From 9c979c63900f14ba817b31aa797c4df8b23f6254 Mon Sep 17 00:00:00 2001
From: Guillaume Abrioux <gabrioux@redhat.com>
Date: Fri, 30 Mar 2018 13:48:17 +0200
Subject: [PATCH] clients: refact `ceph-clients` role

This commit refacts this role so we don't have to pull container image
on client nodes just to create pools and keys.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1550977

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
---
 roles/ceph-client/tasks/create_users_keys.yml | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/roles/ceph-client/tasks/create_users_keys.yml b/roles/ceph-client/tasks/create_users_keys.yml
index c70b2b0da..3efb11302 100644
--- a/roles/ceph-client/tasks/create_users_keys.yml
+++ b/roles/ceph-client/tasks/create_users_keys.yml
@@ -20,9 +20,11 @@
     creates: /etc/ceph/{{ cluster }}.{{ item.name }}.keyring
   with_items: "{{ keys }}"
   changed_when: false
+  run_once: true
   when:
     - cephx
     - keys | length > 0
+    - inventory_hostname in groups.get(client_group_name) | first
 
 - name: set docker_exec_client_cmd_binary to ceph
   set_fact:
@@ -36,14 +38,28 @@
     - not containerized_deployment
     - docker_exec_client_cmd == 'ceph-authtool'
 
+- name: slurp client key(s)
+  slurp:
+    src: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring"
+  with_items:
+    - "{{ keys }}"
+  register: slurp_client_keys
+  run_once: true
+  when:
+    - cephx
+    - keys | length > 0
+    - inventory_hostname in groups.get(client_group_name) | first
+
 - name: check if key(s) already exist(s)
   command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth get {{ item.name }}"
   changed_when: false
   failed_when: false
   with_items: "{{ keys }}"
   register: keys_exist
+  run_once: true
   when:
     - copy_admin_key
+    - inventory_hostname in groups.get(client_group_name) | first
 
 - name: create pool(s)
   command: >
@@ -59,13 +75,16 @@
     {{ item.expected_num_objects | default('') }}
   with_items: "{{ pools }}"
   changed_when: false
+  run_once: true
   when:
     - pools | length > 0
     - copy_admin_key
+    - inventory_hostname in groups.get(client_group_name) | first
 
 - name: add key(s) to ceph
   command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
   changed_when: false
+  run_once: true
   with_together:
     - "{{ keys }}"
     - "{{ keys_exist.results | default([]) }}"
@@ -73,12 +92,23 @@
     - not item.1.get("skipped")
     - copy_admin_key
     - item.1.rc != 0
+    - inventory_hostname in groups.get(client_group_name) | first
 
 - name: put docker_exec_client_cmd back to normal with a none value
   set_fact:
     docker_exec_client_cmd:
   when: docker_exec_client_cmd == 'ceph'
 
+- name: get client keys
+  copy:
+    dest: "{{ item.source }}"
+    content: "{{ item.content | b64decode }}"
+  with_items:
+    - "{{ slurp_client_keys.results }}"
+  when:
+    - not item.get('skipped', False)
+    - not inventory_hostname == groups.get(client_group_name, []) | first
+
 - name: chmod key(s)
   file:
     path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"