+23

README.md

reviewed

··· 1 1 + ## Overview 2 2 + 3 3 + This is a simple Ansible playbook to setup a Rook Storage Cluster inside an already available Kubernetes Cluster. 4 4 + 5 5 + ## Pre-Requisites 6 6 + 7 7 + Node in the `k8s_master` group of the `inventory/hosts.cfg` is the Kubernetes cluster's master node. It's assumed that `kubectl` command is available and setup there for the tasks in the playbook to work. Along with the Kubernetes cluster, Rook Operator also need to be setup in the same cluster as mentioned  8 8 + 9 9 + ## Approach & Configuration 10 10 + 11 11 + The approach to setup Rook Storage cluster in this playbook is that a particular mount point in all the nodes assigned for storage will be used as the storage cluster's directories. This same information is mentioned in the `templates/rook-cluster-config.ymk.j2`. 12 12 + 13 13 + Along with the Rook cluster, this playbook also sets up Rook Toolbox required to monitor the Rook / Ceph cluster. 14 14 + 15 15 + The `storage_nodes` in the `inventory/hosts.cfg` denotes the storage node details. Other relvant values for the Rook cluster setup is in the `inventory/group_vars/k8s_master.yml`. The `inventory/group_vars/all/vault.yml` contain some sensitive information like the actual IPs and ssh user, please make sure to edit them before executing the playbook. 16 16 + 17 17 + For more details check on ,  and  18 18 + 19 19 + ## Playbook execution 20 20 + 21 21 + ``` 22 22 + $ ansible-playbook -i inventory/hosts.cfg -kK -v --ask-vault-pass playbook.yml 23 23 + ```

+1

inventory/group_vars/all/vars.yml

reviewed

··· 1 1 + data_dir_host_path: /var/lib/rook

+22

inventory/group_vars/all/vault.yml

reviewed

··· 1 1 + $ANSIBLE_VAULT;1.1;AES256 2 2 + 32636466333731303737353038353039343936376261336430636464646266616136386631366630 3 3 + 3963393336383030356631373434363662663562646431330a376464306265636361363038346437 4 4 + 61306164376534313432326239636539373636396462356365323366653737346130613836613130 5 5 + 3536313664636236320a363834633735666664333038353562623764666665623962366539383731 6 6 + 64353766343865336664326539313361303036326431353438613037323939386633646561343263 7 7 + 63663934313562616436323863333734666432393130663664643635643065626663336435356638 8 8 + 62343864663465643164353139346462393030653861373561303866623362613936343364393462 9 9 + 62326162333939363933616563363162363263333339323866383666303033363661643364353034 10 10 + 37613533316533383133353232396532633134303235313361356238383135323232613139396134 11 11 + 63656531353466376163343336616562396665333131333462666436386365346136373038373664 12 12 + 32386239643166653439653732343536616335366437386362343966376438653166653839336264 13 13 + 39336532343436323533636538646535666236623037373161353265386161663338373836393831 14 14 + 39353132313766396238636162343133393764623361613934636266303861326166666330303461 15 15 + 36313462623565656563326266336162356463633863353136343332656366636362653239626662 16 16 + 32613232346363616264666537393233363537353535333965353862376239316262376236383736 17 17 + 63643937376437366539383933383838653866613363353034653231666330633135633234336633 18 18 + 64343933313932633534653532313265613964616134333061336566363130303736323539346165 19 19 + 39623330303330303164346338616234613330653861373563306336643764663536303731333563 20 20 + 30333565616135353965313061666538666232316664613666376266346132316637313636373933 21 21 + 35616238303830316165303033393933663765333332316262633433306566353534616630346530 22 22 + 3561

+11

inventory/group_vars/k8s_master.yml

reviewed

··· 1 1 + --- 2 2 + rook_cluster_config_dir: /etc/kubernetes 3 3 + rook_operator_namespace: rook-system 4 4 + rook_cluster_namespace: rook 5 5 + storageconfig: 6 6 + # storetype: bluestore 7 7 + # databasesize: 1024 8 8 + # journalsize: 1024 9 9 + directory: 10 10 + paths: 11 11 + - /data

+6

inventory/group_vars/storage_nodes.yml

reviewed

··· 1 1 + --- 2 2 + storageconfig: 3 3 + directory: 4 4 + paths: 5 5 + - /data 6 6 + ...

+31

inventory/hosts.cfg

reviewed

··· 1 1 + [all] 2 2 + ctsc01029721901 ansible_host={{vault_hosts.ips.node1}} ansible_user={{vault_hosts.ssh_user}} 3 3 + ctsc01029725101 ansible_host={{vault_hosts.ips.node4}} k8s_host_name=ctsc01029725101 ansible_user={{vault_hosts.ssh_user}} 4 4 + ctsc01029725401 ansible_host={{vault_hosts.ips.node5}} k8s_host_name=ctsc01029725401 ansible_user={{vault_hosts.ssh_user}} 5 5 + ctsc01029730401 ansible_host={{vault_hosts.ips.node6}} k8s_host_name=ctsc01029730401 ansible_user={{vault_hosts.ssh_user}} 6 6 + 7 7 + 8 8 + ctsc01029723101 ansible_host={{vault_hosts.ips.node3}} k8s_host_name=ctsc01029723101 ansible_user={{vault_hosts.ssh_user}} 9 9 + ctsc01067708301 ansible_host={{vault_hosts.ips.node8}} k8s_host_name=ctsc01067708301 ansible_user={{vault_hosts.ssh_user}} 10 10 + ctsc01067732001 ansible_host={{vault_hosts.ips.node9}} k8s_host_name=ctsc01067732001 ansible_user={{vault_hosts.ssh_user}} 11 11 + ctsc01067709301 ansible_host={{vault_hosts.ips.node10}} k8s_host_name=ctsc01067709301 ansible_user={{vault_hosts.ssh_user}} 12 12 + ctsc01067709801 ansible_host={{vault_hosts.ips.node11}} k8s_host_name=ctsc01067709801 ansible_user={{vault_hosts.ssh_user}} 13 13 + ctsc01067720001 ansible_host={{vault_hosts.ips.node12}} k8s_host_name=ctsc01067720001 ansible_user={{vault_hosts.ssh_user}} 14 14 + ctsc01029722401 ansible_host={{vault_hosts.ips.node2}} k8s_host_name=ctsc01029722401 ansible_user={{vault_hosts.ssh_user}} 15 15 + 16 16 + [k8s_master] 17 17 + ctsc01029721901 18 18 + 19 19 + [storage_nodes] 20 20 + ctsc01029725101 21 21 + ctsc01029725401 22 22 + ctsc01029730401 23 23 + 24 24 + [other_nodes] 25 25 + ctsc01029723101 26 26 + ctsc01067708301 27 27 + ctsc01067732001 28 28 + ctsc01067709301 29 29 + ctsc01067709801 30 30 + ctsc01067720001 31 31 + ctsc01029722401

+114

playbook.yml

reviewed

··· 1 1 + --- 2 2 + - hosts: all 3 3 + tasks: 4 4 + - name: remove any old rook data directories 5 5 + become: yes 6 6 + become_method: sudo 7 7 + file: 8 8 + path: "{{ data_dir_host_path }}" 9 9 + state: absent 10 10 + force: yes 11 11 + tags: cleanup 12 12 + 13 13 + - hosts: storage_nodes 14 14 + tasks: 15 15 + - name: cleanup data directories 16 16 + become: yes 17 17 + become_method: sudo 18 18 + with_items: "{{ storageconfig.directory.paths }}" 19 19 + shell: "rm -rf {{ item }}/*" 20 20 + tags: cleanup 21 21 + 22 22 + - hosts: k8s_master 23 23 + tasks: 24 24 + - name: ensure no rook operator is setup yet 25 25 + shell: "kubectl get po -n {{ rook_operator_namespace }} -o jsonpath='{.items[*]}' | wc -l | tr -d ' '" 26 26 + register: norookoperator 27 27 + failed_when: (norookoperator.stdout | int) > 0 28 28 + changed_when: false 29 29 + 30 30 + - name: ensure no rook cluster is setup yet 31 31 + shell: "kubectl get po -n {{ rook_cluster_namespace }} -o jsonpath='{.items[*]}' | wc -l | tr -d ' '" 32 32 + register: norookcluster 33 33 + failed_when: (norookcluster.stdout | int) > 0 34 34 + changed_when: false 35 35 + when: norookoperator | succeeded 36 36 + 37 37 + 38 38 + - name: copy rook operator config 39 39 + become: yes 40 40 + become_method: sudo 41 41 + template: 42 42 + src: rook-operator-config.yml.j2 43 43 + dest: "{{ rook_cluster_config_dir }}/rook-operator-config.yml" 44 44 + register: rook_operator_config 45 45 + when: norookcluster | succeeded 46 46 + 47 47 + - name: copy rook cluster config 48 48 + become: yes 49 49 + become_method: sudo 50 50 + template: 51 51 + src: rook-cluster-config.yml.j2 52 52 + dest: "{{ rook_cluster_config_dir }}/rook-cluster-config.yml" 53 53 + register: rook_cluster_config 54 54 + when: norookcluster | succeeded 55 55 + 56 56 + 57 57 + - name: create rook operator 58 58 + shell: "kubectl create -f {{ rook_cluster_config_dir }}/rook-operator-config.yml" 59 59 + tags: operator 60 60 + 61 61 + - name: ensure rook operator is up and running 62 62 + shell: > 63 63 + timeout -k 300s 300s 64 64 + kubectl get po -n "{{ rook_operator_namespace }}" 65 65 + -o jsonpath='{range .items[*]}{.metadata.name} : {.status.phase}{"\n"}{end}' 66 66 + | grep -vic Running 67 67 + register: rook_operator_created 68 68 + changed_when: false 69 69 + failed_when: (rook_operator_created.stdout | int) > 0 70 70 + retries: 10 71 71 + tags: operator, cluster 72 72 + 73 73 + - name: create rook cluster 74 74 + shell: "kubectl create -f {{ rook_cluster_config_dir }}/rook-cluster-config.yml" 75 75 + when: rook_operator_created | succeeded 76 76 + tags: cluster 77 77 + 78 78 + - name: ensure rook cluster is up and running 79 79 + shell: > 80 80 + timeout -k 300s 300s 81 81 + kubectl get po -n "{{ rook_cluster_namespace }}" 82 82 + -o jsonpath='{range .items[*]}{.metadata.name} : {.status.phase}{"\n"}{end}' 83 83 + | grep -vic Running 84 84 + register: rook_cluster_created 85 85 + changed_when: false 86 86 + failed_when: (rook_cluster_created.stdout | int) > 0 87 87 + retries: 10 88 88 + tags: cluster 89 89 + 90 90 + - name: copy rook toolbox pod config 91 91 + become: yes 92 92 + become_method: sudo 93 93 + template: 94 94 + src: rook-toolbox-config.yml.j2 95 95 + dest: "{{ rook_cluster_config_dir }}/rook-toolbox-config.yml" 96 96 + register: rook_toolbox_config 97 97 + # when: rook_cluster_created | succeeded 98 98 + tags: toolbox 99 99 + 100 100 + - name: launch rook toolbox pod 101 101 + shell: "kubectl create -f {{ rook_cluster_config_dir }}/rook-toolbox-config.yml" 102 102 + tags: toolbox 103 103 + 104 104 + - name: ensure rook toolbox pod is up and running 105 105 + shell: > 106 106 + kubectl get po -n "{{ rook_cluster_namespace }}" rook-tools 107 107 + -o jsonpath='{range .items[*]}{.metadata.name} : {.status.phase}{"\n"}{end}' 108 108 + | grep -vic Running 109 109 + register: rook_toolbox_launched 110 110 + changed_when: false 111 111 + failed_when: (rook_toolbox_launched.stdout | int) > 0 112 112 + retries: 10 113 113 + tags: toolbox 114 114 +

+50

templates/rook-cluster-config.yml.j2

reviewed

··· 1 1 + apiVersion: v1 2 2 + kind: Namespace 3 3 + metadata: 4 4 + name: {{ rook_cluster_namespace }} 5 5 + --- 6 6 + apiVersion: rook.io/v1alpha1 7 7 + kind: Cluster 8 8 + metadata: 9 9 + name: rook 10 10 + namespace: {{ rook_cluster_namespace }} 11 11 + spec: 12 12 + # The path on the host where configuration files will be persisted. If not specified, a kubernetes emptyDir will be created (not recommended). 13 13 + # Important: if you reinstall the cluster, make sure you delete this directory from each host or else the mons will fail to start on the new cluster. 14 14 + dataDirHostPath: {{data_dir_host_path}} 15 15 + placement: 16 16 + all: 17 17 + nodeAffinity: 18 18 + requiredDuringSchedulingIgnoredDuringExecution: 19 19 + nodeSelectorTerms: 20 20 + - matchExpressions: 21 21 + - key: node-type 22 22 + operator: In 23 23 + values: 24 24 + - storage-node 25 25 + 26 26 + # toggle to use hostNetwork 27 27 + hostNetwork: false 28 28 + # set the amount of mons to be started 29 29 + monCount: 3 30 30 + storage: # cluster level storage configuration and selection 31 31 + useAllNodes: false 32 32 + useAllDevices: false 33 33 + deviceFilter: 34 34 + metadataDevice: 35 35 + location: 36 36 + storeConfig: 37 37 + storeType: {{storageconfig.storetype | default("bluestore")}} 38 38 + databaseSizeMB: {{storageconfig.databasesize | default(1024)}} # this value can be removed for environments with normal sized disks (100 GB or larger) 39 39 + journalSizeMB: {{storageconfig.journalsize | default(1024)}} # this value can be removed for environments with normal sized disks (20 GB or larger) 40 40 + 41 41 + directories: 42 42 + {% for d in storageconfig.directory.paths %} 43 43 + - path: "{{ d }}" 44 44 + {% endfor %} 45 45 + 46 46 + nodes: 47 47 + {% for n in groups['storage_nodes'] %} 48 48 + - name: "{{ hostvars[n]['k8s_host_name'] }}" 49 49 + 50 50 + {% endfor %}

+166

templates/rook-operator-config.yml.j2

reviewed

··· 1 1 + apiVersion: v1 2 2 + kind: Namespace 3 3 + metadata: 4 4 + name: rook-system 5 5 + --- 6 6 + kind: ClusterRole 7 7 + apiVersion: rbac.authorization.k8s.io/v1beta1 8 8 + metadata: 9 9 + name: rook-operator 10 10 + rules: 11 11 + - apiGroups: 12 12 + - "" 13 13 + resources: 14 14 + - namespaces 15 15 + - serviceaccounts 16 16 + - secrets 17 17 + - pods 18 18 + - services 19 19 + - nodes 20 20 + - nodes/proxy 21 21 + - configmaps 22 22 + - events 23 23 + - persistentvolumes 24 24 + - persistentvolumeclaims 25 25 + verbs: 26 26 + - get 27 27 + - list 28 28 + - watch 29 29 + - patch 30 30 + - create 31 31 + - update 32 32 + - delete 33 33 + - apiGroups: 34 34 + - extensions 35 35 + resources: 36 36 + - thirdpartyresources 37 37 + - deployments 38 38 + - daemonsets 39 39 + - replicasets 40 40 + verbs: 41 41 + - get 42 42 + - list 43 43 + - watch 44 44 + - create 45 45 + - update 46 46 + - delete 47 47 + - apiGroups: 48 48 + - apiextensions.k8s.io 49 49 + resources: 50 50 + - customresourcedefinitions 51 51 + verbs: 52 52 + - get 53 53 + - list 54 54 + - watch 55 55 + - create 56 56 + - delete 57 57 + - apiGroups: 58 58 + - rbac.authorization.k8s.io 59 59 + resources: 60 60 + - clusterroles 61 61 + - clusterrolebindings 62 62 + - roles 63 63 + - rolebindings 64 64 + verbs: 65 65 + - get 66 66 + - list 67 67 + - watch 68 68 + - create 69 69 + - update 70 70 + - delete 71 71 + - apiGroups: 72 72 + - storage.k8s.io 73 73 + resources: 74 74 + - storageclasses 75 75 + verbs: 76 76 + - get 77 77 + - list 78 78 + - watch 79 79 + - delete 80 80 + - apiGroups: 81 81 + - rook.io 82 82 + resources: 83 83 + - "*" 84 84 + verbs: 85 85 + - "*" 86 86 + --- 87 87 + apiVersion: v1 88 88 + kind: ServiceAccount 89 89 + metadata: 90 90 + name: rook-operator 91 91 + namespace: rook-system 92 92 + --- 93 93 + kind: ClusterRoleBinding 94 94 + apiVersion: rbac.authorization.k8s.io/v1beta1 95 95 + metadata: 96 96 + name: rook-operator 97 97 + namespace: rook-system 98 98 + roleRef: 99 99 + apiGroup: rbac.authorization.k8s.io 100 100 + kind: ClusterRole 101 101 + name: rook-operator 102 102 + subjects: 103 103 + - kind: ServiceAccount 104 104 + name: rook-operator 105 105 + namespace: rook-system 106 106 + --- 107 107 + apiVersion: apps/v1beta1 108 108 + kind: Deployment 109 109 + metadata: 110 110 + name: rook-operator 111 111 + namespace: rook-system 112 112 + spec: 113 113 + replicas: 1 114 114 + template: 115 115 + metadata: 116 116 + labels: 117 117 + app: rook-operator 118 118 + spec: 119 119 + affinity: 120 120 + nodeAffinity: 121 121 + requiredDuringSchedulingIgnoredDuringExecution: 122 122 + nodeSelectorTerms: 123 123 + - matchExpressions: 124 124 + - key: node-type 125 125 + operator: In 126 126 + values: 127 127 + - storage-node 128 128 + 129 129 + serviceAccountName: rook-operator 130 130 + containers: 131 131 + - name: rook-operator 132 132 + image: rook/rook:master 133 133 + args: ["operator"] 134 134 + env: 135 135 + # To disable RBAC, uncomment the following: 136 136 + # - name: RBAC_ENABLED 137 137 + # value: "false" 138 138 + # Rook Agent toleration. Will tolerate all taints with all keys. 139 139 + # Choose between NoSchedule, PreferNoSchedule and NoExecute: 140 140 + # - name: AGENT_TOLERATION 141 141 + # value: "NoSchedule" 142 142 + # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate 143 143 + # - name: AGENT_TOLERATION_KEY 144 144 + # value: "<KeyOfTheTaintToTolerate>" 145 145 + # Set the path where the Rook agent can find the flex volumes 146 146 + # - name: FLEXVOLUME_DIR_PATH 147 147 + # value: "<PathToFlexVolumes>" 148 148 + # The interval to check if every mon is in the quorum. 149 149 + - name: ROOK_MON_HEALTHCHECK_INTERVAL 150 150 + value: "45s" 151 151 + # The duration to wait before trying to failover or remove/replace the 152 152 + # current mon with a new mon (useful for compensating flapping network). 153 153 + - name: ROOK_MON_OUT_TIMEOUT 154 154 + value: "300s" 155 155 + - name: NODE_NAME 156 156 + valueFrom: 157 157 + fieldRef: 158 158 + fieldPath: spec.nodeName 159 159 + - name: POD_NAME 160 160 + valueFrom: 161 161 + fieldRef: 162 162 + fieldPath: metadata.name 163 163 + - name: POD_NAMESPACE 164 164 + valueFrom: 165 165 + fieldRef: 166 166 + fieldPath: metadata.namespace

+56

templates/rook-toolbox-config.yml.j2

reviewed

··· 1 1 + apiVersion: v1 2 2 + kind: Pod 3 3 + metadata: 4 4 + name: rook-tools 5 5 + namespace: {{rook_cluster_namespace}} 6 6 + spec: 7 7 + 8 8 + affinity: 9 9 + nodeAffinity: 10 10 + requiredDuringSchedulingIgnoredDuringExecution: 11 11 + nodeSelectorTerms: 12 12 + - matchExpressions: 13 13 + - key: node-type 14 14 + operator: In 15 15 + values: 16 16 + - storage-node 17 17 + 18 18 + dnsPolicy: ClusterFirstWithHostNet 19 19 + containers: 20 20 + - name: rook-tools 21 21 + image: rook/toolbox:master 22 22 + imagePullPolicy: IfNotPresent 23 23 + env: 24 24 + - name: ROOK_ADMIN_SECRET 25 25 + valueFrom: 26 26 + secretKeyRef: 27 27 + name: rook-ceph-mon 28 28 + key: admin-secret 29 29 + securityContext: 30 30 + privileged: true 31 31 + volumeMounts: 32 32 + - mountPath: /dev 33 33 + name: dev 34 34 + - mountPath: /sys/bus 35 35 + name: sysbus 36 36 + - mountPath: /lib/modules 37 37 + name: libmodules 38 38 + - name: mon-endpoint-volume 39 39 + mountPath: /etc/rook 40 40 + hostNetwork: false 41 41 + volumes: 42 42 + - name: dev 43 43 + hostPath: 44 44 + path: /dev 45 45 + - name: sysbus 46 46 + hostPath: 47 47 + path: /sys/bus 48 48 + - name: libmodules 49 49 + hostPath: 50 50 + path: /lib/modules 51 51 + - name: mon-endpoint-volume 52 52 + configMap: 53 53 + name: rook-ceph-mon-endpoints 54 54 + items: 55 55 + - key: data 56 56 + path: mon-endpoints