---
- name: set_fact ceph_config_keys
  set_fact:
    ceph_config_keys:
      - /etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring
      - /etc/ceph/{{ cluster }}.client.admin.keyring

- name: stat for ceph config and keys
  local_action: stat path={{ fetch_directory }}/{{ fsid }}/{{ item }}
  with_items: "{{ ceph_config_keys }}"
  changed_when: false
  become: false
  failed_when: false
  always_run: true
  register: statconfig

- name: try to fetch ceph config and keys
  copy:
    src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
    dest: "{{ item.0 }}"
    owner: root
    group: root
    mode: 0644
  changed_when: false
  with_together:
    - "{{ ceph_config_keys }}"
    - "{{ statconfig.results }}"
  when: item.1.stat.exists == true

- name: "copy mgr key to /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
  command: cp /etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring /var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring
  changed_when: false
  always_run: true
  with_items: "{{ statconfig.results }}"
  when: item.stat.exists == true

- name: set ceph mgr key permission
  file:
    path: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring"
    owner: "{{ bootstrap_dirs_owner }}"
    group: "{{ bootstrap_dirs_group }}"
    mode: "0600"
  when: cephx

- name: set selinux permissions
  shell: |
    chcon -Rt svirt_sandbox_file_t {{ item }}
  with_items:
    - "{{ ceph_conf_key_directory }}"
    - /var/lib/ceph
  changed_when: false
  when:
    - ansible_os_family == 'RedHat'
    - sestatus.stdout != 'Disabled'