ceph-ansible/roles/ceph-mon/tasks/openstack_config.yml

74 lines
2.5 KiB
YAML
Raw Normal View History

---
- name: create openstack pool(s)
command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.pg_num }} {{ item.rule_name }}"
with_items: "{{ openstack_pools | unique }}"
changed_when: false
failed_when: false
# A future version could use "--caps CAPSFILE"
# which will set all of capabilities associated with a given key, for all subsystems
- name: create openstack key(s)
shell: "{{ docker_exec_cmd }} bash -c 'ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\"'"
2015-10-17 07:55:31 +08:00
args:
creates: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
with_items: "{{ openstack_keys }}"
changed_when: false
when: cephx
- name: check if openstack key(s) already exist(s)
command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
changed_when: false
failed_when: false
with_items: "{{ openstack_keys }}"
register: openstack_key_exist
- name: add openstack key(s) to ceph
command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
changed_when: false
with_together:
- "{{ openstack_keys }}"
- "{{ openstack_key_exist.results }}"
when: item.1.rc != 0
- name: fetch openstack key(s)
fetch:
src: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
dest: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
flat: yes
with_items: "{{ openstack_keys }}"
- name: copy to other mons the openstack key(s)
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
with_nested:
- "{{ groups[mon_group_name] }}"
- "{{ openstack_keys }}"
delegate_to: "{{ item.0 }}"
when:
- cephx
- openstack_config
- item.0 != groups[mon_group_name] | last
- name: setfacl for openstack key(s)
acl:
path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
entry: "{{ item.1 }}"
state: present
with_subelements:
- "{{ openstack_keys }}"
- acls
- skip_missing: true
when:
- openstack_config
- cephx
- name: chmod openstack key(s)
file:
path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
mode: "{{ item.mode }}"
with_items: "{{ openstack_keys }}"
when:
- openstack_config
- cephx