mirror of https://github.com/ceph/ceph-ansible.git
common: do not log keyring secret
let's not display any keyring secret by default in ansible log.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1980744
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 7511195738
)
hotfix-bz2014304
v4.0.62.2
parent
998dda7fdf
commit
67c1e91567
|
@ -887,7 +887,7 @@ dummy:
|
|||
|
||||
#client_connections: {}
|
||||
|
||||
|
||||
#no_log_on_ceph_key_tasks: True
|
||||
|
||||
###############
|
||||
# DEPRECATION #
|
||||
|
|
|
@ -887,7 +887,7 @@ alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alert
|
|||
|
||||
#client_connections: {}
|
||||
|
||||
|
||||
#no_log_on_ceph_key_tasks: True
|
||||
|
||||
###############
|
||||
# DEPRECATION #
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
- cephx | bool
|
||||
- keys | length > 0
|
||||
- inventory_hostname == groups.get('_filtered_clients') | first
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: slurp client cephx key(s)
|
||||
slurp:
|
||||
|
@ -64,7 +64,7 @@
|
|||
- cephx | bool
|
||||
- keys | length > 0
|
||||
- inventory_hostname == groups.get('_filtered_clients') | first
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: pool related tasks
|
||||
when:
|
||||
|
@ -172,5 +172,5 @@
|
|||
group: "{{ ceph_uid }}"
|
||||
with_items: "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] }}"
|
||||
when: not item.get('skipped', False)
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -22,5 +23,5 @@
|
|||
with_items: "{{ _client_keys.results }}"
|
||||
when:
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when: cephx | bool
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
delegate_to: "{{ groups.get(mon_group_name, [])[0] }}"
|
||||
run_once: True
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: enforce container_binary on first monitor
|
||||
import_role:
|
||||
|
@ -42,6 +43,7 @@
|
|||
check_mode: False
|
||||
changed_when: False
|
||||
run_once: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -50,7 +52,7 @@
|
|||
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
|
||||
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
|
||||
mode: "{{ ceph_keyring_permissions }}"
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: start ceph-crash daemon
|
||||
when: containerized_deployment | bool
|
||||
|
|
|
@ -879,7 +879,7 @@ rbd_devices: {}
|
|||
|
||||
client_connections: {}
|
||||
|
||||
|
||||
no_log_on_ceph_key_tasks: True
|
||||
|
||||
###############
|
||||
# DEPRECATION #
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -21,7 +22,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: add mgr ip address to trusted list with dashboard - ipv4
|
||||
set_fact:
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -33,5 +34,5 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
creates: /var/lib/ceph/mds/{{ cluster }}-{{ mds_name }}/keyring
|
||||
changed_when: false
|
||||
when: cephx
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: set mds key permissions
|
||||
file:
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
when: groups.get(mgr_group_name, []) | length == 0 # the key is present already since one of the mons created it in "create ceph mgr keyring(s)"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: create and copy keyrings
|
||||
when: groups.get(mgr_group_name, []) | length > 0
|
||||
|
@ -46,6 +47,7 @@
|
|||
with_items: "{{ groups.get(mgr_group_name, []) }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups[mon_group_name][0] }}"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: set_fact _mgr_keys
|
||||
set_fact:
|
||||
|
@ -61,6 +63,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -74,7 +77,7 @@
|
|||
- cephx | bool
|
||||
- item is not skipped
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: set mgr key permissions
|
||||
file:
|
||||
|
|
|
@ -28,5 +28,6 @@
|
|||
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when:
|
||||
- cephx | bool
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
run_once: True
|
||||
delegate_to: "{{ running_mon }}"
|
||||
failed_when: initial_mon_key.rc not in [0, 2]
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when: running_mon is defined
|
||||
|
||||
- name: generate monitor initial keyring
|
||||
|
@ -25,6 +26,7 @@
|
|||
delegate_to: localhost
|
||||
become: false
|
||||
run_once: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when:
|
||||
- initial_mon_key is skipped
|
||||
or
|
||||
|
@ -51,6 +53,7 @@
|
|||
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
|
||||
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
|
||||
mode: "0400"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
|
@ -97,6 +100,7 @@
|
|||
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
register: create_custom_admin_secret
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when:
|
||||
- cephx | bool
|
||||
- admin_secret != 'admin_secret'
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
when:
|
||||
- not item.0.get('skipped', False)
|
||||
- item.0.item.name == 'client.' + ceph_nfs_ceph_user or item.0.item.name == rgw_client_name
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: include start_nfs.yml
|
||||
import_tasks: start_nfs.yml
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -32,7 +33,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when: groups.get(mon_group_name, []) | length > 0
|
||||
|
||||
- name: dbus related tasks
|
||||
|
|
|
@ -57,6 +57,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -69,7 +70,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: nfs object gateway related tasks
|
||||
when: nfs_obj_gw | bool
|
||||
|
@ -79,6 +80,7 @@
|
|||
args:
|
||||
creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_facts['hostname'] }}/keyring
|
||||
changed_when: false
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: set rados gateway key permissions
|
||||
file:
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
|
||||
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
|
||||
run_once: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
|
@ -35,5 +36,5 @@
|
|||
- cephx | bool
|
||||
- item is not skipped
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
|
|
|
@ -100,6 +100,7 @@
|
|||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
with_items: "{{ openstack_keys }}"
|
||||
delegate_to: "{{ groups[mon_group_name][0] }}"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: get keys from monitors
|
||||
command: "{{ hostvars[groups[mon_group_name][0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
|
||||
|
@ -107,6 +108,7 @@
|
|||
with_items: "{{ openstack_keys }}"
|
||||
run_once: true
|
||||
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -119,7 +121,7 @@
|
|||
- "{{ _osp_keys.results }}"
|
||||
- "{{ groups[mon_group_name] }}"
|
||||
delegate_to: "{{ item.1 }}"
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when:
|
||||
- cephx | bool
|
||||
- openstack_config | bool
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -22,7 +23,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: create rbd-mirror keyring
|
||||
command: >
|
||||
|
@ -43,4 +44,5 @@
|
|||
owner: "ceph"
|
||||
group: "ceph"
|
||||
mode: "{{ ceph_keyring_permissions }}"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
when: not containerized_deployment | bool
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
when:
|
||||
- cephx | bool
|
||||
- item.copy_key | bool
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
||||
- name: copy ceph key(s) if needed
|
||||
copy:
|
||||
|
@ -32,4 +33,4 @@
|
|||
- cephx | bool
|
||||
- item is not skipped
|
||||
- item.item.copy_key | bool
|
||||
no_log: true
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
owner: "ceph"
|
||||
group: "ceph"
|
||||
mode: "0600"
|
||||
no_log: "{{ no_log_on_ceph_key_tasks }}"
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
|
||||
|
|
Loading…
Reference in New Issue