cifmw_ceph_client
Renders ceph.conf
and ceph.client.openstack.keyring
files
and encodes them into k8s secret CR (k8s_ceph_secret.yml
).
To be used after deploying Ceph with the cifmw_cephadm
role.
After running oc create -f k8s_ceph_secret.yml
the OpenStack pods
deployed by openstack-k8s-operators
should be able to connect to
Ceph.
Privilege escalation
None
Parameters
cifmw_ceph_client_vars
: Path to the file containing Ceph client variables. This file should be generated by thecifmw_cephadm
role. (default''
)cifmw_ceph_client_fetch_dir
: directory where rendered files will be read and written (default/tmp
)cifmw_ceph_client_k8s_secret_name
: name of the k8s secret CR (defaultceph-conf-files
)cifmw_ceph_client_k8s_namespace
: namespace of the k8s secret CR (defaultopenstack
)cifmw_ceph_client_values_post_ceph_path_src
: path to an HCI post Ceph values file as found in the openstack-k8s-operatorsarchitecture
repository underexamples/va/hci/values.yaml
(default''
)cifmw_ceph_client_values_post_ceph_path_dst
: path to a modified HCI post file but with CHANGEME values set to actual values based on the Ceph deployment created by thecifmw_cephadm
role (default/tmp/edpm_values_post_ceph.yaml
); this file will not be created unlesscifmw_ceph_client_values_post_ceph_path_src
is setcifmw_ceph_client_service_values_post_ceph_path_src
: path to an HCI post Ceph service values file as found in the openstack-k8s-operatorsarchitecture
repository underexamples/va/hci/service-values.yaml
(default''
)cifmw_ceph_client_service_values_post_ceph_path_dst
: path to a modified HCI post file but with CHANGEME values set to actual values based on the Ceph deployment created by thecifmw_cephadm
role (default/tmp/edpm_service_values_post_ceph.yaml
); this file will not be created unlesscifmw_ceph_client_service_values_post_ceph_path_src
is set
Examples
- name: Render Ceph client configuration
hosts: localhost
gather_facts: false
vars:
cifmw_ceph_client_vars: /tmp/ceph_client.yml
cifmw_ceph_client_fetch_dir: /tmp
cifmw_ceph_client_k8s_secret_name: ceph-conf-files
cifmw_ceph_client_k8s_namespace: openstack
tasks:
- name: Export configuration for ceph client
ansible.builtin.import_role:
name: cifmw_ceph_client
After the above Ansible runs a file called /tmp/k8s_ceph_secret.yml
should contain something like the following.
---
apiVersion: v1
data:
ceph.client.openstack.keyring: W2NsaWVudC5vcGVuc3RhY2tdCiAgIGtleSA9ICJBUUE1ZTd4a0FBQUFBQkFBZXRJa0RDK21rNkhwaEJDUGhVNUZSdz09IgogICBjYXBzIG1nciA9IGFsbG93ICoKICAgY2FwcyBtb24gPSBwcm9maWxlIHJiZAogICBjYXBzIG9zZCA9IHByb2ZpbGUgcmJkIHBvb2w9dm1zLCBwcm9maWxlIHJiZCBwb29sPXZvbHVtZXMsIHByb2ZpbGUgcmJkIHBvb2w9aW1hZ2VzCg==
ceph.conf: IyBBbnNpYmxlIG1hbmFnZWQKCltnbG9iYWxdCgpmc2lkID0gZWU1NDczMDItNzBhNi01YTM4LWEyZmMtMjI4Y2EzZmY3NWY3Cm1vbiBob3N0ID0gW3YyOjE3Mi4xOC4wLjEwMDozMzAwLzAsdjE6MTcyLjE4LjAuMTAwOjY3ODkvMF0sW3YyOjE3Mi4xOC4wLjEwMjozMzAwLzAsdjE6MTcyLjE4LjAuMTAyOjY3ODkvMF0sW3YyOjE3Mi4xOC4wLjEwMTozMzAwLzAsdjE6MTcyLjE4LjAuMTAxOjY3ODkvMF0KCgpbY2xpZW50LmxpYnZpcnRdCmFkbWluIHNvY2tldCA9IC92YXIvcnVuL2NlcGgvJGNsdXN0ZXItJHR5cGUuJGlkLiRwaWQuJGNjdGlkLmFzb2sKbG9nIGZpbGUgPSAvdmFyL2xvZy9jZXBoL3FlbXUtZ3Vlc3QtJHBpZC5sb2cKCg==
kind: Secret
metadata:
name: ceph-conf-files
namespace: openstack
type: Opaque
The user could then run kubectl create -f /tmp/k8s_ceph_secret.yml
.
Alternatively, a copy of
https://github.com/openstack-k8s-operators/architecture
may be cloned to /home/zuul
and the role may be called like this:
- name: Render Ceph client configuration
hosts: localhost
gather_facts: false
vars:
cifmw_ceph_client_vars: /tmp/ceph_client.yml
cifmw_ceph_client_values_post_ceph_path_src: /home/zuul/architecture/examples/va/hci/values.yaml
cifmw_ceph_client_service_values_post_ceph_path_src: /home/zuul/architecture/examples/service-values.yaml
tasks:
- name: Export configuration for ceph client
ansible.builtin.import_role:
name: cifmw_ceph_client
After the above Ansible runs, two files, /tmp/edpm_values_post_ceph.yaml
and /tmp/edpm_service_values_post_ceph.yaml
, will be created and the
following may be run.
cp /tmp/edpm_values_post_ceph.yaml /home/zuul/architecture/examples/va/hci/values.yaml
cp /tmp/edpm_service_values_post_ceph.yaml /home/zuul/architecture/examples/va/hci/service-values.yaml
kustomize build /home/zuul/architecture/examples/va/hci/
The resultant ceph-nova
and service-values
ConfigMaps as well
as the ceph-conf-files
secret should contain the values from the
deployed Ceph cluster client variables found in /tmp/ceph_client.yml
(as created by the cifmw_cephadm
role).