ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

global: remove fetch_directory dependency 

This commit drops the fetch_directory dependency.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1622688

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
pull/4450/head
Guillaume Abrioux 2019-09-23 13:30:05 +02:00
parent 3f9ccdaa8a
commit ab370b6ad8
16 changed files with 263 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/iscsigws.yml.sample
View File

@ -19,6 +19,8 @@ dummy:
#iscsi_pool_name: rbd
#iscsi_pool_size: "{{ osd_pool_default_size }}"
#copy_admin_key: True
##################
# RBD-TARGET-API #
##################

2
group_vars/rbdmirrors.yml.sample
View File

@ -11,8 +11,6 @@ dummy:
# SETUP #
#########
#fetch_directory: fetch/
# Even though rbd-mirror nodes should not have the admin key
# at their disposal, some people might want to have it
# distributed on rbd-mirror nodes. Setting 'copy_admin_key' to 'true'

2
roles/ceph-iscsi-gw/defaults/main.yml
View File

@ -11,6 +11,8 @@ iscsi_conf_overrides: {}
iscsi_pool_name: rbd
iscsi_pool_size: "{{ osd_pool_default_size }}"
copy_admin_key: True
##################
# RBD-TARGET-API #
##################

25
roles/ceph-iscsi-gw/tasks/common.yml
View File

@ -1,12 +1,25 @@
---
- name: copy admin key
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _iscsi_keys
with_items:
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
owner: "root"
group: "root"
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
when: cephx | bool
with_items: "{{ _iscsi_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- name: deploy gateway settings, used by the ceph_iscsi_config modules
config_template:

102
roles/ceph-iscsi-gw/tasks/deploy_ssl_keys.yml
View File

@ -1,4 +1,11 @@
---
- name: create a temporary directory
tempfile:
state: directory
register: iscsi_ssl_tmp_dir
delegate_to: localhost
run_once: true
- name: set_fact crt_files
set_fact:
crt_files:
@ -7,54 +14,75 @@
- "iscsi-gateway.pem"
- "iscsi-gateway-pub.key"
- name: stat for crt file(s)
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
- name: check for existing crt file(s) in monitor key/value store
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config get iscsi/ssl/{{ item }}"
with_items: "{{ crt_files }}"
changed_when: false
failed_when: false
check_mode: no
run_once: true
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
register: crt_files_exist
- name: create ssl crt/key files
command: >
openssl req -newkey rsa:2048 -nodes -keyout {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key
-x509 -days 365 -out {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
-subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
delegate_to: localhost
become: False
run_once: True
with_items: "{{ crt_files_exist.results }}"
when: not item.stat.exists
- name: set_fact crt_files_missing
set_fact:
crt_files_missing: "{{ crt_files_exist.results | selectattr('rc', 'equalto', 0) | map(attribute='rc') | list | length != crt_files | length }}"
- name: create pem
shell: >
cat {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
{{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
delegate_to: localhost
become: False
run_once: True
register: pem
with_items: "{{ crt_files_exist.results }}"
when: not item.stat.exists
- name: generate ssl crt/key files
block:
- name: create ssl crt/key files
command: >
openssl req -newkey rsa:2048 -nodes -keyout {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.key
-x509 -days 365 -out {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.crt
-subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
delegate_to: localhost
run_once: True
with_items: "{{ crt_files_exist.results }}"
- name: create public key from pem
shell: >
openssl x509 -inform pem -in {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
-pubkey -noout > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway-pub.key
delegate_to: localhost
become: False
run_once: True
when: pem.changed
tags: skip_ansible_lint
- name: create pem
shell: >
cat {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.crt
{{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.key > {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.pem
delegate_to: localhost
run_once: True
register: pem
with_items: "{{ crt_files_exist.results }}"
- name: create public key from pem
shell: >
openssl x509 -inform pem -in {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.pem
-pubkey -noout > {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway-pub.key
delegate_to: localhost
run_once: True
when: pem.changed
tags: skip_ansible_lint
- name: slurp ssl crt/key files
slurp:
src: "{{ iscsi_ssl_tmp_dir.path }}/{{ item }}"
register: iscsi_ssl_files_content
with_items: "{{ crt_files }}"
run_once: true
delegate_to: localhost
- name: store ssl crt/key files
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key put iscsi/ssl/{{ item.item }} {{ item.content }}"
run_once: true
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
with_items: "{{ iscsi_ssl_files_content.results }}"
when: crt_files_missing
- name: copy crt file(s) to gateway nodes
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
dest: "/etc/ceph/{{ item }}"
content: "{{ item.stdout | b64decode }}"
dest: "/etc/ceph/{{ item.item }}"
owner: root
group: root
mode: 0400
changed_when: false
with_items: "{{ crt_files }}"
with_items: "{{ crt_files_exist.results if not crt_files_missing else iscsi_ssl_files_content.results }}"
when: not crt_files_missing
- name: clean temporary directory
file:
path: "{{ iscsi_ssl_tmp_dir.path }}"
state: absent

25
roles/ceph-mds/tasks/common.yml
View File

@ -10,16 +10,25 @@
- /var/lib/ceph/bootstrap-mds/
- /var/lib/ceph/mds/{{ cluster }}-{{ mds_name }}
- name: copy ceph keyring(s) if needed
- name: get keys from monitors
command: "{{ hostvars[groups.get(mon_group_name)[0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _mds_keys
with_items:
- { name: "client.bootstrap-mds", path: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}"
dest: "{{ item.name }}"
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items:
- { name: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
with_items: "{{ _mds_keys.results }}"
when:
- cephx
- item.copy_key|bool
- cephx | bool
- item.item.copy_key | bool

40
roles/ceph-mds/tasks/containerized.yml
View File

@ -3,46 +3,6 @@
set_fact:
container_exec_cmd: "{{ container_binary }} exec ceph-mds-{{ ansible_hostname }}"
- name: set_fact admin_keyring
set_fact:
admin_keyring:
- "/etc/ceph/{{ cluster }}.client.admin.keyring"
when: copy_admin_key
- name: set_fact ceph_config_keys
set_fact:
ceph_config_keys:
- /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
- name: merge ceph_config_keys and admin_keyring
set_fact:
ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
when: copy_admin_key
- name: stat for ceph config and keys
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ ceph_config_keys }}"
changed_when: false
become: false
failed_when: false
check_mode: no
register: statconfig
- name: try to fetch ceph config and keys
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
dest: "{{ item.0 }}"
owner: root
group: root
mode: 0644
changed_when: false
with_together:
- "{{ ceph_config_keys }}"
- "{{ statconfig.results }}"
when: item.1.stat.exists
- name: generate systemd unit file
become: true
template:

43
roles/ceph-mgr/tasks/common.yml
View File

@ -49,34 +49,33 @@
run_once: True
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: copy ceph mgr key(s) from mon node to the ansible server
fetch:
src: "{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ ceph_conf_key_directory }}/{{ cluster }}.mgr.{{ hostvars[item]['ansible_hostname'] }}.keyring"
flat: yes
- name: set_fact _mgr_keys
set_fact:
_mgr_keys: "{{ _mgr_keys | default([{ 'name': 'client.admin', 'path': '/etc/ceph/' + cluster + '.client.admin.keyring', 'copy_key': copy_admin_key, 'hostname': hostvars[item]['ansible_hostname'] }]) + [{ 'name': 'mgr.' + hostvars[item]['ansible_hostname'], 'path': '/var/lib/ceph/mgr/' + cluster + '-' + hostvars[item]['ansible_hostname'] + '/keyring', 'copy_key': true, 'hostname': hostvars[item]['ansible_hostname'] }] }}"
with_items: "{{ groups.get(mgr_group_name, []) }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: copy ceph keyring(s) to mgr node
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _mgr_keys
with_items: "{{ _mgr_keys }}"
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring"
dest: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
when: cephx | bool
- name: copy ceph keyring(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
when:
- cephx | bool
- groups.get(mgr_group_name, []) | length > 0
- copy_admin_key | bool
with_items: "{{ _mgr_keys.results }}"
delegate_to: "{{ item.item.hostname }}"
run_once: true
when:
- cephx | bool
- item.item.copy_key | bool
- name: set mgr key permissions
file:

41
roles/ceph-mon/tasks/ceph_keys.yml
View File

@ -16,31 +16,16 @@
delay: "{{ handler_health_mon_check_delay }}"
changed_when: false
- name: tasks for MONs when cephx is enabled
when: cephx | bool
block:
- name: fetch ceph initial keys
ceph_key:
state: fetch_initial_keys
cluster: "{{ cluster }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "0400"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
- name: copy keys to the ansible server
fetch:
src: "{{ item }}"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
flat: yes
with_items:
- /var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rbd/{{ cluster }}.keyring
- /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
- /etc/ceph/{{ cluster }}.client.admin.keyring
when: inventory_hostname == groups[mon_group_name] | last
- name: fetch ceph initial keys
ceph_key:
state: fetch_initial_keys
cluster: "{{ cluster }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "0400"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
when:
- cephx | bool

57
roles/ceph-nfs/tasks/pre_requisite_container.yml
View File

@ -1,45 +1,28 @@
---
- name: keyring related tasks
block:
- name: set_fact admin_keyring
set_fact:
admin_keyring:
- "/etc/ceph/{{ cluster }}.client.admin.keyring"
when: copy_admin_key | bool
- name: get keys from monitors
command: "{{ hostvars[groups.get(mon_group_name)[0]]['container_exec_cmd'] | default('') }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _rgw_keys
with_items:
- { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: set_fact ceph_config_keys
set_fact:
ceph_config_keys:
- /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring
- name: merge ceph_config_keys and admin_keyring
set_fact:
ceph_config_keys: "{{ ceph_config_keys + admin_keyring }}"
when: copy_admin_key | bool
- name: stat for config and keys
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ ceph_config_keys }}"
changed_when: false
become: false
failed_when: false
check_mode: no
register: statconfig
- name: try to fetch config and keys
- name: copy ceph key(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
dest: "{{ item.0 }}"
owner: "64045"
group: "64045"
mode: 0644
changed_when: false
with_together:
- "{{ ceph_config_keys }}"
- "{{ statconfig.results }}"
when: item.1.stat.exists
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _rgw_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
when: groups.get(mon_group_name, []) | length > 0
- name: dbus related tasks

31
roles/ceph-nfs/tasks/pre_requisite_non_container.yml
View File

@ -46,17 +46,28 @@
- cephx | bool
- groups.get(mon_group_name, []) | length > 0
block:
- name: copy bootstrap cephx keys
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}"
dest: "{{ item.name }}"
owner: "ceph"
group: "ceph"
mode: "0600"
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _rgw_keys
with_items:
- { name: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: "{{ nfs_obj_gw }}" }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
when: item.copy_key | bool
- { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _rgw_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- name: nfs object gateway related tasks
when: nfs_obj_gw | bool

27
roles/ceph-osd/tasks/common.yml
View File

@ -11,16 +11,25 @@
- /var/lib/ceph/bootstrap-osd/
- /var/lib/ceph/osd/
- name: copy ceph key(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}"
dest: "{{ item.name }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _osd_keys
with_items:
- { name: "/var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
- { name: "client.bootstrap-osd", path: "/var/lib/ceph/bootstrap-osd/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _osd_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool

62
roles/ceph-osd/tasks/openstack_config.yml
View File

@ -67,40 +67,38 @@
when: item.application is defined
- name: create openstack cephx key(s)
ceph_key:
state: present
name: "{{ item.name }}"
caps: "{{ item.caps }}"
secret: "{{ item.key | default('') }}"
cluster: "{{ cluster }}"
mode: "{{ item.mode|default(omit) }}"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
with_items: "{{ openstack_keys }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
when: cephx | bool
block:
- name: generate keys
ceph_key:
state: present
name: "{{ item.name }}"
caps: "{{ item.caps }}"
secret: "{{ item.key | default('') }}"
cluster: "{{ cluster }}"
mode: "{{ item.mode|default(omit) }}"
environment:
CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
CEPH_CONTAINER_BINARY: "{{ container_binary }}"
with_items: "{{ openstack_keys }}"
delegate_to: "{{ groups[mon_group_name][0] }}"
- name: fetch openstack cephx key(s)
fetch:
src: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
dest: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
flat: yes
delegate_to: "{{ groups[mon_group_name][0] }}"
with_items: "{{ openstack_keys }}"
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _osp_keys
with_items: "{{ openstack_keys }}"
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
- name: copy to other mons the openstack cephx key(s)
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
owner: "{{ ceph_uid }}"
group: "{{ ceph_uid }}"
mode: "{{ item.1.mode|default(omit) }}"
with_nested:
- "{{ groups[mon_group_name] }}"
- "{{ openstack_keys }}"
delegate_to: "{{ item.0 }}"
- name: copy ceph key(s) if needed
copy:
dest: "/etc/ceph/{{ cluster }}.{{ item.0.item.name }}.keyring"
content: "{{ item.0.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ item.0.item.mode }}"
with_nested:
- "{{ _osp_keys.results }}"
- "{{ groups[mon_group_name] }}"
delegate_to: "{{ item.1 }}"
when:
- cephx | bool
- openstack_config | bool
- item.0 != groups[mon_group_name]

2
roles/ceph-rbd-mirror/defaults/main.yml
View File

@ -3,8 +3,6 @@
# SETUP #
#########
fetch_directory: fetch/
# Even though rbd-mirror nodes should not have the admin key
# at their disposal, some people might want to have it
# distributed on rbd-mirror nodes. Setting 'copy_admin_key' to 'true'

28
roles/ceph-rbd-mirror/tasks/common.yml
View File

@ -1,20 +1,26 @@
---
- name: copy rbd-mirror bootstrap key
copy:
src: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
dest: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _rbd_mirror_keys
with_items:
- { name: "client.bootstrap-rbd-mirror", path: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph admin keyring if needed
- name: copy ceph key(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring"
dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
when: copy_admin_key | bool
with_items: "{{ _rbd_mirror_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool
- name: create rbd-mirror keyring
command: >

27
roles/ceph-rgw/tasks/common.yml
View File

@ -18,16 +18,25 @@
with_items: "{{ rgw_instances }}"
when: rgw_instances is defined
- name: copy ceph keyring(s) if needed
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item.name }}"
dest: "{{ item.name }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
- name: get keys from monitors
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
register: _rgw_keys
with_items:
- { name: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
- { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring", copy_key: true }
- { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
when:
- cephx | bool
- item.copy_key | bool
- name: copy ceph key(s) if needed
copy:
dest: "{{ item.item.path }}"
content: "{{ item.stdout + '\n' }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: "{{ ceph_keyring_permissions }}"
with_items: "{{ _rgw_keys.results }}"
when:
- cephx | bool
- item.item.copy_key | bool