mirror of https://github.com/ceph/ceph-ansible.git
103 lines
3.2 KiB
YAML
103 lines
3.2 KiB
YAML
---
|
||
- name: set docker_exec_client_cmd_binary to ceph-authtool
|
||
set_fact:
|
||
docker_exec_client_cmd_binary: ceph-authtool
|
||
when: containerized_deployment
|
||
|
||
- name: set docker_exec_client_cmd for containers
|
||
set_fact:
|
||
docker_exec_client_cmd: docker run --rm -v /etc/ceph:/etc/ceph --entrypoint /usr/bin/{{ docker_exec_client_cmd_binary }} {{ ceph_docker_registry}}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}
|
||
when: containerized_deployment
|
||
|
||
- name: set docker_exec_client_cmd for non-containers
|
||
set_fact:
|
||
docker_exec_client_cmd: ceph-authtool
|
||
when: not containerized_deployment
|
||
|
||
- name: create key(s)
|
||
shell: "{{ docker_exec_client_cmd }} -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
|
||
args:
|
||
creates: /etc/ceph/{{ cluster }}.{{ item.name }}.keyring
|
||
with_items: "{{ keys }}"
|
||
changed_when: false
|
||
when:
|
||
- cephx
|
||
- keys | length > 0
|
||
|
||
- name: set docker_exec_client_cmd_binary to ceph
|
||
set_fact:
|
||
docker_exec_client_cmd_binary: ceph
|
||
when: containerized_deployment
|
||
|
||
- name: replace docker_exec_client_cmd by ceph
|
||
set_fact:
|
||
docker_exec_client_cmd: ceph
|
||
when:
|
||
- not containerized_deployment
|
||
- docker_exec_client_cmd == 'ceph-authtool'
|
||
|
||
- name: check if key(s) already exist(s)
|
||
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth get {{ item.name }}"
|
||
changed_when: false
|
||
failed_when: false
|
||
with_items: "{{ keys }}"
|
||
register: keys_exist
|
||
when:
|
||
- copy_admin_key
|
||
|
||
- name: create pool(s)
|
||
command: >
|
||
{{ docker_exec_client_cmd }} --cluster {{ cluster }}
|
||
osd pool create {{ item.name }}
|
||
{{ item.get('pg_num', hostvars[groups[mon_group_name][0]]['osd_pool_default_pg_num']) }}
|
||
{{ item.pgp_num | default(item.pg_num) }}
|
||
{{ item.rule_name | default("replicated_rule") }}
|
||
{{ item.type | default("replicated") }}
|
||
{%- if item.type | default("replicated") == 'erasure' and item.erasure_profile != '' %}
|
||
{{ item.erasure_profile }}
|
||
{%- endif %}
|
||
{{ item.size | default('') }}
|
||
with_items: "{{ pools }}"
|
||
changed_when: false
|
||
when:
|
||
- pools | length > 0
|
||
- copy_admin_key
|
||
|
||
- name: add key(s) to ceph
|
||
command: "{{ docker_exec_client_cmd }} --cluster {{ cluster }} auth import -i /etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
||
changed_when: false
|
||
with_together:
|
||
- "{{ keys }}"
|
||
- "{{ keys_exist.results | default([]) }}"
|
||
when:
|
||
- not item.1.get("skipped")
|
||
- copy_admin_key
|
||
- item.1.rc != 0
|
||
|
||
- name: put docker_exec_client_cmd back to normal with a none value
|
||
set_fact:
|
||
docker_exec_client_cmd:
|
||
when: docker_exec_client_cmd == 'ceph'
|
||
|
||
- name: chmod key(s)
|
||
file:
|
||
path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
|
||
mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
|
||
with_items: "{{ keys }}"
|
||
when:
|
||
- cephx
|
||
- keys | length > 0
|
||
|
||
- name: setfacl for key(s)
|
||
acl:
|
||
path: "/etc/ceph/{{ cluster }}.{{ item.0.name }}.keyring"
|
||
entry: "{{ item.1 }}"
|
||
state: present
|
||
with_subelements:
|
||
- "{{ keys }}"
|
||
- acls
|
||
- skip_missing: true
|
||
when:
|
||
- cephx
|
||
- keys | length > 0
|