ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

keyring: use ceph_key module for get-or-create cmd 

Instead of using ceph auth get-or-create command via the ansible command
module then we can use the ceph_key module.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
pull/6002/head
Dimitri Savineau 2020-10-23 18:03:49 -04:00 committed by Guillaume Abrioux
parent 59ecddcdd0
commit b02589ad50
3 changed files with 39 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
roles/ceph-mds/tasks/non_containerized.yml
View File

@ -21,18 +21,20 @@
- ansible_os_family in ['Suse', 'RedHat']
- name: create mds keyring
command: ceph --cluster {{ cluster }} --name client.bootstrap-mds --keyring /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring auth get-or-create mds.{{ ansible_hostname }} osd 'allow rwx' mds 'allow' mon 'allow profile mds' -o /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
args:
creates: /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
changed_when: false
when: cephx | bool
- name: set mds key permissions
file:
path: /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
owner: "ceph"
group: "ceph"
mode: "0600"
ceph_key:
name: "mds.{{ ansible_hostname }}"
cluster: "{{ cluster }}"
user: client.bootstrap-mds
user_key: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring"
caps:
mon: "allow profile mds"
mds: "allow"
osd: "allow rwx"
dest: "/var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring"
import_key: false
owner: ceph
group: ceph
mode: "{{ ceph_keyring_permissions }}"
when: cephx | bool
- name: ensure systemd service override directory exists

24
roles/ceph-nfs/tasks/pre_requisite_non_container.yml
View File

@ -79,14 +79,16 @@
when: nfs_obj_gw | bool
block:
- name: create rados gateway keyring
command: ceph --cluster {{ cluster }} --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
args:
creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
changed_when: false
- name: set rados gateway key permissions
file:
path: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
owner: "ceph"
group: "ceph"
mode: "0600"
ceph_key:
name: "client.rgw.{{ ansible_hostname }}"
cluster: "{{ cluster }}"
user: client.bootstrap-rgw
user_key: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring"
caps:
mon: "allow rw"
osd: "allow rwx"
dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring"
import_key: false
owner: ceph
group: ceph
mode: "{{ ceph_keyring_permissions }}"

29
roles/ceph-rbd-mirror/tasks/common.yml
View File

@ -31,22 +31,17 @@
- item.item.copy_key | bool
- name: create rbd-mirror keyring
command: >
ceph --cluster {{ cluster }}
--name client.bootstrap-rbd-mirror
--keyring /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
auth get-or-create client.rbd-mirror.{{ ansible_hostname }}
mon 'profile rbd-mirror'
osd 'profile rbd'
-o /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
args:
creates: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
when: not containerized_deployment | bool
- name: set rbd-mirror key permissions
file:
path: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
owner: "ceph"
group: "ceph"
ceph_key:
name: "client.rbd-mirror.{{ ansible_hostname }}"
cluster: "{{ cluster }}"
user: client.bootstrap-rbd-mirror
user_key: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
caps:
mon: "profile rbd-mirror"
osd: "profile rbd"
dest: "/etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring"
import_key: false
owner: ceph
group: ceph
mode: "{{ ceph_keyring_permissions }}"
when: not containerized_deployment | bool