ceph-ansible/roles/ceph-client/tasks/create_users_keys.yml

127 lines
4.5 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

---
- name: set_fact keys_tmp - preserve backward compatibility after the introduction of the ceph_keys module
set_fact:
keys_tmp: "{{ keys_tmp|default([]) + [ { 'key': item.key, 'name': item.name, 'caps': { 'mon': item.mon_cap|quote, 'osd': item.osd_cap|default('')|quote, 'mds': item.mds_cap|default('')|quote, 'mgr': item.mgr_cap|default('')|quote } , 'mode': item.mode } ] }}"
when:
- item.get('mon_cap', None) # it's enough to assume we are running an old-fashionned syntax simply by checking the presence of mon_cap since every key needs this cap
with_items: "{{ keys }}"
- name: set_fact keys - override keys_tmp with keys
set_fact:
keys: "{{ keys_tmp }}"
when:
- keys_tmp is defined
- name: run a dummy container (sleep 300) from where we can create pool(s)/key(s)
command: >
docker run \
--rm \
-d \
-v {{ ceph_conf_key_directory }}:{{ ceph_conf_key_directory }}:z \
--name ceph-create-keys \
--entrypoint=sleep \
{{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }} \
300
changed_when: false
when:
- containerized_deployment
- inventory_hostname == groups.get(client_group_name) | first
- name: set_fact delegated_node
set_fact:
delegated_node: "{{ groups[mon_group_name][0] if groups.get(mon_group_name, []) | length > 0 else inventory_hostname }}"
- name: set_fact condition_copy_admin_key
set_fact:
condition_copy_admin_key: "{{ True if groups.get(mon_group_name, []) | length > 0 else copy_admin_key }}"
- name: set_fact docker_exec_cmd
set_fact:
docker_exec_cmd: "docker exec {% if groups.get(mon_group_name, []) | length > 0 -%} ceph-mon-{{ hostvars[delegated_node]['ansible_hostname'] }} {% else %} ceph-create-keys {% endif %}"
when:
- containerized_deployment
- name: create cephx key(s)
ceph_key:
state: present
name: "{{ item.name }}"
caps: "{{ item.caps }}"
secret: "{{ item.key | default('') }}"
containerized: "{{ docker_exec_cmd | default('') }}"
cluster: "{{ cluster }}"
dest: "{{ ceph_conf_key_directory }}"
import_key: "{{ copy_admin_key }}"
mode: "{{ item.mode|default(omit) }}"
with_items: "{{ keys }}"
delegate_to: "{{ delegated_node }}"
when:
- cephx
- keys | length > 0
- inventory_hostname == groups.get(client_group_name) | first
- name: slurp client cephx key(s)
slurp:
src: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring"
with_items:
- "{{ keys }}"
register: slurp_client_keys
delegate_to: "{{ delegated_node }}"
when:
- cephx
- keys | length > 0
- inventory_hostname == groups.get(client_group_name) | first
- name: list existing pool(s)
command: >
{{ docker_exec_cmd | default('') }} ceph --cluster {{ cluster }}
osd pool get {{ item.name }} size
with_items: "{{ pools }}"
register: created_pools
failed_when: false
delegate_to: "{{ delegated_node }}"
when:
- condition_copy_admin_key
- inventory_hostname == groups.get(client_group_name, []) | first
- name: create ceph pool(s)
command: >
{{ docker_exec_cmd | default('') }} ceph --cluster {{ cluster }}
osd pool create {{ item.0.name }}
{{ item.0.pg_num }}
{{ item.0.pgp_num }}
{{ 'replicated_rule' if item.0.rule_name | default('replicated_rule') == '' else item.0.rule_name | default('replicated_rule') }}
{{ 1 if item.0.type|default(1) == 'replicated' else 3 if item.0.type|default(1) == 'erasure' else item.0.type|default(1) }}
{%- if (item.0.type | default("1") == '3' or item.0.type | default("1") == 'erasure') and item.0.erasure_profile != '' %}
{{ item.0.erasure_profile }}
{%- endif %}
{{ item.0.expected_num_objects | default('') }}
with_together:
- "{{ pools }}"
- "{{ created_pools.results }}"
changed_when: false
delegate_to: "{{ delegated_node }}"
when:
- pools | length > 0
- condition_copy_admin_key
- inventory_hostname in groups.get(client_group_name) | first
- item.1.rc != 0
- name: kill a dummy container that created pool(s)/key(s)
command: docker rm -f ceph-create-keys
changed_when: false
when:
- containerized_deployment
- inventory_hostname == groups.get(client_group_name) | first
- name: get client cephx keys
copy:
dest: "{{ item.source }}"
content: "{{ item.content | b64decode }}"
mode: "{{ item.item.get('mode', '0600') }}"
owner: "{{ ceph_uid }}"
group: "{{ ceph_uid }}"
with_items:
- "{{ hostvars[groups[client_group_name][0]]['slurp_client_keys']['results'] }}"
when:
- not item.get('skipped', False)