cifmw_ceph_client

Renders ceph.conf and ceph.client.openstack.keyring files and encodes them into k8s secret CR (k8s_ceph_secret.yml). To be used after deploying Ceph with the cifmw_cephadm role.

After running oc create -f k8s_ceph_secret.yml the OpenStack pods deployed by openstack-k8s-operators should be able to connect to Ceph.

Privilege escalation

None

Parameters

  • cifmw_ceph_client_vars: Path to the file containing Ceph client variables. This file should be generated by the cifmw_cephadm role. (default '')

  • cifmw_ceph_client_fetch_dir: directory where rendered files will be read and written (default /tmp)

  • cifmw_ceph_client_k8s_secret_name: name of the k8s secret CR (default ceph-conf-files)

  • cifmw_ceph_client_k8s_namespace: namespace of the k8s secret CR (default openstack)

  • cifmw_ceph_client_values_post_ceph_path_src: path to an HCI post Ceph values file as found in the openstack-k8s-operators architecture repository under examples/va/hci/values.yaml (default '')

  • cifmw_ceph_client_values_post_ceph_path_dst: path to a modified HCI post file but with CHANGEME values set to actual values based on the Ceph deployment created by the cifmw_cephadm role (default /tmp/edpm_values_post_ceph.yaml); this file will not be created unless cifmw_ceph_client_values_post_ceph_path_src is set

  • cifmw_ceph_client_service_values_post_ceph_path_src: path to an HCI post Ceph service values file as found in the openstack-k8s-operators architecture repository under examples/va/hci/service-values.yaml (default '')

  • cifmw_ceph_client_service_values_post_ceph_path_dst: path to a modified HCI post file but with CHANGEME values set to actual values based on the Ceph deployment created by the cifmw_cephadm role (default /tmp/edpm_service_values_post_ceph.yaml); this file will not be created unless cifmw_ceph_client_service_values_post_ceph_path_src is set

Examples

- name: Render Ceph client configuration
  hosts: localhost
  gather_facts: false
  vars:
    cifmw_ceph_client_vars: /tmp/ceph_client.yml
    cifmw_ceph_client_fetch_dir: /tmp
    cifmw_ceph_client_k8s_secret_name: ceph-conf-files
    cifmw_ceph_client_k8s_namespace: openstack
  tasks:
    - name: Export configuration for ceph client
      ansible.builtin.import_role:
        name: cifmw_ceph_client

After the above Ansible runs a file called /tmp/k8s_ceph_secret.yml should contain something like the following.

---
apiVersion: v1
data:
  ceph.client.openstack.keyring: W2NsaWVudC5vcGVuc3RhY2tdCiAgIGtleSA9ICJBUUE1ZTd4a0FBQUFBQkFBZXRJa0RDK21rNkhwaEJDUGhVNUZSdz09IgogICBjYXBzIG1nciA9IGFsbG93ICoKICAgY2FwcyBtb24gPSBwcm9maWxlIHJiZAogICBjYXBzIG9zZCA9IHByb2ZpbGUgcmJkIHBvb2w9dm1zLCBwcm9maWxlIHJiZCBwb29sPXZvbHVtZXMsIHByb2ZpbGUgcmJkIHBvb2w9aW1hZ2VzCg==
  ceph.conf: IyBBbnNpYmxlIG1hbmFnZWQKCltnbG9iYWxdCgpmc2lkID0gZWU1NDczMDItNzBhNi01YTM4LWEyZmMtMjI4Y2EzZmY3NWY3Cm1vbiBob3N0ID0gW3YyOjE3Mi4xOC4wLjEwMDozMzAwLzAsdjE6MTcyLjE4LjAuMTAwOjY3ODkvMF0sW3YyOjE3Mi4xOC4wLjEwMjozMzAwLzAsdjE6MTcyLjE4LjAuMTAyOjY3ODkvMF0sW3YyOjE3Mi4xOC4wLjEwMTozMzAwLzAsdjE6MTcyLjE4LjAuMTAxOjY3ODkvMF0KCgpbY2xpZW50LmxpYnZpcnRdCmFkbWluIHNvY2tldCA9IC92YXIvcnVuL2NlcGgvJGNsdXN0ZXItJHR5cGUuJGlkLiRwaWQuJGNjdGlkLmFzb2sKbG9nIGZpbGUgPSAvdmFyL2xvZy9jZXBoL3FlbXUtZ3Vlc3QtJHBpZC5sb2cKCg==
kind: Secret
metadata:
  name: ceph-conf-files
  namespace: openstack
type: Opaque

The user could then run kubectl create -f /tmp/k8s_ceph_secret.yml.

Alternatively, a copy of https://github.com/openstack-k8s-operators/architecture may be cloned to /home/zuul and the role may be called like this:

- name: Render Ceph client configuration
  hosts: localhost
  gather_facts: false
  vars:
    cifmw_ceph_client_vars: /tmp/ceph_client.yml
    cifmw_ceph_client_values_post_ceph_path_src: /home/zuul/architecture/examples/va/hci/values.yaml
    cifmw_ceph_client_service_values_post_ceph_path_src: /home/zuul/architecture/examples/service-values.yaml
  tasks:
    - name: Export configuration for ceph client
      ansible.builtin.import_role:
        name: cifmw_ceph_client

After the above Ansible runs, two files, /tmp/edpm_values_post_ceph.yaml and /tmp/edpm_service_values_post_ceph.yaml, will be created and the following may be run.

cp /tmp/edpm_values_post_ceph.yaml /home/zuul/architecture/examples/va/hci/values.yaml
cp /tmp/edpm_service_values_post_ceph.yaml /home/zuul/architecture/examples/va/hci/service-values.yaml
kustomize build /home/zuul/architecture/examples/va/hci/

The resultant ceph-nova and service-values ConfigMaps as well as the ceph-conf-files secret should contain the values from the deployed Ceph cluster client variables found in /tmp/ceph_client.yml (as created by the cifmw_cephadm role).