---
- name: copy rbd-mirror bootstrap key
  copy:
    src: "{{ fetch_directory }}/{{ fsid }}/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
    dest: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
    owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
    group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
    mode: "{{ ceph_keyring_permissions }}"

- name: copy ceph admin keyring if needed
  copy:
    src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.client.admin.keyring"
    dest: "/etc/ceph/{{ cluster }}.client.admin.keyring"
    owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
    group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
    mode: "{{ ceph_keyring_permissions }}"
  when: copy_admin_key | bool

- name: create rbd-mirror keyring
  command: >
    ceph --cluster {{ cluster }}
    --name client.bootstrap-rbd-mirror
    --keyring /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
    auth get-or-create client.rbd-mirror.{{ ansible_hostname }}
    mon 'profile rbd-mirror'
    osd 'profile rbd'
    -o /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
  args:
    creates: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
  when: not containerized_deployment | bool

- name: set rbd-mirror key permissions
  file:
    path: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
    owner: "ceph"
    group: "ceph"
    mode: "{{ ceph_keyring_permissions }}"
  when: not containerized_deployment | bool