ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1707 from ceph/admin-ker-perms 

mon: add mgr cap to admin key
pull/1596/head
Guillaume Abrioux 2017-07-24 17:06:59 +02:00 committed by GitHub
parent 5409453c1b 2566db3e7c
commit cfd7ae87e4
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
roles/ceph-mon/tasks/deploy_monitors.yml
View File

@ -38,8 +38,22 @@
mode: "0755"
recurse: true
- set_fact:
ceph_authtool_cap: "--cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow' --cap mgr 'allow *'"
when:
- ceph_release_num.{{ ceph_release }} >= ceph_release_num.luminous
- cephx
- admin_secret != 'admin_secret'
- set_fact:
ceph_authtool_cap: "--cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'"
when:
- ceph_release_num.{{ ceph_release }} < ceph_release_num.luminous
- cephx
- admin_secret != 'admin_secret'
- name: create custom admin keyring
command: ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'
command: "ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 {{ ceph_authtool_cap }}"
args:
creates: /etc/ceph/{{ cluster }}.client.admin.keyring
register: create_custom_admin_secret