ceph_keys.yml 1.55 KB
Newer Older
1
---
Sébastien Han's avatar
Sébastien Han committed
2
# NOTE (leseb): wait for mon discovery and quorum resolution
3
4
# the admin key is not instantanely created so we have to wait a bit
- name: wait for client.admin key exists
Michael Sambol's avatar
Michael Sambol committed
5
  wait_for:
6
    path: /etc/ceph/{{ cluster }}.client.admin.keyring
7

8
- name: create ceph rest api keyring when mon is not containerized
9
  command: ceph --cluster {{ cluster }} auth get-or-create client.restapi osd 'allow *' mon 'allow *' -o /etc/ceph/{{ cluster }}.client.restapi.keyring
Michael Sambol's avatar
Michael Sambol committed
10
  args:
11
    creates: /etc/ceph/{{ cluster }}.client.restapi.keyring
leseb's avatar
leseb committed
12
13
14
  changed_when: false
  when:
    cephx and
15
16
    groups[restapi_group_name] is defined

17
- include: openstack_config.yml
18
  when: openstack_config
19

leseb's avatar
leseb committed
20
- name: find ceph keys
21
  shell: ls -1 /etc/ceph/*.keyring
leseb's avatar
leseb committed
22
  changed_when: false
23
24
25
  register: ceph_keys
  when: cephx

Sébastien Han's avatar
Sébastien Han committed
26
- name: set keys permissions
Michael Sambol's avatar
Michael Sambol committed
27
28
29
30
31
  file:
    path: "{{ item }}"
    mode: 0600
    owner: root
    group: root
Sébastien Han's avatar
Sébastien Han committed
32
33
  with_items:
    - "{{ ceph_keys.stdout_lines }}"
34
  when: cephx
Sébastien Han's avatar
Sébastien Han committed
35

Sébastien Han's avatar
Sébastien Han committed
36
- name: copy keys to the ansible server
Michael Sambol's avatar
Michael Sambol committed
37
38
39
40
  fetch:
    src: "{{ item }}"
    dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
    flat: yes
41
  run_once: true
42
43
  with_items:
    - "{{ ceph_keys.stdout_lines }}"
44
45
46
    - /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
    - /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
    - /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
leseb's avatar
leseb committed
47
  when: cephx
48

Sébastien Han's avatar
Sébastien Han committed
49
- name: drop in a motd script to report status when logging in
Michael Sambol's avatar
Michael Sambol committed
50
51
52
53
54
55
  copy:
    src: precise/92-ceph
    dest: /etc/update-motd.d/92-ceph
    owner: root
    group: root
    mode: 0755
56
  when: ansible_distribution_release == 'precise'