2016-05-11 00:29:27 +08:00
|
|
|
|
---
|
2017-09-14 04:13:53 +08:00
|
|
|
|
- name: set docker_exec_client_cmd_binary to ceph-authtool
|
|
|
|
|
set_fact:
|
|
|
|
|
docker_exec_client_cmd_binary: ceph-authtool
|
|
|
|
|
when: containerized_deployment
|
|
|
|
|
|
|
|
|
|
- name: set docker_exec_client_cmd for containers
|
|
|
|
|
set_fact:
|
2017-11-02 23:17:38 +08:00
|
|
|
|
docker_exec_client_cmd: docker run --rm -v /etc/ceph:/etc/ceph --entrypoint /usr/bin/{{ docker_exec_client_cmd_binary }} {{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
|
2017-09-14 04:13:53 +08:00
|
|
|
|
when: containerized_deployment
|
|
|
|
|
|
|
|
|
|
- name: set docker_exec_client_cmd for non-containers
|
|
|
|
|
set_fact:
|
|
|
|
|
docker_exec_client_cmd: ceph-authtool
|
|
|
|
|
when: not containerized_deployment
|
2016-05-11 00:29:27 +08:00
|
|
|
|
|
2017-07-13 23:39:35 +08:00
|
|
|
|
- name: create key(s)
|
2017-09-14 04:13:53 +08:00
|
|
|
|
shell: "{{ docker_exec_client_cmd }} -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
|
2016-05-11 00:29:27 +08:00
|
|
|
|
args:
|
|
|
|
|
creates: /etc/ceph/{{ cluster }}.{{ item.name }}.keyring
|
2016-11-03 17:16:33 +08:00
|
|
|
|
with_items: "{{ keys }}"
|
2016-05-11 00:29:27 +08:00
|
|
|
|
changed_when: false
|
2017-07-13 23:39:35 +08:00
|
|
|
|
when:
|
|
|
|
|
- cephx
|
|
|
|
|
- keys | length > 0
|
|
|
|
|
|
2017-09-14 04:13:53 +08:00
|
|
|
|
- name: set docker_exec_client_cmd_binary to ceph
|
|
|
|
|
set_fact:
|
|
|
|
|
docker_exec_client_cmd_binary: ceph
|
|
|
|
|
when: containerized_deployment
|
|
|
|
|
|
|
|
|
|
- name: replace docker_exec_client_cmd by ceph
|
|
|
|
|
set_fact:
|
|
|
|
|
docker_exec_client_cmd: ceph
|
|
|
|
|
when:
|
|
|
|
|
- not containerized_deployment
|
|
|
|
|
- docker_exec_client_cmd == 'ceph-authtool'
|
|
|
|
|
|
2017-07-13 23:39:35 +08:00
|
|
|
|
- name: check if key(s) already exist(s)
|
2017-09-14 04:13:53 +08:00
|
|
|
|
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth get {{ item.name }}"
|
2017-07-13 23:39:35 +08:00
|
|
|
|
changed_when: false
|
|
|
|
|
failed_when: false
|
|
|
|
|
with_items: "{{ keys }}"
|
|
|
|
|
register: keys_exist
|
2017-09-02 09:30:04 +08:00
|
|
|
|
when:
|
|
|
|
|
- copy_admin_key
|
2017-07-13 23:39:35 +08:00
|
|
|
|
|
2017-09-14 04:13:53 +08:00
|
|
|
|
- name: create pools
|
|
|
|
|
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.pgs }}"
|
|
|
|
|
with_items: "{{ pools }}"
|
|
|
|
|
changed_when: false
|
|
|
|
|
failed_when: false
|
|
|
|
|
when:
|
|
|
|
|
- pools | length > 0
|
|
|
|
|
- copy_admin_key
|
|
|
|
|
|
2017-07-13 23:39:35 +08:00
|
|
|
|
- name: add key(s) to ceph
|
2017-09-14 04:13:53 +08:00
|
|
|
|
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
2017-07-13 23:39:35 +08:00
|
|
|
|
changed_when: false
|
|
|
|
|
with_together:
|
|
|
|
|
- "{{ keys }}"
|
2017-09-02 09:30:04 +08:00
|
|
|
|
- "{{ keys_exist.results | default([]) }}"
|
|
|
|
|
when:
|
2017-09-14 04:13:53 +08:00
|
|
|
|
- not item.1.get("skipped")
|
2017-09-02 09:30:04 +08:00
|
|
|
|
- copy_admin_key
|
|
|
|
|
- item.1.rc != 0
|
2017-07-20 06:20:18 +08:00
|
|
|
|
|
2017-09-14 04:13:53 +08:00
|
|
|
|
- name: put docker_exec_client_cmd back to normal with a none value
|
|
|
|
|
set_fact:
|
|
|
|
|
docker_exec_client_cmd:
|
|
|
|
|
when: docker_exec_client_cmd == 'ceph'
|
|
|
|
|
|
2017-10-26 07:46:02 +08:00
|
|
|
|
- name: chmod key(s)
|
|
|
|
|
file:
|
|
|
|
|
path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
|
|
|
|
|
mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
|
|
|
|
|
with_items: "{{ keys }}"
|
|
|
|
|
when:
|
|
|
|
|
- cephx
|
|
|
|
|
- keys | length > 0
|
|
|
|
|
|
2017-07-20 06:20:18 +08:00
|
|
|
|
- name: setfacl for key(s)
|
|
|
|
|
acl:
|
|
|
|
|
path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
|
|
|
|
entry: "{{ item.1 }}"
|
|
|
|
|
state: present
|
|
|
|
|
with_subelements:
|
|
|
|
|
- "{{ keys }}"
|
|
|
|
|
- acls
|
|
|
|
|
- skip_missing: true
|
|
|
|
|
when:
|
|
|
|
|
- cephx
|
|
|
|
|
- keys | length > 0
|