Fix autogen UUID and add auto gen monitor key

This fixes the UUID auto generation and introduces the monitor key auto
generation.

Signed-off-by: Sébastien Han <sebastien.han@enovance.com>

diff --git a/.gitignore b/.gitignore
index 98550a81cc44ffc134de7423d6392eb32ecf0cea..07573a6580d6ba2b9cb540d98d72b0e5237c9a8f 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 .vagrant
 *.vdi
 *.keyring
-fetch/4a158d27-f750-41d5-9e7f-26ce4c9d2d45
+fetch/*

diff --git a/Vagrantfile b/Vagrantfile
index e4461b5c6a8c86a263f73b91e1052955d029b18f..7880ec6fd897396980e0f13e65e4f724e2bb83f1 100644 (file)
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -21,11 +21,6 @@ ansible_provision = proc do |ansible|
     'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" }
   }
 
-  # In a production deployment, these should be secret
-  ansible.extra_vars = {
-    fsid: '4a158d27-f750-41d5-9e7f-26ce4c9d2d45',
-    monitor_secret: 'AQAWqilTCDh7CBAAawXt6kyTgLFCxSvJhTEmuw=='
-  }
   ansible.limit = 'all'
 end
 

diff --git a/roles/ceph-common/tasks/main.yml b/roles/ceph-common/tasks/main.yml
index 3567dc30a5dc080efe1f707bbfca82147fa776e2..86961fd01b9e889320bb716692b762ddd0d0a746 100644 (file)
--- a/roles/ceph-common/tasks/main.yml
+++ b/roles/ceph-common/tasks/main.yml
@@ -23,11 +23,15 @@
   register: socket
 
 - name: Generate cluster UUID
-  shell: "uuidgen | tee /etc/ceph/ceph_cluster_uuid.conf" creates=/etc/ceph/ceph_cluster_uuid.conf
+  shell: uuidgen | tee fetch/ceph_cluster_uuid.conf creates=fetch/ceph_cluster_uuid.conf
+  connection: local
+  sudo: false
   register: cluster_uuid
 
 - name: Read cluster UUID if it already exists
-  command: cat /etc/ceph/ceph_cluster_uuid.conf removes=/etc/ceph/ceph_cluster_uuid.conf
+  command: cat fetch/ceph_cluster_uuid.conf removes=fetch/ceph_cluster_uuid.conf
+  connection: local
+  sudo: false
   register: cluster_uuid
 
 - name: Generate Ceph configuration file

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 18edf5374ee2c3334a9ee00c63a3eb8281d056b9..2227963b581a27d25eac2eacd33ab27cad392976 100644 (file)
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -1,13 +1,24 @@
 ---
+- name: Create monitor secret
+  shell: ceph-authtool --gen-print-key | tee /etc/ceph/ceph_monitor_secret.conf creates=/etc/ceph/ceph_monitor_secret.conf
+  register: monitor_secret
+
+- name: Read monitor secret if it already exists
+  command: cat /etc/ceph/ceph_monitor_secret.conf removes=/etc/ceph/ceph_monitor_secret.conf
+  register: monitor_secret
+
 - name: Create monitor initial keyring
-  command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
+  command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret.stdout }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
 
 - name: Set initial monitor key permissions
   file: >
-    path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
-    mode=0600
+    path={{ item }}
+    mode=0400
     owner=root
     group=root
+  with_items:
+    - /etc/ceph/ceph_monitor_secret.conf
+    - /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
 
 - name: Create monitor directory
   file: >