diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 045f83b..a72af4e 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -120,6 +120,9 @@ lookup_options: mysql::db: merge: strategy: deep + profiles::ceph::client::keyrings: + merge: + strategy: deep facts_path: '/opt/puppetlabs/facter/facts.d' @@ -294,7 +297,11 @@ networking::routes: netmask: 0.0.0.0 network: default - +profiles::ceph::client::fsid: 7f7f00cb-95de-498c-8dcc-14b54e4e9ca8 +profiles::ceph::client::mons: + - 10.18.15.1 + - 10.18.15.2 + - 10.18.15.3 #profiles::base::hosts::additional_hosts: # - ip: 198.18.17.9 # hostname: prodinf01n09.main.unkin.net diff --git a/site/profiles/manifests/ceph/client.pp b/site/profiles/manifests/ceph/client.pp new file mode 100644 index 0000000..1735a19 --- /dev/null +++ b/site/profiles/manifests/ceph/client.pp @@ -0,0 +1,43 @@ +# profiles::ceph::client +class profiles::ceph::client ( + String $fsid, + Array[Stdlib::Host] $mons, + Stdlib::Absolutepath $config_file = '/etc/ceph/ceph.conf', + String $owner = 'ceph', + String $group = 'ceph', + Stdlib::Filemode $mode = '0644', + Hash $keyrings = {}, +) { + + # dont run this on proxmox nodes + if $facts['enc_role'] != 'roles::infra::proxmox::node' { + + # install the ceph client package + package { 'ceph-common': + ensure => installed, + } + + # manage the ceph directory + file { '/etc/ceph': + ensure => directory, + owner => $owner, + group => $group, + mode => $mode, + require => Package['ceph-common'], + } + + # create a basic client config + file { $config_file: + ensure => file, + owner => $owner, + group => $group, + mode => $mode, + content => template('profiles/ceph/client.conf.erb'), + require => Package['ceph-common'], + } + + # manage ceph keyrings + create_resources('profiles::ceph::keyring', $keyrings) + } + +} diff --git a/site/profiles/manifests/ceph/keyring.pp b/site/profiles/manifests/ceph/keyring.pp new file mode 100644 index 0000000..3eca7dc --- /dev/null +++ b/site/profiles/manifests/ceph/keyring.pp @@ -0,0 +1,21 @@ +# profiles::ceph::keyring +define profiles::ceph::keyring ( + String $key, + String $user = $name, + String $type = 'client', + Stdlib::Filemode $mode = '0600', + String $owner = 'ceph', + String $group = 'ceph', + Stdlib::Absolutepath $keyring_dir = '/etc/ceph', +) { + $keyring_file = "${keyring_dir}/ceph.${type}.${user}.keyring" + + file { $keyring_file: + ensure => file, + owner => $owner, + group => $group, + mode => $mode, + content => Sensitive(template('profiles/ceph/keyring.erb')), + require => File[$keyring_dir], + } +} diff --git a/site/profiles/manifests/storage/cephfsvol.pp b/site/profiles/manifests/storage/cephfsvol.pp new file mode 100644 index 0000000..77270e5 --- /dev/null +++ b/site/profiles/manifests/storage/cephfsvol.pp @@ -0,0 +1,69 @@ +# profiles::storage::cephfsvol +define profiles::storage::cephfsvol ( + Enum['present', 'absent', 'mounted'] $ensure = 'mounted', + String $owner = 'root', + String $group = 'root', + Stdlib::Filemode $mode = '0755', + Stdlib::Absolutepath $mount = '/shared', + Array[Enum[ + 'defaults', 'ro', 'rw', 'sync', 'async', + 'noatime', 'nodiratime', 'noexec', 'nosuid', + 'nodev', 'remount', 'auto', 'noauto' + ]] $mount_options = ['noatime', 'nodiratime'], + Variant[Stdlib::Host, Array[Stdlib::Host]] $cephfs_mon = 'ceph-mon.service.consul', + Stdlib::Absolutepath $cephfs_path = '/', + String $cephfs_name = 'admin', + String $cephfs_fs = 'cephfs', + Optional[Stdlib::Absolutepath] $keyring = undef, +) { + + # mkdir -p $mount_path + mkdir::p {$mount: } + + # ensure the mount path exists + file { $mount: + ensure => directory, + owner => $owner, + group => $group, + mode => $mode, + require => [ + Mkdir::P[$mount], + Package['ceph-common'] + ], + } + + # join options into a comma seperated list + $options = join($mount_options, ',') + + # if a ceph keyring is required, it will be added here + if $keyring { + $mount_options_string = "${options},fs=${cephfs_fs},name=${cephfs_name},secretfile=${keyring}" + } else { + $mount_options_string = "${options},fs=${cephfs_fs},name=${cephfs_name}" + } + + # convert cephfs_servers (monitors) into a list + $mon_addresses = $cephfs_mon ? { + Array => join($cephfs_mon, ','), + default => $cephfs_mon, + } + + # manage the mount + mount { $mount: + ensure => $ensure, + atboot => true, + device => "${mon_addresses}:${cephfs_path}", + fstype => 'ceph', + options => $mount_options_string, + require => File[$mount], + } + + # unmount when the mount should be removed + if $ensure == 'absent' { + exec { "umount_${mount}": + command => "umount ${mount}", + onlyif => "mount | grep ${mount}", + before => Mount[$mount], + } + } +} diff --git a/site/profiles/templates/ceph/client.conf.erb b/site/profiles/templates/ceph/client.conf.erb new file mode 100644 index 0000000..af4c678 --- /dev/null +++ b/site/profiles/templates/ceph/client.conf.erb @@ -0,0 +1,3 @@ +[global] + fsid = <%= @fsid %> + mon_host = <%= @mons.join(' ') %> diff --git a/site/profiles/templates/ceph/keyring.erb b/site/profiles/templates/ceph/keyring.erb new file mode 100644 index 0000000..a8a4b27 --- /dev/null +++ b/site/profiles/templates/ceph/keyring.erb @@ -0,0 +1 @@ +<%= @key %>