infra: add playbook example for ceph_key module

Helper playbook to manage CephX keys. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-30 16:56:44 +02:00 · 2018-03-30 16:56:44 +02:00 · 473939d215
parent 2a924c10e7
commit 473939d215
1 changed files with 68 additions and 0 deletions
--- a/infrastructure-playbooks/ceph-keys.yml
+++ b/infrastructure-playbooks/ceph-keys.yml
@ -0,0 +1,68 @@
+---
+# This playbook is used to manage CephX Keys
+# You will find examples below on how the module can be used on daily operations
+#
+# It currently runs on localhost
+
+- hosts: localhost
+  gather_facts: false
+  vars:
+    cluster: ceph
+    docker_exec_cmd: "docker exec ceph-nano"
+    keys_to_info:
+      - client.admin
+      - mds.0
+    keys_to_delete:
+      - client.leseb
+      - client.leseb1
+      - client.pythonnnn
+    keys_to_create:
+      - { name: client.pythonnnn, caps: { mon: "allow rwx", mds: "allow *" } , mode: "0600", acls: [] }
+      - { name: client.existpassss, caps: { mon: "allow r", osd: "allow *" } , mode: "0600", acls: [] }
+      - { name: client.path, caps: { mon: "allow r", osd: "allow *" } , mode: "0600", acls: [] }
+
+  tasks:
+    - name: create ceph key(s) module
+      ceph_key:
+        name: "{{ item.name }}"
+        state: present
+        caps: "{{ item.caps }}"
+        cluster: "{{ cluster }}"
+        secret: "{{ item.key | default('') }}"
+        containerized: "{{ docker_exec_cmd | default(False) }}"
+      with_items: "{{ keys_to_create }}"
+
+    - name: update ceph key(s)
+      ceph_key:
+        name: "{{ item.name }}"
+        state: update
+        caps: "{{ item.caps }}"
+        cluster: "{{ cluster }}"
+        containerized: "{{ docker_exec_cmd | default(False) }}"
+      with_items: "{{ keys_to_create }}"
+
+    - name: delete ceph key(s)
+      ceph_key:
+        name: "{{ item }}"
+        state: absent
+        cluster: "{{ cluster }}"
+        containerized: "{{ docker_exec_cmd | default(False) }}"
+      with_items: "{{ keys_to_delete }}"
+
+    - name: info ceph key(s)
+      ceph_key:
+        name: "{{ item }}"
+        state: info
+        cluster: "{{ cluster }}"
+        containerized: "{{ docker_exec_cmd }}"
+      register: key_info
+      ignore_errors: true
+      with_items: "{{ keys_to_info }}"
+
+    - name: list ceph key(s)
+      ceph_key:
+        state: list
+        cluster: "{{ cluster }}"
+        containerized: "{{ docker_exec_cmd | default(False) }}"
+      register: list_keys
+      ignore_errors: true