From c04559181ebaf7eb3bc370e6e9b7f5fb6cd9bcae Mon Sep 17 00:00:00 2001
From: John Fulton <fulton@redhat.com>
Date: Thu, 10 Aug 2017 13:50:08 -0400
Subject: [PATCH] Set the permissions mode on all of the OpenStack keys

The original fix to issue #1755 only set the permissions on
the monitors to which the key was copied, but not the original
monitor where the key was created. Thus, we use a separate task
to set the permission of the key.
---
 roles/ceph-mon/tasks/openstack_config.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/roles/ceph-mon/tasks/openstack_config.yml b/roles/ceph-mon/tasks/openstack_config.yml
index 89536b722..a9ac748b2 100644
--- a/roles/ceph-mon/tasks/openstack_config.yml
+++ b/roles/ceph-mon/tasks/openstack_config.yml
@@ -41,7 +41,6 @@
   copy:
     src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
     dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
-    mode: "{{ item.1.mode }}"
   with_nested:
     - "{{ groups[mon_group_name] }}"
     - "{{ openstack_keys }}"
@@ -63,3 +62,12 @@
   when:
     - openstack_config
     - cephx
+
+- name: chmod openstack key(s)
+  file:
+    path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
+    mode: "{{ item.mode }}"
+  with_items: "{{ openstack_keys }}"
+  when:
+    - openstack_config
+    - cephx