From 2566db3e7c9849a530c5b00b196760361842da46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= <seb@redhat.com>
Date: Mon, 24 Jul 2017 16:00:06 +0200
Subject: [PATCH] mon: add mgr cap to admin key
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Sébastien Han <seb@redhat.com>
---
 roles/ceph-mon/tasks/deploy_monitors.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index de8ef40d3..eda6747f3 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -38,8 +38,22 @@
     mode: "0755"
     recurse: true
 
+- set_fact:
+    ceph_authtool_cap: "--cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow' --cap mgr 'allow *'"
+  when:
+    - ceph_release_num.{{ ceph_release }} >= ceph_release_num.luminous
+    - cephx
+    - admin_secret != 'admin_secret'
+
+- set_fact:
+    ceph_authtool_cap: "--cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'"
+  when:
+    - ceph_release_num.{{ ceph_release }} < ceph_release_num.luminous
+    - cephx
+    - admin_secret != 'admin_secret'
+
 - name: create custom admin keyring
-  command: ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'
+  command: "ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 {{ ceph_authtool_cap }}"
   args:
     creates: /etc/ceph/{{ cluster }}.client.admin.keyring
   register: create_custom_admin_secret