Fix autogen UUID and add auto gen monitor key

This fixes the UUID auto generation and introduces the monitor key auto
generation.

Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
pull/149/head
Sébastien Han 2014-11-13 15:38:10 +01:00
parent 4d138c4ebb
commit a7bba85027
4 changed files with 21 additions and 11 deletions

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
.vagrant .vagrant
*.vdi *.vdi
*.keyring *.keyring
fetch/4a158d27-f750-41d5-9e7f-26ce4c9d2d45 fetch/*

5
Vagrantfile vendored
View File

@ -21,11 +21,6 @@ ansible_provision = proc do |ansible|
'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" } 'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" }
} }
# In a production deployment, these should be secret
ansible.extra_vars = {
fsid: '4a158d27-f750-41d5-9e7f-26ce4c9d2d45',
monitor_secret: 'AQAWqilTCDh7CBAAawXt6kyTgLFCxSvJhTEmuw=='
}
ansible.limit = 'all' ansible.limit = 'all'
end end

View File

@ -23,11 +23,15 @@
register: socket register: socket
- name: Generate cluster UUID - name: Generate cluster UUID
shell: "uuidgen | tee /etc/ceph/ceph_cluster_uuid.conf" creates=/etc/ceph/ceph_cluster_uuid.conf shell: uuidgen | tee fetch/ceph_cluster_uuid.conf creates=fetch/ceph_cluster_uuid.conf
connection: local
sudo: false
register: cluster_uuid register: cluster_uuid
- name: Read cluster UUID if it already exists - name: Read cluster UUID if it already exists
command: cat /etc/ceph/ceph_cluster_uuid.conf removes=/etc/ceph/ceph_cluster_uuid.conf command: cat fetch/ceph_cluster_uuid.conf removes=fetch/ceph_cluster_uuid.conf
connection: local
sudo: false
register: cluster_uuid register: cluster_uuid
- name: Generate Ceph configuration file - name: Generate Ceph configuration file

View File

@ -1,13 +1,24 @@
--- ---
- name: Create monitor secret
shell: ceph-authtool --gen-print-key | tee /etc/ceph/ceph_monitor_secret.conf creates=/etc/ceph/ceph_monitor_secret.conf
register: monitor_secret
- name: Read monitor secret if it already exists
command: cat /etc/ceph/ceph_monitor_secret.conf removes=/etc/ceph/ceph_monitor_secret.conf
register: monitor_secret
- name: Create monitor initial keyring - name: Create monitor initial keyring
command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}" command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret.stdout }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
- name: Set initial monitor key permissions - name: Set initial monitor key permissions
file: > file: >
path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} path={{ item }}
mode=0600 mode=0400
owner=root owner=root
group=root group=root
with_items:
- /etc/ceph/ceph_monitor_secret.conf
- /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
- name: Create monitor directory - name: Create monitor directory
file: > file: >