The other nice thing about Ansible is that you only need to install it
on one machine. Which doesn't even have to be a server machine if you'd
prefer to have a sysop machine run it instead. I have 2-3 boxes that can
run ansible using playbooks that are stored/shared in the Ceph filesystem.
The ansible core is fairly lightweight and it should be all you need
these days to copy config files, execute ceph commands and even run
cephadm upgrades. All the ceph machines themselves need is an ssh login
capable of sudoing to (or being) whatever userid you administer ceph
under, and likely can use the same security resources as you're using
with ceph itself.
I'm pretty sure you can feed ceph auth with YAML these days, though. It
would send the info to the ceph config database, not /etc/ceph.
The Ceph dashboard is also capable of doing a lot of the config and
control work for ceph and there are ReST APIs for some of that stuff.
if Puppet is your shop's master control point, nothing wrong with that.
I merely offer additional options. Puppet is how I manage my site DHCP,
DNS, and web proxy services, which are too gnarly for me to want to do
in Ansible. But, as I said, for lightweight stuff, I skip Puppet.
Actually to bring up a complex box on cold iron, I boot via Kickstart,
run Ansible, which does basic common setup including installing Puppet
agents where needed, then use Puppet for the heavy config work.
On 6/10/25 10:54, Albert Shih wrote:
Le 10/06/2025 à 09:56:34-0400, Tim Holloway a écrit
Hi,
I use Puppet for my complex servers, but my Ceph machines are lightweight,
and Puppet, for all its virtues does require a Puppet agent to be installed
on each target and have a corresponding node manifest.
For the Ceph machines I just use Ansible. Since all my /etc/ceph files are
identical on all machines, I can define a set of hosts to Ansible as
belonging to a "ceph" group, and add/remove as needed, then use Ansible to
update them /en masse/. Ansible requires no additional software on its
targets to act as agents, as it simply directs operations via ssh.
I don't have special /etc/ceph files for my rgw hosts, as since at least
Octopus on, the pertinent information is in Ceph's configuration database
and the actual contents of /etc/ceph are minimal. Ansible simply clones its
master copy of /etc/ceph to each ceph target.
Fabulous.
I 100% agree with you about puppet + ceph.
I will not use ansible...because we don't have ansible currently.
I'm using puppet for some minimal configuration on CEPH, mostly monitoring,
version of ceph, stuff like that. The module I wrote just bootstrap the
ceph with ceph adm.
When I upgrade the ceph version the puppet module just install the new
version of cephadm (and apt depot config) the rest is done manually.
and of course the configuration of ceph is manual.
If some day ceph auth will accept some JSON/YAML in export/import I will
manage the export on cephfs with puppet. But not the case currently.
Thanks.
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
