ceph-ansible/roles/ceph-client/tasks/create_users_keys.yml

62 lines
1.7 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

---
- name: create pools
command: "ceph --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.pgs }}"
with_items: "{{ pools }}"
changed_when: false
failed_when: false
when:
- pools | length > 0
- copy_admin_key
- name: create key(s)
shell: "ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
args:
creates: /etc/ceph/{{ cluster }}.{{ item.name }}.keyring
with_items: "{{ keys }}"
changed_when: false
when:
- cephx
- keys | length > 0
- name: check if key(s) already exist(s)
command: "ceph --cluster {{ cluster }} auth get {{ item.name }}"
changed_when: false
failed_when: false
with_items: "{{ keys }}"
register: keys_exist
when:
- copy_admin_key
- name: add key(s) to ceph
command: "ceph --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
changed_when: false
with_together:
- "{{ keys }}"
- "{{ keys_exist.results | default([]) }}"
when:
- not item.1.get("skipped")
- copy_admin_key
- item.1.rc != 0
- name: setfacl for key(s)
acl:
path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
entry: "{{ item.1 }}"
state: present
with_subelements:
- "{{ keys }}"
- acls
- skip_missing: true
when:
- cephx
- keys | length > 0
- name: chmod key(s)
file:
path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
mode: "{{ item.mode }}"
with_items: "{{ keys }}"
when:
- cephx
- keys | length > 0