{{ item }}'
file: ceph_stable
state: absent
with_items:
- ceph_stable
- ceph_stable_noarch
- name: Enable custom repo
when: ceph_origin == 'custom'
block:
- name: Set_fact ceph_custom_repositories
ansible.builtin.set_fact:
ceph_custom_repositories:
- name: ceph_custom
description: Ceph custom repo
gpgcheck: "{{ 'yes' if custom_repo_gpgkey is defined else 'no' }}"
state: "{{ custom_repo_state | default('present') }}"
gpgkey: "{{ custom_repo_gpgkey | default(omit) }}"
baseurl: "{{ custom_repo_url }}"
enabled: "{{ custom_repo_enabled | default(1) }}"
file: ceph_custom
priority: '2'
when: ceph_custom_repositories is undefined
- name: Setup custom repositories
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
state: "{{ item.state | default(omit) }}"
gpgcheck: "{{ item.gpgcheck | default(omit) }}"
gpgkey: "{{ item.gpgkey | default(omit) }}"
baseurl: "{{ item.baseurl }}"
file: "{{ item.ceph_custom | default(omit) }}"
priority: "{{ item.priority | default(omit) }}"
enabled: "{{ item.enabled | default(omit) }}"
register: result
until: result is succeeded
loop: "{{ ceph_custom_repositories }}"
- name: Install epel-release
when: ansible_facts['distribution'] != 'RedHat'
block:
- name: Enable required CentOS repository for epel
ansible.builtin.command: dnf config-manager --set-enabled "{{ 'powertools' if ansible_facts['distribution_major_version'] == '8' else 'crb' }}"
changed_when: false
- name: Install epel package
ansible.builtin.package:
name: epel-release
state: present
register: result
until: result is succeeded
- name: Remove remaining local services ceph packages
ansible.builtin.dnf:
name: "{{ packages_to_uninstall }}"
state: absent
autoremove: false
- name: Install ceph-common on rhel
ansible.builtin.package:
name: ceph-common
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
register: result
until: result is succeeded
- name: Install prerequisites packages on servers
ansible.builtin.package:
name: "{{ ceph_pkgs + infra_pkgs }}"
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
register: result
until: result is succeeded
when: group_names != [client_group]
- name: Install prerequisites packages on clients
ansible.builtin.package:
name: "{{ ceph_client_pkgs }}"
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
register: result
until: result is succeeded
when: client_group in group_names
- name: Ensure chronyd is running
ansible.builtin.service:
name: chronyd
state: started
enabled: true
- name: Ensure firewalld is enabled and running
ansible.builtin.systemd:
name: firewalld
state: started
enabled: true
register: firewall_status
failed_when: false
- name: Ubuntu related tasks
when: ansible_facts['distribution'] == 'Ubuntu'
block:
- name: Enable repo from download.ceph.com
block:
- name: Prevent ceph certificate error
ansible.builtin.apt:
name: ca-certificates
state: present
update_cache: true
register: result
until: result is succeeded
- name: Configure ceph community repository stable key
ansible.builtin.apt_key:
url: "{{ ceph_stable_key }}"
state: present
- name: Configure Ceph community repository
when: ceph_origin == 'community'
ansible.builtin.apt_repository:
repo: "deb https://download.ceph.com/debian-{{ ceph_release }}/ {{ ansible_facts['distribution_release'] }} main"
state: present
filename: ceph
update_cache: false
- name: Configure Ceph testing repository
when: ceph_origin == 'testing'
ansible.builtin.apt_repository:
repo: "deb https://download.ceph.com/debian-testing/ {{ ansible_facts['distribution_release'] }} main"
state: present
filename: ceph
update_cache: false
- name: Configure Ceph custom repositories
when: ceph_origin == 'custom'
ansible.builtin.apt_repository:
repo: "deb {{ item.baseurl }}/ {{ ansible_facts['distribution_release'] }} {{ item.components }}"
state: "{{ item.state | default(omit) }}"
filename: ceph_custom
update_cache: false
loop: "{{ ceph_custom_repositories }}"
- name: Install prerequisites packages
ansible.builtin.apt:
name: "{{ ['python3', 'chrony'] + ceph_pkgs }}"
state: "{{ (upgrade_ceph_packages | bool) | ternary('latest', 'present') }}"
update_cache: true
register: result
until: result is succeeded
- name: Ensure chronyd is running
ansible.builtin.service:
name: chronyd
state: started
enabled: true
- name: Install container engine
block:
- name: Install podman
when: ansible_facts['distribution_version'] is version('20.10', '>=')
ansible.builtin.apt:
name: podman
state: present
update_cache: true
register: result
until: result is succeeded
- name: Install docker
when: ansible_facts['distribution_version'] is version('20.10', '<')
block:
- name: Uninstall old version packages
ansible.builtin.apt:
name: "{{ item }}"
state: absent
loop:
- docker
- docker-engine
- docker.io
- containerd
- runc
- name: Configure docker repository key
ansible.builtin.apt_key:
url: "https://download.docker.com/linux/ubuntu/gpg"
state: present
- name: Setup docker repository
ansible.builtin.apt_repository:
repo: "deb https://download.docker.com/linux/ubuntu {{ ansible_facts['distribution_release'] }} stable"
state: present
filename: docker
update_cache: false
- name: Install docker
ansible.builtin.apt:
name: "{{ item }}"
state: present
update_cache: true
register: result
until: result is succeeded
loop:
- docker-ce
- docker-ce-cli
- containerd.io
- name: Set insecure container registry in /etc/containers/registries.conf
ansible.builtin.import_playbook: cephadm-set-container-insecure-registries.yml
when: set_insecure_registries | default(false) | bool