Revert "Fix autogen UUID and add auto gen monitor key"

diff --git a/.gitignore b/.gitignore
index 07573a6580d6ba2b9cb540d98d72b0e5237c9a8f..98550a81cc44ffc134de7423d6392eb32ecf0cea 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 .vagrant
 *.vdi
 *.keyring
-fetch/*
+fetch/4a158d27-f750-41d5-9e7f-26ce4c9d2d45

diff --git a/Vagrantfile b/Vagrantfile
index 7880ec6fd897396980e0f13e65e4f724e2bb83f1..e4461b5c6a8c86a263f73b91e1052955d029b18f 100644 (file)
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -21,6 +21,11 @@ ansible_provision = proc do |ansible|
     'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" }
   }
 
+  # In a production deployment, these should be secret
+  ansible.extra_vars = {
+    fsid: '4a158d27-f750-41d5-9e7f-26ce4c9d2d45',
+    monitor_secret: 'AQAWqilTCDh7CBAAawXt6kyTgLFCxSvJhTEmuw=='
+  }
   ansible.limit = 'all'
 end
 

diff --git a/roles/ceph-common/tasks/main.yml b/roles/ceph-common/tasks/main.yml
index 86961fd01b9e889320bb716692b762ddd0d0a746..3567dc30a5dc080efe1f707bbfca82147fa776e2 100644 (file)
--- a/roles/ceph-common/tasks/main.yml
+++ b/roles/ceph-common/tasks/main.yml
@@ -23,15 +23,11 @@
   register: socket
 
 - name: Generate cluster UUID
-  shell: uuidgen | tee fetch/ceph_cluster_uuid.conf creates=fetch/ceph_cluster_uuid.conf
-  connection: local
-  sudo: false
+  shell: "uuidgen | tee /etc/ceph/ceph_cluster_uuid.conf" creates=/etc/ceph/ceph_cluster_uuid.conf
   register: cluster_uuid
 
 - name: Read cluster UUID if it already exists
-  command: cat fetch/ceph_cluster_uuid.conf removes=fetch/ceph_cluster_uuid.conf
-  connection: local
-  sudo: false
+  command: cat /etc/ceph/ceph_cluster_uuid.conf removes=/etc/ceph/ceph_cluster_uuid.conf
   register: cluster_uuid
 
 - name: Generate Ceph configuration file

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 2227963b581a27d25eac2eacd33ab27cad392976..18edf5374ee2c3334a9ee00c63a3eb8281d056b9 100644 (file)
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -1,24 +1,13 @@
 ---
-- name: Create monitor secret
-  shell: ceph-authtool --gen-print-key | tee /etc/ceph/ceph_monitor_secret.conf creates=/etc/ceph/ceph_monitor_secret.conf
-  register: monitor_secret
-
-- name: Read monitor secret if it already exists
-  command: cat /etc/ceph/ceph_monitor_secret.conf removes=/etc/ceph/ceph_monitor_secret.conf
-  register: monitor_secret
-
 - name: Create monitor initial keyring
-  command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret.stdout }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
+  command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
 
 - name: Set initial monitor key permissions
   file: >
-    path={{ item }}
-    mode=0400
+    path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
+    mode=0600
     owner=root
     group=root
-  with_items:
-    - /etc/ceph/ceph_monitor_secret.conf
-    - /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
 
 - name: Create monitor directory
   file: >