mirror of https://github.com/ceph/ceph-ansible.git
Add option to create client keyring file but not import it
Add new boolean parameter for client config create_key_file_only with a default of false. When create_key_file_only is true, the client tasks to connect to the external ceph cluster to verify the key `ceph auth import` the key are skipped. Fixes: #1848pull/1850/head
parent
0526e1e5f4
commit
a57f61efd9
|
@ -4,7 +4,9 @@
|
||||||
with_items: "{{ pools }}"
|
with_items: "{{ pools }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
when: pools | length > 0
|
when:
|
||||||
|
- pools | length > 0
|
||||||
|
- copy_admin_key
|
||||||
|
|
||||||
- name: create key(s)
|
- name: create key(s)
|
||||||
shell: "ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
|
shell: "ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
|
||||||
|
@ -22,14 +24,19 @@
|
||||||
failed_when: false
|
failed_when: false
|
||||||
with_items: "{{ keys }}"
|
with_items: "{{ keys }}"
|
||||||
register: keys_exist
|
register: keys_exist
|
||||||
|
when:
|
||||||
|
- copy_admin_key
|
||||||
|
|
||||||
- name: add key(s) to ceph
|
- name: add key(s) to ceph
|
||||||
command: "ceph --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
command: "ceph --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
with_together:
|
with_together:
|
||||||
- "{{ keys }}"
|
- "{{ keys }}"
|
||||||
- "{{ keys_exist.results }}"
|
- "{{ keys_exist.results | default([]) }}"
|
||||||
when: item.1.rc != 0
|
when:
|
||||||
|
- not item.1.get("skipped")
|
||||||
|
- copy_admin_key
|
||||||
|
- item.1.rc != 0
|
||||||
|
|
||||||
- name: setfacl for key(s)
|
- name: setfacl for key(s)
|
||||||
acl:
|
acl:
|
||||||
|
|
Loading…
Reference in New Issue