--- - name: set docker_exec_client_cmd_binary to ceph-authtool set_fact: docker_exec_client_cmd_binary: ceph-authtool when: containerized_deployment - name: set docker_exec_client_cmd for containers set_fact: docker_exec_client_cmd: docker run --rm -v /etc/ceph:/etc/ceph --entrypoint /usr/bin/{{ docker_exec_client_cmd_binary }} {{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} when: containerized_deployment - name: set docker_exec_client_cmd for non-containers set_fact: docker_exec_client_cmd: ceph-authtool when: not containerized_deployment - name: create key(s) shell: "{{ docker_exec_client_cmd }} -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\"" args: creates: /etc/ceph/{{ cluster }}.{{ item.name }}.keyring with_items: "{{ keys }}" changed_when: false when: - cephx - keys | length > 0 - name: set docker_exec_client_cmd_binary to ceph set_fact: docker_exec_client_cmd_binary: ceph when: containerized_deployment - name: replace docker_exec_client_cmd by ceph set_fact: docker_exec_client_cmd: ceph when: - not containerized_deployment - docker_exec_client_cmd == 'ceph-authtool' - name: check if key(s) already exist(s) command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth get {{ item.name }}" changed_when: false failed_when: false with_items: "{{ keys }}" register: keys_exist when: - copy_admin_key - name: create pool(s) command: > {{ docker_exec_client_cmd }} --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.get('pg_num', hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num']) }} {{ item.pgp_num | default(item.pg_num) }} {{ item.rule_name | default("replicated_rule") }} {{ item.type | default("replicated") }} {%- if item.type | default("replicated") == 'erasure' and item.erasure_profile != '' %} {{ item.erasure_profile }} {%- endif %} {{ item.size | default('') }} with_items: "{{ pools }}" changed_when: false when: - pools | length > 0 - copy_admin_key - name: add key(s) to ceph command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring" changed_when: false with_together: - "{{ keys }}" - "{{ keys_exist.results | default([]) }}" when: - not item.1.get("skipped") - copy_admin_key - item.1.rc != 0 - name: put docker_exec_client_cmd back to normal with a none value set_fact: docker_exec_client_cmd: when: docker_exec_client_cmd == 'ceph' - name: chmod key(s) file: path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask with_items: "{{ keys }}" when: - cephx - keys | length > 0 - name: setfacl for key(s) acl: path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring" entry: "{{ item.1 }}" state: present with_subelements: - "{{ keys }}" - acls - skip_missing: true when: - cephx - keys | length > 0