# ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
#fsid: "{{ cluster_uuid.stdout }}"
#monitor_secret: "{{ monitor_keyring.stdout }}"
+#admin_secret: 'admin_secret'
# CephFS
#cephfs_data: cephfs_data
# important to split them into shards. We suggest about 100K
# objects per shard as a conservative maximum.
#rgw_override_bucket_index_max_shards: 16
-
+#
# Consider setting a quota on buckets so that exceeding this
# limit will require admin intervention.
#rgw_bucket_default_quota_max_objects: 1638400 # i.e., 100K * 16
# ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
fsid: "{{ cluster_uuid.stdout }}"
monitor_secret: "{{ monitor_keyring.stdout }}"
+admin_secret: 'admin_secret'
# CephFS
cephfs_data: cephfs_data
---
- name: collect admin and bootstrap keys
command: ceph-create-keys --cluster {{ cluster }} -i {{ monitor_name }}
- args:
- creates: /etc/ceph/{{ cluster }}.client.admin.keyring
failed_when: false
changed_when: false
always_run: true
mode: "0755"
recurse: true
+- name: create custom admin keyring
+ command: ceph-authtool /etc/ceph/{{ cluster }}.client.admin.keyring --create-keyring --name=client.admin --add-key={{ admin_secret }} --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'
+ args:
+ creates: /etc/ceph/{{ cluster }}.client.admin.keyring
+ register: create_custom_admin_secret
+ when:
+ - cephx
+ - admin_secret != 'admin_secret'
+
+- name: set ownership of admin keyring
+ file:
+ path: /etc/ceph/{{ cluster }}.client.admin.keyring
+ state: file
+ owner: 'ceph'
+ group: 'ceph'
+ mode: '0600'
+ when:
+ - cephx
+ - admin_secret != 'admin_secret'
+
+- name: import admin keyring into mon keyring
+ command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ monitor_name }} --import-keyring /etc/ceph/{{ cluster }}.client.admin.keyring
+ when:
+ - cephx
+ - admin_secret != 'admin_secret'
+ - not create_custom_admin_secret.get('skipped')
+
- name: ceph monitor mkfs with keyring
command: ceph-mon --cluster {{ cluster }} --setuser ceph --setgroup ceph --mkfs -i {{ monitor_name }} --fsid {{ fsid }} --keyring /var/lib/ceph/tmp/keyring.mon.{{ monitor_name }}
args:
projects / ceph-ansible.git / commitdiff