Use sudo-enabled user for bootstrap

cityofships · cityofships · commit ea9b9f8f4423 · 2021-12-06T12:47:27.000+01:00
diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: "stackhpc"
 name: "cephadm"
-version: "1.3.0"
+version: "1.4.0"
 readme: "README.md"
 authors:
   - "Michal Nasiadka"
diff --git a/roles/cephadm/README.md b/roles/cephadm/README.md
@@ -1,10 +1,15 @@
-cephadm
-=======
+# cephadm
 
 This role bootstraps and configures Ceph using cephadm.
 
-Inventory
----------
+## Prerequisites
+
+### Host prerequisites
+
+* The role assumes target hosts connection over SSH with user that has passwordless sudo configured.
+* Either direct Internet access or private registry with desired Ceph image accessible to all hosts is required.
+
+### Inventory
 
 This role assumes the existence of the following groups:
 
@@ -19,8 +24,7 @@ Optional groups (those services will be deployed when group exists)::
 
 All Ceph hosts must be in the `ceph` group.
 
-Role variables
---------------
+## Role variables
 
 * General
   * `cephadm_ceph_release`: Ceph release to deploy (default: octopus)
@@ -35,6 +39,7 @@ Role variables
     * `cephadm_install_ceph_cli`: If enabled - ceph cli will be installed on the hosts (default: False)
     * `cephadm_ssh_public_key`: Location where ssh public key used by cephadm will be saved (default: /etc/ceph/cephadm.pub)
     * `cephadm_ssh_private_key`: Location where ssh private key used by cephadm will be saved (default: /etc/ceph/cephadm.id)
+    * `cephadm_ssh_user`: Pre-existing user name that should be used for bootstrapping the cluster. User must have passwordless sudo enabled. Since 1.4.0 (default: `ansible_user`)
   * OSDs
     * `cephadm_osd_devices`: List of /dev/device paths to use (e.g. for multipath devices that can't be used using an OSD spec)
       Example:
@@ -56,7 +61,7 @@ Role variables
             db_devices:
               model: Dell Express Flash PM1725b 1.6TB SFF
       ```
-    
+
 * Registry
     * `cephadm_registry_url`: (default: not used)
     * `cephadm_registry_username`: (default: not used)
diff --git a/roles/cephadm/defaults/main.yml b/roles/cephadm/defaults/main.yml
@@ -19,6 +19,7 @@ cephadm_enable_monitoring: False
 cephadm_install_ceph_cli: False
 cephadm_ssh_public_key: "/etc/ceph/cephadm.pub"
 cephadm_ssh_private_key: "/etc/ceph/cephadm.id"
+cephadm_ssh_user: "{{ ansible_user }}"
 # Networking
 cephadm_public_interface: ""
 cephadm_cluster_interface: ""
diff --git a/roles/cephadm/tasks/bootstrap.yml b/roles/cephadm/tasks/bootstrap.yml
@@ -15,6 +15,7 @@
            {{ firewalld }}
            --ssh-private-key={{ cephadm_ssh_private_key }}
            --ssh-public-key={{ cephadm_ssh_public_key }}
+           --ssh-user "{{ cephadm_ssh_user }}"
            {% if cephadm_registry_url | length > 0 %}
            --registry-url={{ cephadm_registry_url }}
            --registry-username={{ cephadm_registry_username }}
diff --git a/roles/cephadm/tasks/prereqs.yml b/roles/cephadm/tasks/prereqs.yml
@@ -52,7 +52,7 @@
   vars:
     content: "{{ cephadm_ssh_public_key_slurp.content | b64decode if cephadm_check_ceph_id.stat.exists else cephadm_ssh_key.public_key }}"
   authorized_key:
-    user: root
+    user: "{{ cephadm_ssh_user }}"
     state: present
     key: "{{ content }}"
   become: true
