mirror of https://github.com/ceph/ceph-ansible.git
75 lines
2.8 KiB
YAML
75 lines
2.8 KiB
YAML
---
|
||
- name: create openstack pool(s)
|
||
command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} osd pool create {{ item.name }} {{ item.pg_num }} {{ item.rule_name }}"
|
||
with_items: "{{ openstack_pools | unique }}"
|
||
changed_when: false
|
||
failed_when: false
|
||
|
||
# A future version could use "--caps CAPSFILE"
|
||
# which will set all of capabilities associated with a given key, for all subsystems
|
||
- name: create openstack key(s)
|
||
shell: "{{ docker_exec_cmd }} bash -c 'ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\"'"
|
||
args:
|
||
creates: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
|
||
with_items: "{{ openstack_keys }}"
|
||
changed_when: false
|
||
when: cephx
|
||
|
||
- name: check if openstack key(s) already exist(s)
|
||
command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} auth get {{ item.name }}"
|
||
changed_when: false
|
||
failed_when: false
|
||
with_items: "{{ openstack_keys }}"
|
||
register: openstack_key_exist
|
||
|
||
- name: add openstack key(s) to ceph
|
||
command: "{{ docker_exec_cmd }} ceph --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
||
changed_when: false
|
||
with_together:
|
||
- "{{ openstack_keys }}"
|
||
- "{{ openstack_key_exist.results }}"
|
||
when: item.1.rc != 0
|
||
|
||
- name: fetch openstack key(s)
|
||
fetch:
|
||
src: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
|
||
dest: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
|
||
flat: yes
|
||
with_items: "{{ openstack_keys }}"
|
||
|
||
- name: copy to other mons the openstack key(s)
|
||
copy:
|
||
src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
|
||
dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
|
||
with_nested:
|
||
- "{{ groups[mon_group_name] }}"
|
||
- "{{ openstack_keys }}"
|
||
delegate_to: "{{ item.0 }}"
|
||
when:
|
||
- cephx
|
||
- openstack_config
|
||
- item.0 != groups[mon_group_name] | last
|
||
|
||
- name: chmod openstack key(s) on the other mons and this mon
|
||
file:
|
||
path: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
|
||
mode: "{{ item.1.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
|
||
with_nested:
|
||
- "{{ groups[mon_group_name] }}"
|
||
- "{{ openstack_keys }}"
|
||
delegate_to: "{{ item.0 }}"
|
||
when:
|
||
- openstack_config
|
||
- cephx
|
||
|
||
- name: setfacl for openstack key(s) on the other mons and this mon
|
||
command: "setfacl -m {{ item.1.acls | join(',') }} /etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
|
||
with_nested:
|
||
- "{{ groups[mon_group_name] }}"
|
||
- "{{ openstack_keys }}"
|
||
delegate_to: "{{ item.0 }}"
|
||
when:
|
||
- item.1.get('acls', []) | length > 0
|
||
- openstack_config
|
||
- cephx
|