# A future version could use "--caps CAPSFILE"
# which will set all of capabilities associated with a given key, for all subsystems
- name: create openstack key(s)
- shell: "{{ docker_exec_cmd }} ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\""
+ shell: "{{ docker_exec_cmd }} bash -c 'ceph-authtool -C /etc/ceph/{{ cluster }}.{{ item.name }}.keyring --name {{ item.name }} --add-key {{ item.key }} --cap mon \"{{ item.mon_cap|default('') }}\" --cap osd \"{{ item.osd_cap|default('') }}\" --cap mds \"{{ item.mds_cap|default('') }}\"'"
args:
creates: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
with_items: "{{ openstack_keys }}"
- "{{ openstack_keys }}"
- "{{ openstack_key_exist.results }}"
when: item.1.rc != 0
+
+- name: fetch openstack key(s)
+ fetch:
+ src: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
+ dest: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
+ flat: yes
+ with_items: "{{ openstack_keys }}"
+
+- name: copy to other mons the openstack key(s)
+ copy:
+ src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
+ dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
+ with_nested:
+ - "{{ groups[mon_group_name] }}"
+ - "{{ openstack_keys }}"
+ delegate_to: "{{ item.0 }}"
+ when:
+ - cephx
+ - openstack_config
+ - item.0 != groups[mon_group_name] | last
projects / ceph-ansible.git / commitdiff