feat: update settings for ceph (#298)

- enable root logins via ssh with keys
- add ssh key for ceph to root user

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/298
This commit was merged in pull request #298.
This commit is contained in:
2025-05-25 20:22:00 +10:00
parent c0aab1087e
commit 1d23fef82e
6 changed files with 139 additions and 28 deletions
+24 -15
View File
@@ -3,6 +3,9 @@ class profiles::ceph::client (
String $fsid,
Array[Stdlib::Host] $mons,
Stdlib::Absolutepath $config_file = '/etc/ceph/ceph.conf',
Boolean $manage_ceph_conf = true,
Boolean $manage_ceph_package = true,
Boolean $manage_ceph_paths = true,
String $owner = 'ceph',
String $group = 'ceph',
Stdlib::Filemode $mode = '0644',
@@ -13,27 +16,33 @@ class profiles::ceph::client (
if $facts['enc_role'] != 'roles::infra::proxmox::node' {
# install the ceph client package
package { 'ceph-common':
ensure => installed,
if $manage_ceph_package {
package { 'ceph-common':
ensure => installed,
}
}
# manage the ceph directory
file { '/etc/ceph':
ensure => directory,
owner => $owner,
group => $group,
mode => $mode,
require => Package['ceph-common'],
if $manage_ceph_paths {
file { '/etc/ceph':
ensure => directory,
owner => $owner,
group => $group,
mode => $mode,
require => Package['ceph-common'],
}
}
# create a basic client config
file { $config_file:
ensure => file,
owner => $owner,
group => $group,
mode => $mode,
content => template('profiles/ceph/client.conf.erb'),
require => Package['ceph-common'],
if $manage_ceph_conf {
file { $config_file:
ensure => file,
owner => $owner,
group => $group,
mode => $mode,
content => template('profiles/ceph/client.conf.erb'),
require => Package['ceph-common'],
}
}
# manage ceph keyrings
+31
View File
@@ -0,0 +1,31 @@
class profiles::ceph::node (
){
package {'ceph':
ensure => 'installed',
}
file {'/etc/ceph':
ensure => directory,
owner => 'ceph',
group => 'ceph',
mode => '0755',
require => Package['ceph'],
}
file {'/var/log/ceph':
ensure => directory,
owner => 'ceph',
group => 'ceph',
mode => '0755',
require => Package['ceph'],
}
# run sudo pip3 install CherryPy==18.10.0
# unless:
# [sysadmin@prodnxsr0009 ~]$ sudo pip3.9 list | grep -i cherrypy
# CherryPy 18.10.0
}
@@ -0,0 +1,36 @@
# a class to manage the cephfsvol defines
class profiles::storage::cephfsvols (
Hash[String, Hash] $volumes,
) {
$volumes.each |String $title, Hash $params| {
$ensure = pick($params['ensure'], 'mounted')
$owner = pick($params['owner'], 'root')
$group = pick($params['group'], 'root')
$mode = pick($params['mode'], '0755')
$mount = $params['mount']
$mount_options = pick($params['mount_options'], ['noatime', 'nodiratime'])
$cephfs_mon = pick($params['cephfs_mon'], 'ceph-mon.service.consul')
$cephfs_path = pick($params['cephfs_path'], '/')
$cephfs_name = $params['cephfs_name']
$cephfs_fs = $params['cephfs_fs']
$keyring = $params['keyring']
profiles::storage::cephfsvol { $title:
ensure => $ensure,
owner => $owner,
group => $group,
mode => $mode,
mount => $mount,
mount_options => $mount_options,
cephfs_mon => $cephfs_mon,
cephfs_path => $cephfs_path,
cephfs_name => $cephfs_name,
cephfs_fs => $cephfs_fs,
keyring => $keyring,
# Optional metaparameters like `require`
* => $params.filter |$k, $v| { $k in ['require', 'before', 'notify', 'subscribe'] },
}
}
}