rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity
137 commits 1 branch 0 tags 312 KiB
Commit graph

7 commits

Author SHA1 Message Date
Timotej Lazar 46a9ff6fc0 ceph: add LE certificates 
With a hook to restart RGW services on renewal, if there are any. Live
certificates are linked to the same path under /etc/ceph on each host,
so that the orch service spec is node-independent.

Use with something like this (port 80 must be kept free for standalone
certbot renewal):

    service_type: rgw
    spec:
      rgw_frontend_port: 8080
      rgw_frontend_extra_args:
        - ssl_port=443
        - ssl_private_key=/etc/ceph/privkey.pem
        - ssl_certificate=/etc/ceph/fullchain.pem
    extra_container_args:
      - "--volume"
      - "/etc/ceph:/etc/ceph:ro"
      - "--volume"
      - "/etc/letsencrypt:/etc/letsencrypt:ro"
 2024-11-08 16:38:15 +01:00
Timotej Lazar 4b34370d5d ceph: set NTP servers 2024-06-19 15:07:59 +02:00
Timotej Lazar 25bcddede1 Factor frr role from debian, ceph and proxmox 
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
 2024-05-19 14:21:25 +02:00
Timotej Lazar 1a4652fd87 ceph: parametrize cephadm checksum 2024-04-27 10:44:58 +02:00
Timotej Lazar 8be55c2bde ceph: set up firewall 
Still need to drop the hardcoded allowed set.
 2024-04-05 06:12:58 +02:00
Timotej Lazar ce7903e43a ceph: improve cluster setup 
Remove separate NetBox lookups. Explicitly allow connections between
cluster nodes. Tigthen temporary allowed IPv6 ranges.
 2024-03-01 08:45:51 +01:00
Timotej Lazar 5038411af3 Add ceph role 
Just prepares the servers, all management is then done through cephadm.
 2023-11-20 13:04:11 +01:00