ceph-: abitlity to copy admin on all the nodes

This commit allows you to set a new variable to 'true' if you want to have ceph admin key copied over different kind of hosts such as MDS, OSD, RGW. To enable this just set `copy_admin_key` to true. Closes: #555 Signed-off-by: Sébastien Han <seb@redhat.com>
2016-02-25 12:04:17 +01:00 · 2016-02-25 12:04:17 +01:00 · bb55860a7a
parent 88dbb0e55b
commit bb55860a7a
6 changed files with 41 additions and 8 deletions
--- a/roles/ceph-mds/defaults/main.yml
+++ b/roles/ceph-mds/defaults/main.yml
@ -7,6 +7,12 @@

 fetch_directory: fetch/

+# Even though MDS nodes should not have the admin key
+# at their disposal, some people might want to have it
+# distributed on MDS nodes. Setting 'copy_admin_key' to 'true'
+# will copy the admin key to the /etc/ceph/ directory
+copy_admin_key: false
+
 cephx: true


--- a/roles/ceph-mds/tasks/pre_requisite.yml
+++ b/roles/ceph-mds/tasks/pre_requisite.yml
@ -9,11 +9,17 @@

 - name: copy mds bootstrap key
  copy:
-    src: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/bootstrap-mds/ceph.keyring"
-    dest: /var/lib/ceph/bootstrap-mds/ceph.keyring
+    src: "{{ fetch_directory }}/{{ fsid }}{{ item.name }}"
+    dest: "{{ item }}"
    owner: "{{ key_owner }}"
    group: "{{ key_group }}"
    mode: "{{ key_mode }}"
+  with_items:
+    - { name: /var/lib/ceph/bootstrap-mds/ceph.keyring, copy: true }
+    - { name: /etc/ceph/client.admin.keyring, "{{ copy_admin_key }}" }
+  when:
+    cephx and
+    item.copy is true

 - name: create mds directory
  file:
--- a/roles/ceph-osd/defaults/main.yml
+++ b/roles/ceph-osd/defaults/main.yml
@ -8,6 +8,12 @@

 fetch_directory: fetch/

+# Even though OSD nodes should not have the admin key
+# at their disposal, some people might want to have it
+# distributed on OSD nodes. Setting 'copy_admin_key' to 'true'
+# will copy the admin key to the /etc/ceph/ directory
+copy_admin_key: false
+
 ####################
 # OSD CRUSH LOCATION
 ####################
--- a/roles/ceph-osd/tasks/pre_requisite.yml
+++ b/roles/ceph-osd/tasks/pre_requisite.yml
@ -23,10 +23,14 @@

 - name: copy osd bootstrap key
  copy:
-    src: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/bootstrap-osd/ceph.keyring"
-    dest: /var/lib/ceph/bootstrap-osd/ceph.keyring
+    src: "{{ fetch_directory }}/{{ fsid }}{{ item.name }}"
+    dest: "{{ item }}"
    owner: "{{ key_owner }}"
    group: "{{ key_group }}"
    mode: "{{ key_mode }}"
+  with_items:
+    - { name: /var/lib/ceph/bootstrap-osd/ceph.keyring, copy: true }
+    - { name: /etc/ceph/client.admin.keyring, "{{ copy_admin_key }}" }
  when:
-    cephx
+    cephx and
+    item.copy is true
--- a/roles/ceph-rgw/defaults/main.yml
+++ b/roles/ceph-rgw/defaults/main.yml
@ -7,6 +7,12 @@

 fetch_directory: fetch/

+# Even though RGW nodes should not have the admin key
+# at their disposal, some people might want to have it
+# distributed on RGW nodes. Setting 'copy_admin_key' to 'true'
+# will copy the admin key to the /etc/ceph/ directory
+copy_admin_key: false
+
 ## Ceph options
 #
 cephx: true
--- a/roles/ceph-rgw/tasks/pre_requisite.yml
+++ b/roles/ceph-rgw/tasks/pre_requisite.yml
@ -12,12 +12,17 @@

 - name: copy rados gateway bootstrap key
  copy:
-    src: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/bootstrap-rgw/ceph.keyring"
-    dest: /var/lib/ceph/bootstrap-rgw/ceph.keyring
+    src: "{{ fetch_directory }}/{{ fsid }}{{ item.name }}"
+    dest: "{{ item }}"
    owner: "{{ key_owner }}"
    group: "{{ key_group }}"
    mode: "{{ key_mode }}"
-  when: cephx
+  with_items:
+    - { name: /var/lib/ceph/bootstrap-rgw/ceph.keyring, copy: true }
+    - { name: /etc/ceph/client.admin.keyring, "{{ copy_admin_key }}" }
+  when:
+    cephx and
+    item.copy is true

 - name: create rados gateway keyring
  command: ceph --cluster ceph --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/ceph.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/ceph-rgw.{{ ansible_hostname }}/keyring