---
- name: Ceph-Master Installation Playbook
  hosts: ceph_master
  become: true
  gather_facts: true
  vars:
    ansible_become_password: "{{ ansible_ssh_pass }}"
    cephadm_url: "https://github.com/ceph/ceph/raw/quincy/src/cephadm/cephadm"

  tasks:

    - name: Change hostname
      hostname:
        name: ceph-master

    - name: Check if cephadmin user exists
      command: getent passwd cephadmin
      register: cephadmin_user
      ignore_errors: true

    - name: Create cephadmin user if not exists
      command: useradd cephadmin
      when: cephadmin_user.rc != 0
      failed_when: false

    - name: Set password for cephadmin user
      user:
        name: cephadmin
        password: "{{ ansible_ssh_pass | password_hash('sha512') }}"
      become: true

    - name: Add cephadmin to sudo group
      user:
        name: cephadmin
        state: present
        groups: sudo
        append: yes
      when: cephadmin_user.rc != 0

    - name: Create sudoers file for cephadmin
      copy:
        content: "cephadmin ALL=(ALL) NOPASSWD:ALL"
        dest: "/etc/sudoers.d/cephadmin"
        mode: '0440'

    - name: Download cephadm
      get_url:
        url: "{{ cephadm_url }}"
        dest: "/usr/local/bin/cephadm"
        mode: '0755'
      become: true
      ignore_errors: true

    - name: Ensure ceph packages are installed
      package:
        name: "{{ item }}"
        state: "latest"
      loop:
        - sshpass
        - podman
        - lvm2
        - ceph-common
        - ceph-base
        - ceph-iscsi
        - radosgw
          #- nfs-ganesha-ceph
        - cephfs-shell
        - targetcli-fb
        - ceph-iscsi
        - python3-rtslib-fb
        - tcmu-runner

    - name: Install Ceph
      command: "cephadm bootstrap --mon-ip {{ ansible_default_ipv4.address }} --dashboard-password-noupdate --initial-dashboard-user admin --initial-dashboard-password 'p@ssw0rd'"
      become: true
      ignore_errors: true
      args:
        creates: "/etc/ceph/ceph.conf"

    - name: Configure Ceph settings
      command: "{{ item }}"
      loop:
        - "ceph config set mgr mgr/cephadm/manage_etc_ceph_ceph_conf true"
          #- "systemctl stop nfs-ganesha"
          #- "systemctl disable nfs-ganesha"
        - "ceph telemetry on --license sharing-1-0"
        - "ceph telemetry enable channel perf"
        - "ceph mgr module enable prometheus"
        - "ceph config set mon mon_allow_pool_delete true"
      async: 3
      poll: 0

    - name: Create and Run crushmap modification script
      block:
        - name: Create crushmap modification script
          copy:
            content: |
              #!/bin/bash
              ceph osd getcrushmap -o crushmap.cm &&
              crushtool --decompile crushmap.cm -o crushmap.txt &&
              sed -i 's/step chooseleaf firstn 0 type host/step chooseleaf firstn 0 type osd/g' crushmap.txt &&
              crushtool --compile crushmap.txt -o new_crushmap.cm &&
              ceph osd setcrushmap -i new_crushmap.cm &&
              sleep 5
            dest: "/root/crushmap.sh"
            mode: '0755'

        - name: Run crushmap modification script
          command: "/root/crushmap.sh"

    - name: Delete crushmap related files
      file:
        path: "/root/{{ item }}"
        state: absent
      loop:
        - crushmap.cm
        - crushmap.sh
        - crushmap.txt
        - new_crushmap.cm

    - name: Run ssh-keygen as cephadmin on ceph-member
      command: "sudo -u cephadmin HOME=/home/cephadmin ssh-keygen -t rsa -N '' -f /home/cephadmin/.ssh/id_rsa"
      args:
        creates: "/home/cephadmin/.ssh/id_rsa"

    - name: Kopieren Sie den SSH-Pubkey von ceph zu cephadmin
      shell: "sudo -u cephadmin cat /etc/ceph/ceph.pub > /home/cephadmin/.ssh/authorized_keys"
      args:
        warn: no

    - name: Kopieren Sie den SSH-Pubkey von cephadmin zu cephadmin
      shell: "sudo -u cephadmin cat /home/cephadmin/.ssh/id_rsa.pub >> /home/cephadmin/.ssh/authorized_keys"
      args:
        warn: no

    - name: Change Ceph User
      command: "ceph cephadm set-user cephadmin"
      async: 3
      poll: 0

    - name: Add OSDs
      command: "ceph orch apply osd --all-available-devices"
      async: 10
      poll: 0

    - name: Create cephfs0_data pool
      command: "ceph osd pool create cephfs0_data replicated"
      async: 3
      poll: 0

    - name: Enable Application for Pool cephfs0_data
      command: "ceph osd pool application enable cephfs0_data cephfs"

    - name: Create cephfs0_metadata pool
      command: "ceph osd pool create cephfs0_metadata replicated"
      async: 3
      poll: 0

    - name: Enable Application for Pool cephfs0_metadata
      command: "ceph osd pool application enable cephfs0_metadata cephfs"

    - name: Create cephfs0 filesystem
      command: "ceph fs new cephfs0 cephfs0_metadata cephfs0_data"
      async: 3
      poll: 0

    - name: Apply MDS for cephfs0
      command: "ceph orch apply mds cephfs0 1"
      async: 3
      poll: 0

    - name: Authorize cephfs0 client user
      command: "bash -c 'echo \"{{ ansible_ssh_pass }}\" | ceph fs authorize cephfs0 client.user / rw | sudo tee /etc/ceph/ceph.client.user.keyring'"

    - name: Wait for Ceph cluster stabilization
      command: "sleep 10"

    - name: Create /mnt/cephfs0
      command: "mkdir -p /mnt/cephfs0"

    - name: Mount cephfs0
      ansible.builtin.mount:
        src: "{{ ansible_default_ipv4.address }}:/"
        path: "/mnt/cephfs0"
        fstype: "ceph"
        opts: "name=user,noatime,nodiratime,_netdev"
        state: "mounted"
        fstab: "/etc/fstab"
        dump: 0
        passno: 0

    - name: Apply NFS Service with Orchestrator
      command: "ceph orch apply nfs 1"

    - name: Create /mnt/nfs0
      command: "mkdir -p /mnt/nfs0"

    - name: Create NFS Share 
      command: "ceph nfs export create cephfs 1 /storage cephfs0 /"

    - name: Mount NFS storage
      ansible.builtin.mount:
        src: "{{ ansible_default_ipv4.address }}:/storage"
        path: "/mnt/nfs0"
        fstype: "nfs"
        opts: "nfsvers=4.1,auto,soft,sync,proto=tcp"
        state: "mounted"

    - name: Create RBD Pool
      command: "ceph osd pool create rbd"
  
    - name: Enable RBD Application for Pool
      command: "ceph osd pool application enable rbd rbd"
  
    - name: Initialize RBD Pool
      command: "rbd pool init -p rbd"
  
    - name: Create RGW Realm
      command: "radosgw-admin realm create --rgw-realm=default --default"
      ignore_errors: true

    - name: Create RGW Zonegroup
      command: "radosgw-admin zonegroup create --rgw-zonegroup=default --master --default"
      ignore_errors: true

    - name: Create RGW Zone
      command: "radosgw-admin zone create --rgw-zonegroup=default --rgw-zone=default --master --default"
      ignore_errors: true

    - name: Update RGW Period
      command: "radosgw-admin period update --rgw-realm=default --commit"
      
    - name: Apply RGW Configuration with Orchestrator
      command: "ceph orch apply rgw default --realm=default --zone=default --placement='1 {{ ansible_hostname }}'"

    - name: Execute command to get s3 keys
      shell: radosgw-admin user info --uid=dashboard | grep -E '(access_key|secret_key)' | awk '{print $2}' | tr -d '\"' | tr -d ',' | tr '\n' ':' | sed 's/:$//' > /etc/passwd-s3fs

    - name: Change Permissions of Credentials File
      command: "chmod 0600 /etc/passwd-s3fs"

    - name: Create /mnt/bucket1
      command: "mkdir -p /mnt/bucket1"

    - name: Mount S3 Bucket
      ansible.builtin.mount:
        src: "#s3fs#bucket1"
        path: "/mnt/bucket1"
        fstype: "fuse"
        opts: "_netdev,allow_other,use_path_request_style,no_check_certificate,mp_umask=022,url=http://{{ ansible_default_ipv4.address }}"
        state: "unmounted"
        dump: 0
        passno: 0

    - name: Create Bucket 
      ansible.builtin.debug:
        msg: 'Please add the Bucket "bucket1" in your Ceph Dashboard and link it the the User "dashboard". Then uncomment mount in "/etc/fstab" and run "mount -a"'