Merge branch 'testing'

manifests/ceph.pp

@@ -0,0 +1,159 @@
+# Ceph for SUNET
+class sunet::ceph(
+  Array  $adm,
+  Array  $clients,
+  String $type,
+  String $firstmon,
+)
+{
+  $adm_public_key = lookup('adm_public_key', undef, undef, 'NOT_SET_IN_HIERA');
+  $packages = ['lvm2', 'podman']
+  $packages.each |$package| {
+    package { $package:
+      ensure => 'present',
+    }
+  }
+  file {'/root/.ssh/':
+    ensure => 'directory',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0700',
+  }
+  file {'/root/.ssh/authorized_keys':
+    ensure => 'present',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0600',
+  }
+  if $adm_public_key != 'NOT_SET_IN_HIERA' {
+    file_line { 'adm_public_key':
+      path => '/root/.ssh/authorized_keys',
+      line => $adm_public_key,
+    }
+  }
+  $nodes = lookup('nodes', undef, undef, []);
+  if $type == 'adm' {
+    $extra_ports = []
+    include sunet::packages::cephadm
+    file {'/opt/ceph':
+      ensure  => 'directory',
+    }
+    $adm_private_key = lookup('adm_private_key', undef, undef, 'NOT_SET_IN_HIERA');
+    $adm_keyring = lookup('adm_keyring', undef, undef, 'NOT_SET_IN_HIERA');
+    if $adm_keyring != 'NOT_SET_IN_HIERA' {
+      file {'/etc/ceph/ceph.client.admin.keyring':
+        ensure  => 'present',
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0600',
+        content => $adm_keyring,
+      }
+    }
+    if $adm_private_key != 'NOT_SET_IN_HIERA' {
+      file {'/root/.ssh/id_ed25519_adm':
+        ensure  => 'present',
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0600',
+        content => $adm_private_key,
+      }
+    }
+    if $adm_public_key != 'NOT_SET_IN_HIERA' {
+      file {'/root/.ssh/id_ed25519_adm.pub':
+        ensure  => 'present',
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0600',
+        content => $adm_public_key,
+      }
+    }
+    file {'/opt/ceph/ceph-cluster.yaml':
+      ensure  => 'file',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0600',
+      content => template('sunet/ceph/ceph-cluster.erb.yaml'),
+    }
+    file {'/opt/ceph/cluster-bootstrap.sh':
+      ensure  => 'file',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0700',
+      content => template('sunet/ceph/cluster-bootstrap.erb.sh'),
+    }
+  }
+  elsif $type == 'osd' {
+    $extra_ports = []
+  }
+  elsif $type == 'mds' {
+    $extra_ports = []
+  }
+  elsif $type == 'firstmon' {
+    include sunet::packages::cephadm
+    $adm_private_key = lookup('adm_private_key', undef, undef, 'NOT_SET_IN_HIERA');
+    if $adm_private_key != 'NOT_SET_IN_HIERA' {
+      file {'/root/.ssh/id_ed25519_adm':
+        ensure  => 'present',
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0600',
+        content => $adm_private_key,
+      }
+    }
+    if $adm_public_key != 'NOT_SET_IN_HIERA' {
+      file {'/root/.ssh/id_ed25519_adm.pub':
+        ensure  => 'present',
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0600',
+        content => $adm_public_key,
+      }
+    }
+    $extra_ports = [ { 'from' => $clients, 'to' => '3300' } ]
+    file {'/opt/ceph':
+      ensure  => 'directory',
+    }
+    file {'/opt/ceph/bootstrap.sh':
+      ensure  => 'file',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0700',
+      content => template('sunet/ceph/bootstrap.erb.sh'),
+    }
+    file {'/etc/alloy/targets.d/ceph-mgr.yaml':
+      ensure  => 'file',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0744',
+      content => template('sunet/ceph/ceph-mgr.yaml'),
+    }
+  }
+  elsif $type == 'mon' {
+    $extra_ports = [ { 'from' => $clients, 'to' => '3300' } ]
+    file {'/opt/ceph':
+      ensure  => 'directory',
+    }
+    sunet::nftables::allow { 'expose-allow-ssh':
+      from => $adm,
+      port => 22,
+    }
+    file {'/etc/alloy/targets.d/ceph-mgr.yaml':
+      ensure  => 'file',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0744',
+      content => template('sunet/ceph/ceph-mgr.yaml'),
+    }
+  }
+  $internal_nodes = $nodes.map |$node| {
+    $node['addr']
+  }
+  $internal_ports = [ { 'from' => $internal_nodes, 'to' => ['22', '3300', '6800-7300'] } ]
+  $ceph_ports = $extra_ports + $internal_ports
+  $ceph_ports.each |$port| {
+    sunet::nftables::allow { "expose-allow-${port['to']}":
+      from => $port['from'],
+      port => $port['to'],
+    }
+  }
+}

manifests/packages/ceph_common.pp

@@ -0,0 +1,4 @@
+# ceph_common
+class sunet::packages::ceph_common {
+    package { 'ceph-common': ensure => installed }
+}

manifests/packages/ceph_mds.pp

@@ -0,0 +1,4 @@
+# ceph_mds
+class sunet::packages::ceph_mds {
+    package { 'ceph-mds': ensure => installed }
+}

manifests/packages/ceph_mon.pp

@@ -0,0 +1,4 @@
+# ceph_mon
+class sunet::packages::ceph_mon {
+    package { 'ceph-mon': ensure => installed }
+}

manifests/packages/ceph_osd.pp

@@ -0,0 +1,4 @@
+# ceph_osd
+class sunet::packages::ceph_osd {
+    package { 'ceph-osd': ensure => installed }
+}

manifests/packages/cephadm.pp

@@ -0,0 +1,4 @@
+# cephadm
+class sunet::packages::cephadm {
+    package { 'cephadm': ensure => installed }
+}

templates/ceph/bootstrap.erb.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+cephadm bootstrap \
+    --mon-ip "<%= @facts['networking']['ip'] %>" \
+    --ssh-user root \
+    --ssh-private-key /root/.ssh/id_ed25519_adm \
+    --ssh-public-key /root/.ssh/id_ed25519_adm.pub \
+    --allow-fqdn-hostname \
+    --allow-overwrite 

templates/ceph/ceph-cluster.erb.yaml

@@ -0,0 +1,12 @@
+<% @nodes.each do |node| %>
+---
+service_type: <%= node['service_type'] %>
+addr: <%= node['addr'] %>
+hostname: <%= node['hostname'] %>
+<% if node['labels'] %>
+labels:
+<% node['labels'].each do |label| %>
+- <%= label -%> 
+<% end -%>
+<% end -%>
+<% end -%>

templates/ceph/ceph-mgr.yaml

@@ -0,0 +1,4 @@
+- targets:
+  - 127.0.0.1:9283
+  labels:
+    job: ceph

templates/ceph/cluster-bootstrap.erb.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+ceph="/usr/sbin/cephadm shell ceph"
+
+adm_private_key="$(cat /root/.ssh/id_ed25519_adm)"
+adm_public_key="$(ssh-keygen -y -f /root/.ssh/id_ed25519_adm)"
+echo "$adm_public_key" > /root/.ssh/id_ed25519_adm.pub
+
+ssh -4 -i /root/.ssh/id_ed25519_adm "<%= @firstmon %>" /opt/ceph/bootstrap.sh # Run bootstrap script on first monitor
+scp -4 -i /root/.ssh/id_ed25519_adm "<%= @firstmon %>:/etc/ceph/*" /etc/ceph/ # Copy over config <% monitors = [] %><% osd = [] %><% @nodes.each do |node| %><% hostname = node['hostname'] %>
+${ceph} orch host add "<%= hostname %>" "<%= node['addr'] %>" # Add <%= node['hostname'] %><% node['labels'].each do |label| %><% if label == 'mon' %><% monitors.append(node['hostname']) %><% elsif label == 'osd' %><% osd.append(node['hostname']) %><% end %>
+${ceph} orch host label add "<%= hostname %>" "<%= label %>" # <% end %><% end %>
+${ceph} orch apply -i /rootfs/opt/ceph/nordunet-cephcluster.yaml
+
+adm_keyring="$(cat /etc/ceph/ceph.client.admin.keyring)"
+echo "Now run:"
+echo -e "\t ./edit-secrets $(hostname -f)"
+echo "and add:"
+echo "adm_private_key: >"
+echo "  DEC::PKCS7[$adm_private_key"
+echo "]!"
+echo "adm_keyring: >"
+echo "  DEC::PKCS7[$adm_keyring"
+echo "]!"
+echo -e "\n\n\nFinaly add:"
+echo "adm_public_key: '$adm_public_key'"
+echo "to the common group.yaml file"