From 3a485bf22afb677170a4ab02bfe3687ae79c4418 Mon Sep 17 00:00:00 2001 From: Leseb Date: Fri, 14 Nov 2014 15:03:50 +0100 Subject: [PATCH] Revert "Fix autogen UUID and add auto gen monitor key" --- .gitignore | 2 +- Vagrantfile | 5 +++++ roles/ceph-common/tasks/main.yml | 8 ++------ roles/ceph-mon/tasks/deploy_monitors.yml | 17 +++-------------- 4 files changed, 11 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index 07573a658..98550a81c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ .vagrant *.vdi *.keyring -fetch/* +fetch/4a158d27-f750-41d5-9e7f-26ce4c9d2d45 diff --git a/Vagrantfile b/Vagrantfile index 7880ec6fd..e4461b5c6 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -21,6 +21,11 @@ ansible_provision = proc do |ansible| 'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" } } + # In a production deployment, these should be secret + ansible.extra_vars = { + fsid: '4a158d27-f750-41d5-9e7f-26ce4c9d2d45', + monitor_secret: 'AQAWqilTCDh7CBAAawXt6kyTgLFCxSvJhTEmuw==' + } ansible.limit = 'all' end diff --git a/roles/ceph-common/tasks/main.yml b/roles/ceph-common/tasks/main.yml index 86961fd01..3567dc30a 100644 --- a/roles/ceph-common/tasks/main.yml +++ b/roles/ceph-common/tasks/main.yml @@ -23,15 +23,11 @@ register: socket - name: Generate cluster UUID - shell: uuidgen | tee fetch/ceph_cluster_uuid.conf creates=fetch/ceph_cluster_uuid.conf - connection: local - sudo: false + shell: "uuidgen | tee /etc/ceph/ceph_cluster_uuid.conf" creates=/etc/ceph/ceph_cluster_uuid.conf register: cluster_uuid - name: Read cluster UUID if it already exists - command: cat fetch/ceph_cluster_uuid.conf removes=fetch/ceph_cluster_uuid.conf - connection: local - sudo: false + command: cat /etc/ceph/ceph_cluster_uuid.conf removes=/etc/ceph/ceph_cluster_uuid.conf register: cluster_uuid - name: Generate Ceph configuration file diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml index 2227963b5..18edf5374 100644 --- a/roles/ceph-mon/tasks/deploy_monitors.yml +++ b/roles/ceph-mon/tasks/deploy_monitors.yml @@ -1,24 +1,13 @@ --- -- name: Create monitor secret - shell: ceph-authtool --gen-print-key | tee /etc/ceph/ceph_monitor_secret.conf creates=/etc/ceph/ceph_monitor_secret.conf - register: monitor_secret - -- name: Read monitor secret if it already exists - command: cat /etc/ceph/ceph_monitor_secret.conf removes=/etc/ceph/ceph_monitor_secret.conf - register: monitor_secret - - name: Create monitor initial keyring - command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret.stdout }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}" + command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}" - name: Set initial monitor key permissions file: > - path={{ item }} - mode=0400 + path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} + mode=0600 owner=root group=root - with_items: - - /etc/ceph/ceph_monitor_secret.conf - - /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} - name: Create monitor directory file: >