mirror of https://github.com/ceph/ceph-ansible.git
75 lines
2.2 KiB
YAML
75 lines
2.2 KiB
YAML
---
|
|
# This playbook is used to manage CephX Keys
|
|
# You will find examples below on how the module can be used on daily operations
|
|
#
|
|
# It currently runs on localhost
|
|
|
|
- name: CephX key management examples
|
|
hosts: localhost
|
|
gather_facts: false
|
|
vars:
|
|
cluster: ceph
|
|
container_exec_cmd: "docker exec ceph-nano"
|
|
keys_to_info:
|
|
- client.admin
|
|
- mds.0
|
|
keys_to_delete:
|
|
- client.leseb
|
|
- client.leseb1
|
|
- client.pythonnnn
|
|
keys_to_create:
|
|
- { name: client.pythonnnn, caps: { mon: "allow rwx", mds: "allow *" }, mode: "0600" }
|
|
- { name: client.existpassss, caps: { mon: "allow r", osd: "allow *" }, mode: "0600" }
|
|
- { name: client.path, caps: { mon: "allow r", osd: "allow *" }, mode: "0600" }
|
|
|
|
tasks:
|
|
- name: Create ceph key(s) module
|
|
ceph_key:
|
|
name: "{{ item.name }}"
|
|
caps: "{{ item.caps }}"
|
|
cluster: "{{ cluster }}"
|
|
secret: "{{ item.key | default('') }}"
|
|
containerized: "{{ container_exec_cmd | default(False) }}"
|
|
with_items: "{{ keys_to_create }}"
|
|
|
|
- name: Update ceph key(s)
|
|
ceph_key:
|
|
name: "{{ item.name }}"
|
|
state: update
|
|
caps: "{{ item.caps }}"
|
|
cluster: "{{ cluster }}"
|
|
containerized: "{{ container_exec_cmd | default(False) }}"
|
|
with_items: "{{ keys_to_create }}"
|
|
|
|
- name: Delete ceph key(s)
|
|
ceph_key:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
cluster: "{{ cluster }}"
|
|
containerized: "{{ container_exec_cmd | default(False) }}"
|
|
with_items: "{{ keys_to_delete }}"
|
|
|
|
- name: Info ceph key(s)
|
|
ceph_key:
|
|
name: "{{ item }}"
|
|
state: info
|
|
cluster: "{{ cluster }}"
|
|
containerized: "{{ container_exec_cmd }}"
|
|
register: key_info
|
|
ignore_errors: true
|
|
with_items: "{{ keys_to_info }}"
|
|
|
|
- name: List ceph key(s)
|
|
ceph_key:
|
|
state: list
|
|
cluster: "{{ cluster }}"
|
|
containerized: "{{ container_exec_cmd | default(False) }}"
|
|
register: list_keys
|
|
ignore_errors: true
|
|
|
|
- name: Fetch_initial_keys # noqa: ignore-errors
|
|
ceph_key:
|
|
state: fetch_initial_keys
|
|
cluster: "{{ cluster }}"
|
|
ignore_errors: true
|