mon: add mgr cap to admin key

Signed-off-by: Sébastien Han <seb@redhat.com>

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index de8ef40d322c0fb4dbd7d990e8911414fd9e1736..eda6747f3199bb0b48a2329316d00ec7054f3756 100644 (file)
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -38,8 +38,22 @@
     mode: "0755"
     recurse: true
 
+- set_fact:
+    ceph_authtool_cap: "--cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow' --cap mgr 'allow *'"
+  when:
+    - ceph_release_num.{{ ceph_release }} >= ceph_release_num.luminous
+    - cephx
+    - admin_secret != 'admin_secret'
+
+- set_fact:
+    ceph_authtool_cap: "--cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'"
+  when:
+    - ceph_release_num.{{ ceph_release }} < ceph_release_num.luminous
+    - cephx
+    - admin_secret != 'admin_secret'
+
 - name: create custom admin keyring
-  command: ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'
+  command: "ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 {{ ceph_authtool_cap }}"
   args:
     creates: /etc/ceph/{{ cluster }}.client.admin.keyring
   register: create_custom_admin_secret