feat: replace raw cephadm commands with ceph.cephadm collection modules#867
Draft
fabiendupont wants to merge 3 commits intoseapath:mainfrom
Draft
feat: replace raw cephadm commands with ceph.cephadm collection modules#867fabiendupont wants to merge 3 commits intoseapath:mainfrom
fabiendupont wants to merge 3 commits intoseapath:mainfrom
Conversation
In the current implementation, every node installs a registry locally and pull/push the cephadm image. However, this is neither truly disconnected as pull requires internet, nor resource efficient as a single registry is enough. This commit introduces a registry role that deploys docker.io/registry:v2 and allows importing images from internet (pull) or from an exported tarball (load). The seapath_setup_disconnected.yaml playbook installs the registry on the Ansible control node as a singleton. TLS is enabled by default: the registry auto-generates a self-signed CA and server certificate when no user-provided certs are given. The CA is distributed to all cluster nodes so they trust the registry over HTTPS. The registry listens on port 443 to avoid specifying the port in image names. The *_physical_machine roles are updated to use that registry as a mirror, which doesn't require changing the images names, both for Docker and Podman. They install the registry CA certificate in certs.d and set insecure = false when TLS is enabled. The cephadm role is updated to remove image management, which is now handled by the registry role, so cephadm is focused on Ceph cluster management. Contributes to seapath#442 Co-authored-by: Fabien Dupont <fdupont@redhat.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Fabien Dupont <fdupont@redhat.com>
Replace raw `command:` calls to cephadm/ceph CLI with idempotent modules from the ceph.cephadm Ansible collection across day-1 (deploy) and day-2 (remove/replace) operations. Key changes: - Add ceph.cephadm collection dependency (ansible-requirements.yaml) - Use cephadm_bootstrap, cephadm_registry_login, ceph_orch_host, ceph_orch_apply, and ceph_config modules in place of command: tasks - Simplify SSH key distribution using ceph cephadm get-pub-key - Split multi-document spec.yaml.j2 into single-document templates for ceph_orch_apply compatibility - Add cephadm_preflight.yaml for host preparation (Debian, CentOS, OracleLinux, Yocto) - Rewrite machine removal with graceful drain before host removal, falling back to forced offline removal when host is unreachable - Add complete machine replacement playbook (drain, remove, add, OSD) - Extract setup_user.yml for independent inclusion from playbooks - Fix ceph.conf.j2 bug: replace undefined cephadm_network variable with public_network / cluster_network from inventory - Apply ceph_conf_overrides via ceph_config (was silently ignored) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Fabien Dupont <fdupont@redhat.com>
Merge CentOS and OracleLinux roles into unified redhat* roles, introduce ansible_os_family-based conditionals, and add Rocky/AlmaLinux detection. This reduces maintenance burden and enables adoption of new RHEL-family distros without duplicating roles. Changes: - Add Rocky and AlmaLinux detection in detect_seapath_distro - Set ansible_os_family for Yocto; use native ansible_os_family for RedHat/Debian families - Create roles/redhat (merged centos + oraclelinux base setup) - Create roles/redhat_physical_machine (merged physical machine roles) - Create roles/redhat_hypervisor (renamed from centos_hypervisor) - Create roles/redhat_tests (renamed from oraclelinux_tests) - Merge CentOS.yml/OracleLinux.yml vars into RedHat.yml across 8 roles - Create unified seapath_setup_prerequisredhat.yaml playbook - Update all playbook conditionals to use ansible_os_family == "RedHat" - Delete old centos*, oraclelinux* roles and prerequisite playbooks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Fabien Dupont <fdupont@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace raw
command:calls to cephadm/ceph CLI with idempotent modules from the ceph.cephadm Ansible collection across day-1 (deploy) and day-2 (remove/replace) operations.Key changes:
Depends on #866