Commit 59ecddcd authored by Dimitri Savineau's avatar Dimitri Savineau Committed by Guillaume Abrioux
Browse files

keyring: use ceph_key module for auth get command



Instead of using ceph auth get command via the ansible command module
then we can use the ceph_key module and the info state.
Signed-off-by: default avatarDimitri Savineau <dsavinea@redhat.com>
parent 7d3d51d6
......@@ -280,8 +280,14 @@
ceph_cmd: "{{ container_binary + ' run --rm --net=host -v /etc/ceph:/etc/ceph:z -v /var/lib/ceph:/var/lib/ceph:z -v /var/run/ceph:/var/run/ceph:z --entrypoint=ceph ' + ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else 'ceph' }}"
- name: get the client.admin keyring
command: "{{ ceph_cmd }} --cluster {{ cluster }} auth get client.admin"
changed_when: false
ceph_key:
name: client.admin
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
run_once: true
delegate_to: '{{ groups[mon_group_name][0] }}'
register: client_admin_keyring
......
......@@ -2,24 +2,25 @@
- name: copy ceph admin keyring
block:
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _client_keys
with_items:
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
ceph_key:
name: client.admin
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _admin_key
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
run_once: true
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
content: "{{ _admin_key.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _client_keys.results }}"
when:
- item.item.copy_key | bool
when: cephx | bool
when:
- cephx | bool
- copy_admin_key | bool
......@@ -21,11 +21,16 @@
run_once: True
- name: get keys from monitors
command: "{{ hostvars[groups[mon_group_name][0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get client.crash"
ceph_key:
name: client.crash
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _crash_keys
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
check_mode: False
changed_when: False
run_once: true
- name: copy ceph key(s) if needed
......
---
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _iscsi_keys
with_items:
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
ceph_key:
name: client.admin
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _admin_key
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
run_once: true
when:
- cephx | bool
- item.copy_key | bool
- copy_admin_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
content: "{{ _admin_key.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _iscsi_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- copy_admin_key | bool
- name: add mgr ip address to trusted list with dashboard - ipv4
set_fact:
......
......@@ -11,7 +11,14 @@
- /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}
- name: get keys from monitors
command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _mds_keys
with_items:
- { name: "client.bootstrap-mds", path: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring", copy_key: true }
......
......@@ -54,7 +54,14 @@
- { 'name': "mgr.{{ ansible_hostname }}", 'path': "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring", 'copy_key': true }
- name: get keys from monitors
command: "{{ _container_exec_cmd | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _mgr_keys
with_items: "{{ _mgr_keys }}"
delegate_to: "{{ groups[mon_group_name][0] if running_mon is undefined else running_mon }}"
......
---
- name: check if monitor initial keyring already exists
command: >
{{ _container_exec_cmd | default('') }} ceph --cluster {{ cluster }} --name mon. -k
/var/lib/ceph/mon/{{ cluster }}-{{ hostvars[groups[mon_group_name][0] if running_mon is undefined else running_mon]['ansible_hostname'] }}/keyring
auth get-key mon.
ceph_key:
name: mon.
cluster: "{{ cluster }}"
user: mon.
user_key: "/var/lib/ceph/mon/{{ cluster }}-{{ hostvars[groups[mon_group_name][0] if running_mon is undefined else running_mon]['ansible_hostname'] }}/keyring"
output_format: json
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: initial_mon_key
run_once: True
delegate_to: "{{ groups[mon_group_name][0] if running_mon is undefined else running_mon }}"
......@@ -24,7 +30,7 @@
- name: get initial keyring when it already exists
set_fact:
monitor_keyring: "{{ initial_mon_key.stdout if monitor_keyring.skipped is defined else monitor_keyring.stdout if initial_mon_key.skipped is defined }}"
monitor_keyring: "{{ (initial_mon_key.stdout | from_json)[0].key if monitor_keyring.skipped is defined else monitor_keyring.stdout if initial_mon_key.skipped is defined }}"
when: initial_mon_key is not skipped or monitor_keyring is not skipped
- name: create monitor initial keyring
......
......@@ -10,7 +10,14 @@
run_once: true
- name: get keys from monitors
command: "{{ hostvars[groups.get(mon_group_name)[0]]['container_exec_cmd'] }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _rgw_keys
with_items:
- { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
......
......@@ -48,7 +48,11 @@
- groups.get(mon_group_name, []) | length > 0
block:
- name: get keys from monitors
command: "ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
register: _rgw_keys
with_items:
- { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: "{{ nfs_obj_gw }}" }
......
......@@ -12,7 +12,14 @@
- /var/lib/ceph/osd/
- name: get keys from monitors
command: "{{ hostvars[groups[mon_group_name][0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _osd_keys
with_items:
- { name: "client.bootstrap-osd", path: "/var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring", copy_key: true }
......
......@@ -37,10 +37,16 @@
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: get keys from monitors
command: "{{ hostvars[groups[mon_group_name][0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _osp_keys
with_items: "{{ openstack_keys }}"
run_once: true
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
- name: copy ceph key(s) if needed
......
---
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _rbd_mirror_keys
with_items:
- { name: "client.bootstrap-rbd-mirror", path: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring", copy_key: true }
......
......@@ -9,7 +9,14 @@
with_items: "{{ rbd_client_admin_socket_path }}"
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
ceph_key:
name: "{{ item.name }}"
cluster: "{{ cluster }}"
output_format: plain
state: info
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
register: _rgw_keys
with_items:
- { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment