# cifmw_ceph_client Renders `ceph.conf` and `ceph.client.openstack.keyring` files and encodes them into k8s secret CR (`k8s_ceph_secret.yml`). To be used after deploying Ceph with the `cifmw_cephadm` role. After running `oc create -f k8s_ceph_secret.yml` the OpenStack pods deployed by `openstack-k8s-operators` should be able to connect to Ceph. ## Privilege escalation None ## Parameters * `cifmw_ceph_client_vars`: Path to the file containing Ceph client variables. This file should be generated by the `cifmw_cephadm` role. (default `''`) * `cifmw_ceph_client_fetch_dir`: directory where rendered files will be read and written (default `/tmp`) * `cifmw_ceph_client_k8s_secret_name`: name of the k8s secret CR (default `ceph-conf-files`) * `cifmw_ceph_client_k8s_namespace`: namespace of the k8s secret CR (default `openstack`) * `cifmw_ceph_client_values_post_ceph_path_src`: path to an HCI post Ceph values file as found in the openstack-k8s-operators `architecture` repository under `examples/va/hci/values.yaml` (default `''`) * `cifmw_ceph_client_values_post_ceph_path_dst`: path to a modified HCI post file but with CHANGEME values set to actual values based on the Ceph deployment created by the `cifmw_cephadm` role (default `/tmp/edpm_values_post_ceph.yaml`); this file will not be created unless `cifmw_ceph_client_values_post_ceph_path_src` is set * `cifmw_ceph_client_service_values_post_ceph_path_src`: path to an HCI post Ceph service values file as found in the openstack-k8s-operators `architecture` repository under `examples/va/hci/service-values.yaml` (default `''`) * `cifmw_ceph_client_service_values_post_ceph_path_dst`: path to a modified HCI post file but with CHANGEME values set to actual values based on the Ceph deployment created by the `cifmw_cephadm` role (default `/tmp/edpm_service_values_post_ceph.yaml`); this file will not be created unless `cifmw_ceph_client_service_values_post_ceph_path_src` is set ## Examples ```yaml - name: Render Ceph client configuration hosts: localhost gather_facts: false vars: cifmw_ceph_client_vars: /tmp/ceph_client.yml cifmw_ceph_client_fetch_dir: /tmp cifmw_ceph_client_k8s_secret_name: ceph-conf-files cifmw_ceph_client_k8s_namespace: openstack tasks: - name: Export configuration for ceph client ansible.builtin.import_role: name: cifmw_ceph_client ``` After the above Ansible runs a file called `/tmp/k8s_ceph_secret.yml` should contain something like the following. ```yaml --- apiVersion: v1 data: ceph.client.openstack.keyring: W2NsaWVudC5vcGVuc3RhY2tdCiAgIGtleSA9ICJBUUE1ZTd4a0FBQUFBQkFBZXRJa0RDK21rNkhwaEJDUGhVNUZSdz09IgogICBjYXBzIG1nciA9IGFsbG93ICoKICAgY2FwcyBtb24gPSBwcm9maWxlIHJiZAogICBjYXBzIG9zZCA9IHByb2ZpbGUgcmJkIHBvb2w9dm1zLCBwcm9maWxlIHJiZCBwb29sPXZvbHVtZXMsIHByb2ZpbGUgcmJkIHBvb2w9aW1hZ2VzCg== ceph.conf: IyBBbnNpYmxlIG1hbmFnZWQKCltnbG9iYWxdCgpmc2lkID0gZWU1NDczMDItNzBhNi01YTM4LWEyZmMtMjI4Y2EzZmY3NWY3Cm1vbiBob3N0ID0gW3YyOjE3Mi4xOC4wLjEwMDozMzAwLzAsdjE6MTcyLjE4LjAuMTAwOjY3ODkvMF0sW3YyOjE3Mi4xOC4wLjEwMjozMzAwLzAsdjE6MTcyLjE4LjAuMTAyOjY3ODkvMF0sW3YyOjE3Mi4xOC4wLjEwMTozMzAwLzAsdjE6MTcyLjE4LjAuMTAxOjY3ODkvMF0KCgpbY2xpZW50LmxpYnZpcnRdCmFkbWluIHNvY2tldCA9IC92YXIvcnVuL2NlcGgvJGNsdXN0ZXItJHR5cGUuJGlkLiRwaWQuJGNjdGlkLmFzb2sKbG9nIGZpbGUgPSAvdmFyL2xvZy9jZXBoL3FlbXUtZ3Vlc3QtJHBpZC5sb2cKCg== kind: Secret metadata: name: ceph-conf-files namespace: openstack type: Opaque ``` The user could then run `kubectl create -f /tmp/k8s_ceph_secret.yml`. Alternatively, a copy of https://github.com/openstack-k8s-operators/architecture may be cloned to `/home/zuul` and the role may be called like this: ```yaml - name: Render Ceph client configuration hosts: localhost gather_facts: false vars: cifmw_ceph_client_vars: /tmp/ceph_client.yml cifmw_ceph_client_values_post_ceph_path_src: /home/zuul/architecture/examples/va/hci/values.yaml cifmw_ceph_client_service_values_post_ceph_path_src: /home/zuul/architecture/examples/service-values.yaml tasks: - name: Export configuration for ceph client ansible.builtin.import_role: name: cifmw_ceph_client ``` After the above Ansible runs, two files, `/tmp/edpm_values_post_ceph.yaml` and `/tmp/edpm_service_values_post_ceph.yaml`, will be created and the following may be run. ```bash cp /tmp/edpm_values_post_ceph.yaml /home/zuul/architecture/examples/va/hci/values.yaml cp /tmp/edpm_service_values_post_ceph.yaml /home/zuul/architecture/examples/va/hci/service-values.yaml kustomize build /home/zuul/architecture/examples/va/hci/ ``` The resultant `ceph-nova` and `service-values` ConfigMaps as well as the `ceph-conf-files` secret should contain the values from the deployed Ceph cluster client variables found in `/tmp/ceph_client.yml` (as created by the `cifmw_cephadm` role).