--- - name: get keys from monitors command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}" register: _rbd_mirror_keys with_items: - { name: "client.bootstrap-rbd-mirror", path: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring", copy_key: true } - { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" } delegate_to: "{{ groups.get(mon_group_name)[0] }}" when: - cephx | bool - item.copy_key | bool - name: copy ceph key(s) if needed copy: dest: "{{ item.item.path }}" content: "{{ item.stdout + '\n' }}" owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}" group: "{{ ceph_uid if containerized_deployment else 'ceph' }}" mode: "{{ ceph_keyring_permissions }}" with_items: "{{ _rbd_mirror_keys.results }}" when: - cephx | bool - item.item.copy_key | bool - name: create rbd-mirror keyring command: > ceph --cluster {{ cluster }} --name client.bootstrap-rbd-mirror --keyring /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring auth get-or-create client.rbd-mirror.{{ ansible_hostname }} mon 'profile rbd-mirror' osd 'profile rbd' -o /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring args: creates: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring when: not containerized_deployment | bool - name: set rbd-mirror key permissions file: path: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring owner: "ceph" group: "ceph" mode: "{{ ceph_keyring_permissions }}" when: not containerized_deployment | bool