ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2174 from fultonj/chmod-facl-on-all-mon 

Set permissions and ACLs of OpenStack keys on all ceph-mons
pull/2180/head
Guillaume Abrioux 2017-11-15 17:17:23 +01:00 committed by GitHub
parent fbb4d2ea15 d65cbaa539
commit 28a158e7a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
roles/ceph-mon/tasks/openstack_config.yml
View File

@ -50,24 +50,25 @@
- openstack_config
- item.0 != groups[mon_group_name] | last
- name: chmod openstack key(s)
- name: chmod openstack key(s) on the other mons and this mon
file:
path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
with_items: "{{ openstack_keys }}"
when:
- openstack_config
- cephx
- name: setfacl for openstack key(s)
acl:
path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
entry: "{{ item.1 }}"
state: present
with_subelements:
path: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
mode: "{{ item.1.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
with_nested:
- "{{ groups[mon_group_name] }}"
- "{{ openstack_keys }}"
- acls
- skip_missing: true
delegate_to: "{{ item.0 }}"
when:
- openstack_config
- cephx
- name: setfacl for openstack key(s) on the other mons and this mon
command: "setfacl -m {{ item.1.acls | join(',') }} /etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
with_nested:
- "{{ groups[mon_group_name] }}"
- "{{ openstack_keys }}"
delegate_to: "{{ item.0 }}"
when:
- item.1.acls | length > 0
- openstack_config
- cephx