mirror of https://github.com/ceph/ceph-ansible.git
keyring: use ceph_key module for get-or-create cmd
Instead of using ceph auth get-or-create command via the ansible command module then we can use the ceph_key module. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>pull/6002/head
parent
59ecddcdd0
commit
b02589ad50
|
@ -21,18 +21,20 @@
|
|||
- ansible_os_family in ['Suse', 'RedHat']
|
||||
|
||||
- name: create mds keyring
|
||||
command: ceph --cluster {{ cluster }} --name client.bootstrap-mds --keyring /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring auth get-or-create mds.{{ ansible_hostname }} osd 'allow rwx' mds 'allow' mon 'allow profile mds' -o /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
|
||||
args:
|
||||
creates: /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
|
||||
changed_when: false
|
||||
when: cephx | bool
|
||||
|
||||
- name: set mds key permissions
|
||||
file:
|
||||
path: /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
|
||||
owner: "ceph"
|
||||
group: "ceph"
|
||||
mode: "0600"
|
||||
ceph_key:
|
||||
name: "mds.{{ ansible_hostname }}"
|
||||
cluster: "{{ cluster }}"
|
||||
user: client.bootstrap-mds
|
||||
user_key: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring"
|
||||
caps:
|
||||
mon: "allow profile mds"
|
||||
mds: "allow"
|
||||
osd: "allow rwx"
|
||||
dest: "/var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring"
|
||||
import_key: false
|
||||
owner: ceph
|
||||
group: ceph
|
||||
mode: "{{ ceph_keyring_permissions }}"
|
||||
when: cephx | bool
|
||||
|
||||
- name: ensure systemd service override directory exists
|
||||
|
|
|
@ -79,14 +79,16 @@
|
|||
when: nfs_obj_gw | bool
|
||||
block:
|
||||
- name: create rados gateway keyring
|
||||
command: ceph --cluster {{ cluster }} --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
|
||||
args:
|
||||
creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
|
||||
changed_when: false
|
||||
|
||||
- name: set rados gateway key permissions
|
||||
file:
|
||||
path: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
|
||||
owner: "ceph"
|
||||
group: "ceph"
|
||||
mode: "0600"
|
||||
ceph_key:
|
||||
name: "client.rgw.{{ ansible_hostname }}"
|
||||
cluster: "{{ cluster }}"
|
||||
user: client.bootstrap-rgw
|
||||
user_key: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring"
|
||||
caps:
|
||||
mon: "allow rw"
|
||||
osd: "allow rwx"
|
||||
dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring"
|
||||
import_key: false
|
||||
owner: ceph
|
||||
group: ceph
|
||||
mode: "{{ ceph_keyring_permissions }}"
|
||||
|
|
|
@ -31,22 +31,17 @@
|
|||
- item.item.copy_key | bool
|
||||
|
||||
- name: create rbd-mirror keyring
|
||||
command: >
|
||||
ceph --cluster {{ cluster }}
|
||||
--name client.bootstrap-rbd-mirror
|
||||
--keyring /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
|
||||
auth get-or-create client.rbd-mirror.{{ ansible_hostname }}
|
||||
mon 'profile rbd-mirror'
|
||||
osd 'profile rbd'
|
||||
-o /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
|
||||
args:
|
||||
creates: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
|
||||
when: not containerized_deployment | bool
|
||||
|
||||
- name: set rbd-mirror key permissions
|
||||
file:
|
||||
path: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
|
||||
owner: "ceph"
|
||||
group: "ceph"
|
||||
ceph_key:
|
||||
name: "client.rbd-mirror.{{ ansible_hostname }}"
|
||||
cluster: "{{ cluster }}"
|
||||
user: client.bootstrap-rbd-mirror
|
||||
user_key: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
|
||||
caps:
|
||||
mon: "profile rbd-mirror"
|
||||
osd: "profile rbd"
|
||||
dest: "/etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring"
|
||||
import_key: false
|
||||
owner: ceph
|
||||
group: ceph
|
||||
mode: "{{ ceph_keyring_permissions }}"
|
||||
when: not containerized_deployment | bool
|
||||
|
|
Loading…
Reference in New Issue