Merge pull request #65 from /issues/62

Fix cephadm bootstrap host delegation issues

Author: markgoddard

roles/cephadm/README.md

@@ -33,6 +33,7 @@ All Ceph hosts must be in the `ceph` group.
   * `cephadm_custom_repos`: If enabled - the role won't define yum/apt repositories (default: False)
   * `cephadm_package_update`: If enabled - cephadm package will be updated to latest version (default: False)
   * Bootstrap settings
+    * `cephadm_bootstrap_host`: The host on which to bootstrap Ceph (default: `groups['mons'][0]`)
     * `cephadm_enable_dashboard`: If enabled - dashboard service on MGR will be enabled (default: False)
     * `cephadm_enable_firewalld`: If enabled - firewalld will be installed and rules will be applied (default: False)
     * `cephadm_enable_monitoring`: If enabled - cephadm monitoring stack will be deployed i.e. prometheus/node-exporters/grafana (default: False)

roles/cephadm/defaults/main.yml

@@ -15,6 +15,7 @@ cephadm_registry_url: ""
 cephadm_registry_username: ""
 cephadm_registry_password: ""
 # Bootstrap settings
+cephadm_bootstrap_host: "{{ groups['mons'][0] }}"
 cephadm_enable_dashboard: False
 cephadm_enable_firewalld: False
 cephadm_enable_monitoring: False

roles/cephadm/tasks/bootstrap.yml

@@ -1,83 +1,78 @@
 ---
 - name: Bootstrap cephadm
-  block:
-  - name: Bootstrap cephadm
-    vars:
-      mon_ip: "{{ hostvars[inventory_hostname].ansible_facts[cephadm_public_interface].ipv4.address }}"
-      monitoring_stack: "{{ '--skip-monitoring-stack' if not (cephadm_enable_monitoring | bool) else '' }}"
-      dashboard: "{{ '--skip-dashboard' if not cephadm_enable_dashboard | bool else '' }}"
-      firewalld: "{{ '--skip-firewalld' if not cephadm_enable_firewalld | bool else '' }}"
-    command:
-      cmd: >
-           cephadm
-           {% if cephadm_image | length > 0 %}
-           --image={{ cephadm_image }}
-           {% endif %}
-           bootstrap
-           {{ monitoring_stack }}
-           {{ dashboard }}
-           {{ firewalld }}
-           --ssh-private-key={{ cephadm_ssh_private_key }}
-           --ssh-public-key={{ cephadm_ssh_public_key }}
-           {% if cephadm_ssh_user | length > 0 %}
-           --ssh-user "{{ cephadm_ssh_user }}"
-           {% endif %}
-           {% if cephadm_registry_url | length > 0 %}
-           --registry-url={{ cephadm_registry_url }}
-           --registry-username={{ cephadm_registry_username }}
-           --registry-password={{ cephadm_registry_password }}
-           {% endif %}
-           --skip-pull
-           {% if cephadm_fsid | length > 0 %}
-           --fsid={{ cephadm_fsid }}
-           {% endif %}
-           --mon-ip={{ mon_ip }}
-           {{ cephadm_bootstrap_additional_parameters }}
-    become: true
-    when: not cephadm_check_ceph_conf.stat.exists
+  vars:
+    mon_ip: "{{ hostvars[inventory_hostname].ansible_facts[cephadm_public_interface].ipv4.address }}"
+    monitoring_stack: "{{ '--skip-monitoring-stack' if not (cephadm_enable_monitoring | bool) else '' }}"
+    dashboard: "{{ '--skip-dashboard' if not cephadm_enable_dashboard | bool else '' }}"
+    firewalld: "{{ '--skip-firewalld' if not cephadm_enable_firewalld | bool else '' }}"
+  command:
+    cmd: >
+         cephadm
+         {% if cephadm_image | length > 0 %}
+         --image={{ cephadm_image }}
+         {% endif %}
+         bootstrap
+         {{ monitoring_stack }}
+         {{ dashboard }}
+         {{ firewalld }}
+         --ssh-private-key={{ cephadm_ssh_private_key }}
+         --ssh-public-key={{ cephadm_ssh_public_key }}
+         {% if cephadm_ssh_user | length > 0 %}
+         --ssh-user "{{ cephadm_ssh_user }}"
+         {% endif %}
+         {% if cephadm_registry_url | length > 0 %}
+         --registry-url={{ cephadm_registry_url }}
+         --registry-username={{ cephadm_registry_username }}
+         --registry-password={{ cephadm_registry_password }}
+         {% endif %}
+         --skip-pull
+         {% if cephadm_fsid | length > 0 %}
+         --fsid={{ cephadm_fsid }}
+         {% endif %}
+         --mon-ip={{ mon_ip }}
+         {{ cephadm_bootstrap_additional_parameters }}
+  become: true
+  when: not cephadm_check_ceph_conf.stat.exists
 
-  - name: Set public network
-    command:
-      cmd: "cephadm shell -- ceph config set global public_network {{ cephadm_public_network }}"
-    become: true
+- name: Set public network
+  command:
+    cmd: "cephadm shell -- ceph config set global public_network {{ cephadm_public_network }}"
+  become: true
 
-  - name: Set cluster network
-    command:
-      cmd: "cephadm shell -- ceph config set global cluster_network {{ cephadm_cluster_network }}"
-    when: cephadm_cluster_network | length > 0
-    become: true
+- name: Set cluster network
+  command:
+    cmd: "cephadm shell -- ceph config set global cluster_network {{ cephadm_cluster_network }}"
+  when: cephadm_cluster_network | length > 0
+  become: true
 
-  - name: Get cluster fsid
-    command:
-      cmd: "cephadm shell -- ceph fsid"
-    when: cephadm_fsid | length == 0
-    become: true
-    register: cephadm_fsid_current
+- name: Get cluster fsid
+  command:
+    cmd: "cephadm shell -- ceph fsid"
+  when: cephadm_fsid | length == 0
+  become: true
+  register: cephadm_fsid_current
 
-  - name: Template out cluster.yml
-    vars:
-      fsid: "{{ cephadm_fsid if cephadm_fsid | length > 0 else cephadm_fsid_current.stdout }}"
-    template:
-      src: "templates/cluster.yml.j2"
-      dest: "/var/run/ceph/{{ fsid }}/cephadm_cluster.yml"
-      owner: root
-      group: root
-      mode: 0644
-    become: true
-    run_once: True
-
-  - name: Apply spec
-    command:
-      cmd: >
-           cephadm shell --
-           ceph orch apply -i /var/run/ceph/cephadm_cluster.yml
-    become: true
+- name: Template out cluster.yml
+  vars:
+    fsid: "{{ cephadm_fsid if cephadm_fsid | length > 0 else cephadm_fsid_current.stdout }}"
+  template:
+    src: "templates/cluster.yml.j2"
+    dest: "/var/run/ceph/{{ fsid }}/cephadm_cluster.yml"
+    owner: root
+    group: root
+    mode: 0644
+  become: true
+  run_once: True
 
-  - name: Install ceph cli on mon hosts
-    command:
-      cmd: "cephadm install ceph"
-    become: true
-    when: cephadm_install_ceph_cli
+- name: Apply spec
+  command:
+    cmd: >
+         cephadm shell --
+         ceph orch apply -i /var/run/ceph/cephadm_cluster.yml
+  become: true
 
-  delegate_to: "{{ groups['mons'][0] }}"
-  run_once: True
+- name: Install ceph cli on mon hosts
+  command:
+    cmd: "cephadm install ceph"
+  become: true
+  when: cephadm_install_ceph_cli

roles/cephadm/tasks/destroy.yml

@@ -4,16 +4,17 @@
     cmd: "cephadm shell -- ceph fsid"
   become: true
   register: cephadm_destroy_fsid
-  delegate_to: "{{ groups['mons'][0] }}"
-  run_once: True
   changed_when: false
   failed_when: false
+  when: inventory_hostname == cephadm_bootstrap_host
 
 - name: Destroy cluster
+  vars:
+    fsid_result: "{{ hostvars[cephadm_bootstrap_host].cephadm_destroy_fsid }}"
   command:
-    cmd: "cephadm rm-cluster --fsid {{ cephadm_destroy_fsid.stdout }} --force"
+    cmd: "cephadm rm-cluster --fsid {{ fsid_result.stdout }} --force"
   become: true
-  when: cephadm_destroy_fsid.rc != 1
+  when: fsid_result.rc != 1
 
 - name: Remove ssh keys
   file:

roles/cephadm/tasks/main.yml

@@ -1,15 +1,27 @@
 ---
 - include_tasks: "destroy.yml"
-  when: cephadm_recreate | bool
+  when:
+    - cephadm_recreate | bool
 
 - include_tasks: "prechecks.yml"
   when: not cephadm_skip_prechecks | bool
 
 - include_tasks: "pkg_{{ ansible_facts.os_family | lower }}.yml"
 
-- include_tasks: "prereqs.yml"
+- include_tasks: "prereqs_bootstrap.yml"
+  when:
+    - inventory_hostname == cephadm_bootstrap_host
+
+- import_tasks: "prereqs.yml"
 
 - include_tasks: "bootstrap.yml"
-  when: cephadm_bootstrap | bool
+  when:
+    - cephadm_bootstrap | bool
+    - inventory_hostname == cephadm_bootstrap_host
+
+- import_tasks: "osds.yml"
 
-- include_tasks: "osds.yml"
+- include_tasks: "osds_spec.yml"
+  when:
+    - cephadm_osd_spec | length > 0
+    - inventory_hostname == cephadm_bootstrap_host

roles/cephadm/tasks/osds.yml

@@ -11,36 +11,3 @@
   delegate_to: "{{ omit if 'mons' in group_names else groups['mons'][0] }}"
   when: cephadm_osd_devices | length > 0
   with_items: "{{ cephadm_osd_devices }}"
-
-- name: Add OSDs
-  block:
-  - name: Get cluster fsid
-    command:
-      cmd: "cephadm shell -- ceph fsid"
-    when: cephadm_fsid | length == 0
-    become: true
-    register: cephadm_fsid_current
-    changed_when: false
-
-  - name: Template out osd_spec.yml
-    vars:
-      fsid: "{{ cephadm_fsid if cephadm_fsid | length > 0 else cephadm_fsid_current.stdout }}"
-    copy:
-      content: "{{ cephadm_osd_spec | to_nice_yaml if cephadm_osd_spec is mapping else cephadm_osd_spec }}"
-      dest: "/var/run/ceph/{{ fsid }}/osd_spec.yml"
-      owner: root
-      group: root
-      mode: 0644
-    when: cephadm_osd_spec | length > 0
-    become: true
-
-  - name: Apply OSDs spec
-    command:
-      cmd: >
-           cephadm shell --
-           ceph orch apply -i /var/run/ceph/osd_spec.yml
-    when: cephadm_osd_spec | length > 0
-    become: true
-
-  delegate_to: "{{ groups['mons'][0] }}"
-  run_once: True

roles/cephadm/tasks/osds_spec.yml

@@ -0,0 +1,26 @@
+---
+- name: Get cluster fsid
+  command:
+    cmd: "cephadm shell -- ceph fsid"
+  when: cephadm_fsid | length == 0
+  become: true
+  register: cephadm_fsid_current
+  changed_when: false
+
+- name: Template out osd_spec.yml
+  vars:
+    fsid: "{{ cephadm_fsid if cephadm_fsid | length > 0 else cephadm_fsid_current.stdout }}"
+  copy:
+    content: "{{ cephadm_osd_spec | to_nice_yaml if cephadm_osd_spec is mapping else cephadm_osd_spec }}"
+    dest: "/var/run/ceph/{{ fsid }}/osd_spec.yml"
+    owner: root
+    group: root
+    mode: 0644
+  become: true
+
+- name: Apply OSDs spec
+  command:
+    cmd: >
+         cephadm shell --
+         ceph orch apply -i /var/run/ceph/osd_spec.yml
+  become: true

roles/cephadm/tasks/prereqs.yml

@@ -1,60 +1,9 @@
 ---
-- name: Prepare cephadm bootstrap dependencies
-  block:
-  - name: Ensure /etc/ceph directory exists
-    file:
-      path: /etc/ceph
-      state: directory
-      owner: root
-      group: root
-      mode: 0755
-    become: true
-
-  - name: Check if /etc/ceph/ceph.conf exists
-    stat:
-      path: /etc/ceph/ceph.conf
-    register: cephadm_check_ceph_conf
-
-  - name: Check if cephadm ssh key exists
-    stat:
-      path: "{{ cephadm_ssh_private_key }}"
-    register: cephadm_check_ceph_id
-
-  - name: Generate ssh key for cephadm
-    openssh_keypair:
-      path: "{{ cephadm_ssh_private_key }}"
-      size: 4096
-      comment: "ceph-{{ cephadm_fsid }}"
-    when: not cephadm_check_ceph_id.stat.exists
-    register: cephadm_ssh_key
-    become: true
-
-  - name: Save public key
-    copy:
-      content: "{{ cephadm_ssh_key.public_key | default }}"
-      dest: "{{ cephadm_ssh_public_key }}"
-      owner: root
-      group: root
-      mode: 0644
-    become: true
-    when: not cephadm_check_ceph_id.stat.exists
-
-  - name: Slurp public key if already exist
-    slurp:
-      src: "{{ cephadm_ssh_public_key }}"
-    register: cephadm_ssh_public_key_slurp
-    when: cephadm_check_ceph_id.stat.exists
-
-  delegate_to: "{{ groups['mons'][0] }}"
-  run_once: True
-
 - name: Copy cephadm public key to all hosts
-  vars:
-    content: "{{ cephadm_ssh_public_key_slurp.content | b64decode if cephadm_check_ceph_id.stat.exists else cephadm_ssh_key.public_key }}"
   authorized_key:
     user: "{{ cephadm_ssh_user }}"
     state: present
-    key: "{{ content }}"
+    key: "{{ hostvars[cephadm_bootstrap_host].cephadm_ssh_public_key_content }}"
   when: "cephadm_ssh_user | length > 0"
   become: true
 

roles/cephadm/tasks/prereqs_bootstrap.yml

@@ -0,0 +1,48 @@
+---
+- name: Ensure /etc/ceph directory exists
+  file:
+    path: /etc/ceph
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  become: true
+
+- name: Check if /etc/ceph/ceph.conf exists
+  stat:
+    path: /etc/ceph/ceph.conf
+  register: cephadm_check_ceph_conf
+
+- name: Check if cephadm ssh key exists
+  stat:
+    path: "{{ cephadm_ssh_private_key }}"
+  register: cephadm_check_ceph_id
+
+- name: Generate ssh key for cephadm
+  openssh_keypair:
+    path: "{{ cephadm_ssh_private_key }}"
+    size: 4096
+    comment: "ceph-{{ cephadm_fsid }}"
+  when: not cephadm_check_ceph_id.stat.exists
+  register: cephadm_ssh_key
+  become: true
+
+- name: Save public key
+  copy:
+    content: "{{ cephadm_ssh_key.public_key | default }}"
+    dest: "{{ cephadm_ssh_public_key }}"
+    owner: root
+    group: root
+    mode: 0644
+  become: true
+  when: not cephadm_check_ceph_id.stat.exists
+
+- name: Slurp public key
+  slurp:
+    src: "{{ cephadm_ssh_public_key }}"
+  register: cephadm_ssh_public_key_slurp
+  when: cephadm_check_ceph_id.stat.exists
+
+- name: Set a fact about the SSH public key
+  set_fact:
+    cephadm_ssh_public_key_content: "{{ cephadm_ssh_public_key_slurp.content | b64decode if cephadm_check_ceph_id.stat.exists else cephadm_ssh_key.public_key }}"