mgr: only copy keys with dedicated mgr

When collocating mon and mgr, the mgr container will attempt to create
its own key since it has the admin key at its disposal. Also at this
point there is nothing to fetch since the key is not created by the
mons, as mentionned above the mgr creates the key on its own.

Signed-off-by: Sébastien Han <seb@redhat.com>

diff --git a/roles/ceph-mgr/tasks/common.yml b/roles/ceph-mgr/tasks/common.yml
index 5f0945da276ae7a171fd732b00af2c30e9596f19..20d60843647473a953f79a98fa977262192cda1c 100644 (file)
--- a/roles/ceph-mgr/tasks/common.yml
+++ b/roles/ceph-mgr/tasks/common.yml
@@ -15,7 +15,7 @@
     group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
     mode: "{{ ceph_keyring_permissions }}"
   with_items:
-    - { name: "/etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring", dest: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring", copy_key: true }
+    - { name: "/etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring", dest: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring", copy_key: "{{ True if groups.get(mgr_group_name, []) | length > 0 else False }}" }
     - { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", dest: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
   when:
     - cephx
@@ -29,3 +29,4 @@
     mode: "{{ ceph_keyring_permissions }}"
   when:
     - cephx
+    - groups.get(mgr_group_name, []) | length > 0