Merge pull request #25 from leseb/fix-gen-keys

Autogenerate initial mon key
2014-03-11 00:55:54 +01:00 · 2014-03-11 00:55:54 +01:00 · 6060a7e56a
parent 4beec0a05d 37882255d6
commit 6060a7e56a
3 changed files with 11 additions and 8 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -10,7 +10,7 @@ redhat_distro: el6 # supported distros are el6, rhel6, f18, f19, opensuse12.2, s
 # Ceph options
 cephx: true
 mds: false # disable mds configuration in ceph.conf
-fsid: 4a158d27-f750-41d5-9e7f-26ce4c9d2d45
+fsid: # /!\ GENERATE ONE WITH 'uuidgen -r' /!\

 # Monitors options
 monitor_interface: eth1
--- a/group_vars/mons
+++ b/group_vars/mons
@ -1,5 +0,0 @@
---
-# Variables here are applicable to all host groups NOT roles
-
-# Monitor options
-monitor_secret: AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==
--- a/roles/mon/tasks/main.yml
+++ b/roles/mon/tasks/main.yml
@ -2,14 +2,22 @@
 ## Deploy Ceph monitor(s)
 #

+- name: Generate monitor initial keyring
+  command: ceph-authtool -C foo --gen-print-key creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
+  when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx
+  register: monitor_secret
+
+- set_fact: 'monitor_secret="{{ monitor_secret.stdout }}"'
+  when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx
+
 - name: Create monitor initial keyring
-  command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
+  command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ hostvars[groups['mons'][0]]['monitor_secret'] }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}

 - name: Set initial monitor key permissions
  file: path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} mode=0600 owner=root group=root

 - name: Create monitor directory
-  action: file path=/var/lib/ceph/mon/ceph-{{ ansible_hostname }} state=directory owner=root group=root mode=0644
+  file: path=/var/lib/ceph/mon/ceph-{{ ansible_hostname }} state=directory owner=root group=root mode=0644

 - name: Ceph monitor mkfs
  command: ceph-mon --mkfs -i {{ ansible_hostname }} --keyring /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} creates=/var/lib/ceph/mon/ceph-{{ ansible_hostname }}/keyring