ara | File #731: /etc/ansible/roles/ceph-ansible/roles/ceph-nfs/tasks/main.yml

/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml

Execution

Date 15 Dec 2025 10:19:13 +0000

Duration 00:23:12.82

Controller aio1.openstack.local

User root

Versions

Ansible 2.18.6

ara 1.7.4 / 1.7.4

Python 3.12.3

Summary

9 Hosts

618 Tasks

960 Results

108 Plays

456 Files

0 Records

check:False tags:all

Date
15 Dec 2025 10:19:13 +0000
Path
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml

Argument	Value
version	None
verbosity	0
private_key_file	None
remote_user	None
connection	openstack.osa.ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	True
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	8
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['setup-openstack.yml']

File: /etc/ansible/roles/ceph-ansible/roles/ceph-nfs/tasks/main.yml

---
# global/common requirement
- name: Stop nfs server service
  ansible.builtin.systemd:
    name: "{{ 'nfs-server' if ansible_facts['os_family'] == 'RedHat' else 'nfsserver' if ansible_facts['os_family'] == 'Suse' else 'nfs-kernel-server' if ansible_facts['os_family'] == 'Debian' }}"
    state: stopped
    enabled: false
  failed_when: false

- name: Include pre_requisite_non_container.yml
  ansible.builtin.include_tasks: pre_requisite_non_container.yml
  when: not containerized_deployment | bool

- name: Include pre_requisite_container.yml
  ansible.builtin.include_tasks: pre_requisite_container.yml
  when: containerized_deployment | bool

- name: Set_fact _rgw_hostname
  ansible.builtin.set_fact:
    _rgw_hostname: "{{ hostvars[inventory_hostname]['ansible_facts']['hostname'] }}"

- name: Set rgw parameter (log file)
  ceph_config:
    action: set
    who: "client.rgw.{{ _rgw_hostname }}"
    option: "log file"
    value: "/var/log/ceph/{{ cluster }}-rgw-{{ hostvars[inventory_hostname]['ansible_facts']['hostname'] }}.log"
  environment:
    CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
    CEPH_CONTAINER_BINARY: "{{ container_binary }}"
  loop: "{{ groups.get('nfss', []) }}"

- name: Include create_rgw_nfs_user.yml
  ansible.builtin.import_tasks: create_rgw_nfs_user.yml
  when: groups.get(mon_group_name, []) | length > 0

- name: Install nfs-ganesha-selinux on RHEL 8
  ansible.builtin.package:
    name: nfs-ganesha-selinux
    state: present
  register: result
  until: result is succeeded
  when:
    - not containerized_deployment | bool
    - inventory_hostname in groups.get(nfs_group_name, [])
    - ansible_facts['os_family'] == 'RedHat'
    - ansible_facts['distribution_major_version'] == '8'

# NOTE (leseb): workaround for issues with ganesha and librgw
- name: Add ganesha_t to permissive domain
  community.general.selinux_permissive:
    name: ganesha_t
    permissive: true
  failed_when: false
  when:
    - not containerized_deployment | bool
    - ansible_facts['os_family'] == 'RedHat'
    - ansible_facts['selinux']['status'] == 'enabled'

- name: Nfs with external ceph cluster task related
  when:
    - groups.get(mon_group_name, []) | length == 0
    - ceph_nfs_ceph_user is defined
  block:
    - name: Create keyring directory
      ansible.builtin.file:
        path: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ item }}"
        state: directory
        owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
        group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
        mode: "0755"
      with_items:
        - "{{ ceph_nfs_ceph_user }}"
        - "{{ ansible_facts['hostname'] }}"

    - name: Set_fact rgw_client_name
      ansible.builtin.set_fact:
        rgw_client_name: "client.rgw.{{ ceph_nfs_ceph_user }}"

    - name: Get client cephx keys
      ansible.builtin.copy:
        dest: "{{ item.1 }}"
        content: "{{ item.0.content | b64decode }}"
        mode: "{{ item.0.item.get('mode', '0600') }}"
        owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
        group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
      with_nested:
        - "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] | default([]) }}"
        - ['/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ceph_nfs_ceph_user }}/keyring', "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}/keyring"]
      when:
        - not item.0.get('skipped', False)
        - item.0.item.name == 'client.' + ceph_nfs_ceph_user or item.0.item.name == rgw_client_name
      no_log: "{{ no_log_on_ceph_key_tasks }}"

- name: Include start_nfs.yml
  ansible.builtin.import_tasks: start_nfs.yml

Playbook #5

File: /etc/ansible/roles/ceph-ansible/roles/ceph-nfs/tasks/main.yml