|
6 | 6 | vars: |
7 | 7 | venv: "{{ virtualenv_path }}/openstack" |
8 | 8 | tasks: |
9 | | - - name: Set up openstack cli virtualenv |
10 | | - pip: |
11 | | - virtualenv: "{{ venv }}" |
12 | | - virtualenv_command: "/usr/bin/python3 -m venv" |
13 | | - name: |
14 | | - - python-openstackclient |
15 | | - state: latest |
16 | | - extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" |
17 | | - run_once: true |
18 | | - delegate_to: "{{ groups['controllers'][0] }}" |
19 | | - vars: |
20 | | - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
| 9 | + - name: Deploy RADOS gateway usage exporter |
21 | 10 | when: stackhpc_enable_radosgw_usage_exporter |
| 11 | + block: |
| 12 | + - name: Set up openstack cli virtualenv |
| 13 | + ansible.builtin.pip: |
| 14 | + virtualenv: "{{ venv }}" |
| 15 | + virtualenv_command: "/usr/bin/python3 -m venv" |
| 16 | + name: |
| 17 | + - python-openstackclient |
| 18 | + state: latest |
| 19 | + extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}" |
| 20 | + run_once: true |
| 21 | + delegate_to: "{{ groups['controllers'][0] }}" |
| 22 | + vars: |
| 23 | + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
22 | 24 |
|
23 | | - - name: Read admin-openrc credential file |
24 | | - ansible.builtin.command: |
25 | | - cmd: "cat {{ lookup('ansible.builtin.env', 'KOLLA_CONFIG_PATH') }}/admin-openrc.sh" |
26 | | - delegate_to: localhost |
27 | | - register: credential |
28 | | - when: stackhpc_enable_radosgw_usage_exporter |
29 | | - changed_when: false |
| 25 | + - name: Read admin-openrc credential file |
| 26 | + ansible.builtin.command: |
| 27 | + cmd: "cat {{ lookup('ansible.builtin.env', 'KOLLA_CONFIG_PATH') }}/admin-openrc.sh" |
| 28 | + delegate_to: localhost |
| 29 | + register: credential |
| 30 | + changed_when: false |
30 | 31 |
|
31 | | - - name: Set facts for admin credentials |
32 | | - ansible.builtin.set_fact: |
33 | | - openstack_auth_env: |
34 | | - OS_PROJECT_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" |
35 | | - OS_USER_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_USER_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" |
36 | | - OS_PROJECT_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_NAME*.') | first | split('=') | last | replace(\"'\",'') }}" |
37 | | - OS_USERNAME: "{{ credential.stdout_lines | select('match', '.*OS_USERNAME*.') | first | split('=') | last | replace(\"'\",'') }}" |
38 | | - OS_PASSWORD: "{{ credential.stdout_lines | select('match', '.*OS_PASSWORD*.') | first | split('=') | last | replace(\"'\",'') }}" |
39 | | - OS_AUTH_URL: "{{ credential.stdout_lines | select('match', '.*OS_AUTH_URL*.') | first | split('=') | last | replace(\"'\",'') }}" |
40 | | - OS_INTERFACE: "{{ credential.stdout_lines | select('match', '.*OS_INTERFACE*.') | first | split('=') | last | replace(\"'\",'') }}" |
41 | | - OS_IDENTITY_API_VERSION: "{{ credential.stdout_lines | select('match', '.*OS_IDENTITY_API_VERSION*.') | first | split('=') | last | replace(\"'\",'') }}" |
42 | | - OS_CACERT: "{{ '/etc/ssl/certs/ca-certificates.crt' if os_distribution == 'ubuntu' else '/etc/pki/tls/certs/ca-bundle.crt' }}" |
43 | | - when: stackhpc_enable_radosgw_usage_exporter |
| 32 | + - name: Set facts for admin credentials |
| 33 | + ansible.builtin.set_fact: |
| 34 | + openstack_auth_env: |
| 35 | + OS_PROJECT_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 36 | + OS_USER_DOMAIN_NAME: "{{ credential.stdout_lines | select('match', '.*OS_USER_DOMAIN_NAME*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 37 | + OS_PROJECT_NAME: "{{ credential.stdout_lines | select('match', '.*OS_PROJECT_NAME*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 38 | + OS_USERNAME: "{{ credential.stdout_lines | select('match', '.*OS_USERNAME*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 39 | + OS_PASSWORD: "{{ credential.stdout_lines | select('match', '.*OS_PASSWORD*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 40 | + OS_AUTH_URL: "{{ credential.stdout_lines | select('match', '.*OS_AUTH_URL*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 41 | + OS_INTERFACE: "{{ credential.stdout_lines | select('match', '.*OS_INTERFACE*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 42 | + OS_IDENTITY_API_VERSION: "{{ credential.stdout_lines | select('match', '.*OS_IDENTITY_API_VERSION*.') | first | split('=') | last | replace(\"'\", '') }}" |
| 43 | + OS_CACERT: "{{ '/etc/ssl/certs/ca-certificates.crt' if os_distribution == 'ubuntu' else '/etc/pki/tls/certs/ca-bundle.crt' }}" |
44 | 44 |
|
45 | | - - name: Check ec2 credential for ceph_rgw |
46 | | - command: > |
47 | | - {{ venv }}/bin/openstack |
48 | | - ec2 credentials list --user ceph_rgw |
49 | | - --format json |
50 | | - environment: "{{ openstack_auth_env }}" |
51 | | - register: credential_check |
52 | | - delegate_to: "{{ groups['controllers'][0] }}" |
53 | | - vars: |
54 | | - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
55 | | - run_once: true |
56 | | - when: stackhpc_enable_radosgw_usage_exporter |
| 45 | + - name: Check ec2 credential for ceph_rgw |
| 46 | + ansible.builtin.command: > |
| 47 | + {{ venv }}/bin/openstack |
| 48 | + ec2 credentials list --user ceph_rgw |
| 49 | + --format json |
| 50 | + environment: "{{ openstack_auth_env }}" |
| 51 | + register: credential_check |
| 52 | + delegate_to: "{{ groups['controllers'][0] }}" |
| 53 | + changed_when: false |
| 54 | + vars: |
| 55 | + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
| 56 | + run_once: true |
57 | 57 |
|
58 | | - - name: Create ec2 credential if there's none |
59 | | - command: > |
60 | | - {{ venv }}/bin/openstack |
61 | | - ec2 credentials create --user ceph_rgw --project service |
62 | | - --format json |
63 | | - environment: "{{ openstack_auth_env }}" |
64 | | - delegate_to: "{{ groups['controllers'][0] }}" |
65 | | - vars: |
66 | | - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
67 | | - run_once: true |
68 | | - when: |
69 | | - - stackhpc_enable_radosgw_usage_exporter |
70 | | - - "{{ credential_check.stdout == [] }}" |
| 58 | + - name: Create ec2 credential if there's none |
| 59 | + ansible.builtin.command: > |
| 60 | + {{ venv }}/bin/openstack |
| 61 | + ec2 credentials create --user ceph_rgw --project service |
| 62 | + --format json |
| 63 | + environment: "{{ openstack_auth_env }}" |
| 64 | + delegate_to: "{{ groups['controllers'][0] }}" |
| 65 | + changed_when: true |
| 66 | + vars: |
| 67 | + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
| 68 | + run_once: true |
| 69 | + when: credential_check.stdout == [] |
71 | 70 |
|
72 | | - - name: Query ec2 credential for ceph_rgw |
73 | | - command: > |
74 | | - {{ venv }}/bin/openstack |
75 | | - ec2 credentials list --user ceph_rgw |
76 | | - --format json |
77 | | - environment: "{{ openstack_auth_env }}" |
78 | | - delegate_to: "{{ groups['controllers'][0] }}" |
79 | | - vars: |
80 | | - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
81 | | - register: credential |
82 | | - run_once: true |
83 | | - when: stackhpc_enable_radosgw_usage_exporter |
| 71 | + - name: Query ec2 credential for ceph_rgw |
| 72 | + ansible.builtin.command: > |
| 73 | + {{ venv }}/bin/openstack |
| 74 | + ec2 credentials list --user ceph_rgw |
| 75 | + --format json |
| 76 | + environment: "{{ openstack_auth_env }}" |
| 77 | + delegate_to: "{{ groups['controllers'][0] }}" |
| 78 | + changed_when: false |
| 79 | + vars: |
| 80 | + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
| 81 | + register: credential |
| 82 | + run_once: true |
84 | 83 |
|
85 | | - - name: Get object storage endpoint |
86 | | - command: > |
87 | | - {{ venv }}/bin/openstack |
88 | | - endpoint list --service object-store --interface internal |
89 | | - --format json |
90 | | - environment: "{{ openstack_auth_env }}" |
91 | | - delegate_to: "{{ groups['controllers'][0] }}" |
92 | | - vars: |
93 | | - ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
94 | | - register: endpoint |
95 | | - run_once: true |
96 | | - when: stackhpc_enable_radosgw_usage_exporter |
| 84 | + - name: Get object storage endpoint |
| 85 | + ansible.builtin.command: > |
| 86 | + {{ venv }}/bin/openstack |
| 87 | + endpoint list --service object-store --interface internal |
| 88 | + --format json |
| 89 | + environment: "{{ openstack_auth_env }}" |
| 90 | + delegate_to: "{{ groups['controllers'][0] }}" |
| 91 | + changed_when: false |
| 92 | + vars: |
| 93 | + ansible_host: "{{ hostvars[groups['controllers'][0]].ansible_host }}" |
| 94 | + register: endpoint |
| 95 | + run_once: true |
97 | 96 |
|
98 | | - - name: Ensure radosgw_usage_exporter container is running |
99 | | - community.docker.docker_container: |
100 | | - name: radosgw_usage_exporter |
101 | | - image: ghcr.io/stackhpc/radosgw_usage_exporter:0.1.0 |
102 | | - network_mode: host |
103 | | - env: |
104 | | - RADOSGW_SERVER: "{{ radosgw_server }}" |
105 | | - ADMIN_ENTRY: admin |
106 | | - ACCESS_KEY: "{{ ec2.Access }}" |
107 | | - SECRET_KEY: "{{ ec2.Secret }}" |
108 | | - VIRTUAL_PORT: "{{ stackhpc_radosgw_usage_exporter_port | string }}" |
109 | | - entrypoint: "{{ [ 'python', '-u', './radosgw_usage_exporter.py', '--insecure' ] if not stackhpc_radosgw_usage_exporter_verify else omit }}" |
110 | | - vars: |
111 | | - ec2: "{{ credential.stdout | from_json | first }}" |
112 | | - host: "{{ endpoint.stdout | from_json | first }}" |
113 | | - radosgw_server: "{{ host.URL | regex_replace('(https?://)([^:/]+):([0-9]+)/.*', '\\1\\2:\\3') }}" # Drop Swift api address |
114 | | - become: true |
115 | | - when: stackhpc_enable_radosgw_usage_exporter |
| 97 | + - name: Process object storage endpoint |
| 98 | + ansible.builtin.set_fact: |
| 99 | + radosgw_server: "{{ scheme + '://' + hostname + ':' + radosgw_port }}" |
| 100 | + vars: |
| 101 | + swift: "{{ endpoint.stdout | from_json | first }}" |
| 102 | + hostname: "{{ swift.URL | urlsplit('hostname') }}" |
| 103 | + scheme: "{{ swift.URL | urlsplit('scheme') }}" |
| 104 | + radosgw_port: "{{ swift.URL | urlsplit('port') }}" |
| 105 | + run_once: true |
| 106 | + |
| 107 | + - name: Ensure radosgw_usage_exporter container is running |
| 108 | + community.docker.docker_container: |
| 109 | + name: radosgw_usage_exporter |
| 110 | + image: ghcr.io/stackhpc/radosgw_usage_exporter:0.1.0 |
| 111 | + network_mode: host |
| 112 | + env: |
| 113 | + RADOSGW_SERVER: "{{ radosgw_server }}" |
| 114 | + ADMIN_ENTRY: admin |
| 115 | + ACCESS_KEY: "{{ ec2.Access }}" |
| 116 | + SECRET_KEY: "{{ ec2.Secret }}" |
| 117 | + VIRTUAL_PORT: "{{ stackhpc_radosgw_usage_exporter_port | string }}" |
| 118 | + entrypoint: "{{ ['python', '-u', './radosgw_usage_exporter.py', '--insecure'] if not stackhpc_radosgw_usage_exporter_verify else omit }}" |
| 119 | + vars: |
| 120 | + ec2: "{{ credential.stdout | from_json | first }}" |
| 121 | + become: true |
116 | 122 |
|
117 | | - - name: Create radosgw-usage-exporter directory |
118 | | - ansible.builtin.file: |
119 | | - path: /opt/kayobe/radosgw-usage-exporter/ |
120 | | - state: directory |
121 | | - when: |
122 | | - - stackhpc_enable_radosgw_usage_exporter |
123 | | - - stackhpc_radosgw_usage_exporter_cacert | length > 0 |
| 123 | + - name: Ensure the exporter to use certificate |
| 124 | + when: stackhpc_radosgw_usage_exporter_cacert | length > 0 |
| 125 | + block: |
| 126 | + - name: Create radosgw-usage-exporter directory |
| 127 | + ansible.builtin.file: |
| 128 | + path: /opt/kayobe/radosgw-usage-exporter/ |
| 129 | + state: directory |
| 130 | + mode: 0755 |
124 | 131 |
|
125 | | - - name: Copy CA certificate to RADOS gateway usage exporter nodes |
126 | | - ansible.builtin.copy: |
127 | | - src: "{{ stackhpc_radosgw_usage_exporter_cacert }}" |
128 | | - dest: "/opt/kayobe/radosgw-usage-exporter/{{ stackhpc_radosgw_usage_exporter_cacert | basename }}" |
129 | | - register: copy_to_node_result |
130 | | - when: |
131 | | - - stackhpc_enable_radosgw_usage_exporter |
132 | | - - stackhpc_radosgw_usage_exporter_cacert | length > 0 |
| 132 | + - name: Copy CA certificate to RADOS gateway usage exporter nodes |
| 133 | + ansible.builtin.copy: |
| 134 | + src: "{{ stackhpc_radosgw_usage_exporter_cacert }}" |
| 135 | + dest: "/opt/kayobe/radosgw-usage-exporter/{{ stackhpc_radosgw_usage_exporter_cacert | basename }}" |
| 136 | + mode: 0644 |
| 137 | + register: copy_to_node_result |
133 | 138 |
|
134 | | - - name: Copy CA certificate to RADOS gateway usage exporter container |
135 | | - community.docker.docker_container_copy_into: |
136 | | - container: radosgw_usage_exporter |
137 | | - path: "{{ copy_to_node_result.dest }}" |
138 | | - container_path: "/usr/local/share/ca-certificates/{{ copy_to_node_result.dest | basename }}" |
139 | | - become: true |
140 | | - when: |
141 | | - - stackhpc_enable_radosgw_usage_exporter |
142 | | - - stackhpc_radosgw_usage_exporter_cacert | length > 0 |
| 139 | + - name: Copy CA certificate to RADOS gateway usage exporter container |
| 140 | + community.docker.docker_container_copy_into: |
| 141 | + container: radosgw_usage_exporter |
| 142 | + path: "{{ copy_to_node_result.dest }}" |
| 143 | + container_path: "/usr/local/share/ca-certificates/{{ copy_to_node_result.dest | basename }}" |
| 144 | + become: true |
143 | 145 |
|
144 | | - - name: Update CA certificate of RADOS gateway usage exporter container |
145 | | - community.docker.docker_container_exec: |
146 | | - container: radosgw_usage_exporter |
147 | | - command: update-ca-certificates |
148 | | - user: root |
149 | | - become: true |
150 | | - when: |
151 | | - - stackhpc_enable_radosgw_usage_exporter |
152 | | - - stackhpc_radosgw_usage_exporter_cacert | length > 0 |
| 146 | + - name: Update CA certificate of RADOS gateway usage exporter container |
| 147 | + community.docker.docker_container_exec: |
| 148 | + container: radosgw_usage_exporter |
| 149 | + command: update-ca-certificates |
| 150 | + user: root |
| 151 | + become: true |
0 commit comments