devplayground
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
devplayground [2025/06/10 17:44] pdonnell [Configuring CephFS Mounts] |
devplayground [2025/12/17 22:16] (current) pdonnell [Configuring CephFS Mounts] |
||
|---|---|---|---|
| Line 60: | Line 60: | ||
| become: true | become: true | ||
| vars: | vars: | ||
| - | admin_node: "reesi003.front.sepia.ceph.com" | + | admin_node: "doli01.front.sepia.ceph.com" |
| ceph_conf_path: "/etc/ceph/ceph.conf" | ceph_conf_path: "/etc/ceph/ceph.conf" | ||
| keyring_path: "/etc/ceph/client.sepian.keyring" | keyring_path: "/etc/ceph/client.sepian.keyring" | ||
| + | client_keyring_path: "/etc/ceph/keyring" | ||
| secret_path: "/etc/ceph/client.sepian.secret" | secret_path: "/etc/ceph/client.sepian.secret" | ||
| mounts: | mounts: | ||
| - { path: "/teuthology", fstype: "ceph", src: "/teuthology-archive", mds_namespace: "teuthology", opts: "_netdev,ro" } | - { path: "/teuthology", fstype: "ceph", src: "/teuthology-archive", mds_namespace: "teuthology", opts: "_netdev,ro" } | ||
| - { path: "/scratch", fstype: "ceph", src: "/", mds_namespace: "scratch", opts: "_netdev" } | - { path: "/scratch", fstype: "ceph", src: "/", mds_namespace: "scratch", opts: "_netdev" } | ||
| - | - { path: "/postfile", fstype: "ceph", src: "/", mds_namespace: "postfile", opts: "_netdev,ro" } | ||
| tasks: | tasks: | ||
| Line 73: | Line 73: | ||
| delegate_to: "{{ admin_node }}" | delegate_to: "{{ admin_node }}" | ||
| block: | block: | ||
| + | - name: "▶️ Get LRC fsid" | ||
| + | ansible.builtin.raw: > | ||
| + | env CEPH_KEYRING={{ keyring_path }} ceph --id sepian fsid | ||
| + | register: ceph_fsid | ||
| + | changed_when: false | ||
| + | |||
| - name: "▶️ Generate minimal ceph.conf (raw)" | - name: "▶️ Generate minimal ceph.conf (raw)" | ||
| ansible.builtin.raw: > | ansible.builtin.raw: > | ||
| - | env CEPH_KEYRING=/etc/ceph/client.sepian.keyring ceph --id sepian config generate-minimal-conf | + | env CEPH_KEYRING={{ keyring_path }} ceph --id sepian config generate-minimal-conf |
| register: ceph_conf_content | register: ceph_conf_content | ||
| changed_when: false | changed_when: false | ||
| Line 93: | Line 99: | ||
| - name: "▶️ Get Ceph monitor list (raw)" | - name: "▶️ Get Ceph monitor list (raw)" | ||
| ansible.builtin.raw: > | ansible.builtin.raw: > | ||
| - | env CEPH_KEYRING=/etc/ceph/client.sepian.keyring ceph --id sepian mon dump --format json 2>/dev/null | jq -r '[.mons[] | .public_addrs.addrvec[] | select(.type=="v1").addr] | join(",")' | + | env CEPH_KEYRING={{ keyring_path }} ceph --id sepian mon dump --format json 2>/dev/null | jq -r '[.mons[] | .public_addrs.addrvec[] | select(.type=="v1").addr] | join(",")' |
| register: mon_hosts | register: mon_hosts | ||
| changed_when: false | changed_when: false | ||
| Line 111: | Line 117: | ||
| mode: '0644' | mode: '0644' | ||
| - | - name: "▶️ Deploy client keyring" | + | - name: "▶️ Create temporary file for keyring import" |
| + | ansible.builtin.tempfile: | ||
| + | state: file | ||
| + | suffix: .keyring | ||
| + | register: tmp_keyring | ||
| + | |||
| + | - name: "▶️ Write keyring content to temporary file" | ||
| ansible.builtin.copy: | ansible.builtin.copy: | ||
| content: "{{ keyring_content.stdout }}" | content: "{{ keyring_content.stdout }}" | ||
| - | dest: "{{ keyring_path }}" | + | dest: "{{ tmp_keyring.path }}" |
| - | mode: '0644' | + | mode: '0600' |
| + | |||
| + | - name: "▶️ Deploy client keyring" | ||
| + | ansible.builtin.raw: > | ||
| + | ceph-authtool {{ client_keyring_path }} --create-keyring --import-keyring {{ tmp_keyring.path }} | ||
| + | |||
| + | - name: "▶️ Clean up temporary keyring file" | ||
| + | ansible.builtin.file: | ||
| + | path: "{{ tmp_keyring.path }}" | ||
| + | state: absent | ||
| - name: "▶️ Deploy client secret file (for other tools)" | - name: "▶️ Deploy client secret file (for other tools)" | ||
| Line 125: | Line 146: | ||
| - name: "3. Set up CephFS mounts" | - name: "3. Set up CephFS mounts" | ||
| block: | block: | ||
| + | - name: "▶️ Install ceph-common on Ubuntu/Debian" | ||
| + | ansible.builtin.apt: | ||
| + | name: ceph-common | ||
| + | state: present | ||
| + | update_cache: yes | ||
| + | when: ansible_facts['os_family'] == "Debian" | ||
| + | |||
| + | - name: "▶️ Install Ceph Squid repo on RHEL derivatives" | ||
| + | ansible.builtin.dnf: | ||
| + | name: centos-release-ceph-squid.noarch | ||
| + | state: present | ||
| + | when: ansible_facts['os_family'] == "RedHat" | ||
| + | |||
| + | - name: "▶️ Install ceph-common on RHEL derivatives" | ||
| + | ansible.builtin.dnf: | ||
| + | name: ceph-common | ||
| + | state: present | ||
| + | when: ansible_facts['os_family'] == "RedHat" | ||
| + | |||
| - name: "▶️ Unmount filesystems if they currently exist" | - name: "▶️ Unmount filesystems if they currently exist" | ||
| ansible.posix.mount: | ansible.posix.mount: | ||
| Line 142: | Line 182: | ||
| path: "{{ item.path }}" | path: "{{ item.path }}" | ||
| attr: +i | attr: +i | ||
| - | register: immutable_file | ||
| - | changed_when: "'i' not in immutable_file.diff.before.attributes" | ||
| loop: "{{ mounts }}" | loop: "{{ mounts }}" | ||
| Line 149: | Line 187: | ||
| ansible.posix.mount: | ansible.posix.mount: | ||
| path: "{{ item.path }}" | path: "{{ item.path }}" | ||
| - | src: "{{ mon_hosts.stdout | trim }}:{{ item.src }}" | + | src: "sepian@{{ ceph_fsid.stdout | trim }}.{{ item.mds_namespace }}={{ item.src }}" |
| fstype: "{{ item.fstype }}" | fstype: "{{ item.fstype }}" | ||
| - | opts: "name=sepian,secret={{ secret_content.stdout | trim }},mds_namespace={{ item.mds_namespace }},{{ item.opts }}" | + | opts: "{{ item.opts }}" |
| state: mounted | state: mounted | ||
| - | dump: 2 | + | dump: 0 |
| - | passno: 2 | + | passno: 0 |
| loop: "{{ mounts }}" | loop: "{{ mounts }}" | ||
| notify: Reload Systemd | notify: Reload Systemd | ||
devplayground.txt · Last modified: 2025/12/17 22:16 by pdonnell
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
