--- - name: create openstack pool(s) command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.pg_num }} {{ item.rule_name }}" with_items: "{{ openstack_pools | unique }}" changed_when: false failed_when: false # A future version could use "--caps CAPSFILE" # which will set all of capabilities associated with a given key, for all subsystems - name: create openstack key(s) shell: "{{ docker_exec_cmd }} bash -c 'ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\"'" args: creates: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" with_items: "{{ openstack_keys }}" changed_when: false when: cephx - name: check if openstack key(s) already exist(s) command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}" changed_when: false failed_when: false with_items: "{{ openstack_keys }}" register: openstack_key_exist - name: add openstack key(s) to ceph command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring" changed_when: false with_together: - "{{ openstack_keys }}" - "{{ openstack_key_exist.results }}" when: item.1.rc != 0 - name: fetch openstack key(s) fetch: src: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" dest: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" flat: yes with_items: "{{ openstack_keys }}" - name: copy to other mons the openstack key(s) copy: src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" with_nested: - "{{ groups[mon_group_name] }}" - "{{ openstack_keys }}" delegate_to: "{{ item.0 }}" when: - cephx - openstack_config - item.0 != groups[mon_group_name] | last - name: chmod openstack key(s) on the other mons and this mon file: path: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" mode: "{{ item.1.mode|default(omit) }}" # if mode not in list, uses mode from ps umask with_nested: - "{{ groups[mon_group_name] }}" - "{{ openstack_keys }}" delegate_to: "{{ item.0 }}" when: - openstack_config - cephx - name: setfacl for openstack key(s) on the other mons and this mon command: "setfacl -m {{ item.1.acls | join(',') }} /etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" with_nested: - "{{ groups[mon_group_name] }}" - "{{ openstack_keys }}" delegate_to: "{{ item.0 }}" when: - item.1.get('acls', []) | length > 0 - openstack_config - cephx