# Can add `mds_cap` attribute to override the default value which is '' for mds capabilities.
# To have have ansible setfacl the generated key for $user, set the acls var like so:
# acls: ["u:$user:r--"]
+#
+# Generate a keyring using ceph-authtool CLI or python.
+# Eg:
+# $ ceph-authtool --gen-print-key
+# $ python2 -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)"
#keys:
-# - { name: client.test, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }
-# - { name: client.test2, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }
+# - { name: client.test, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }
+# - { name: client.test2, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }
# Can add `mds_cap` attribute to override the default value which is '' for mds capabilities.
# To have have ansible setfacl the generated key for $user, set the acls var like so:
# acls: ["u:$user:r--"]
+#
+# Generate a keyring using ceph-authtool CLI or python.
+# Eg:
+# $ ceph-authtool --gen-print-key
+# $ python2 -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)"
keys:
- - { name: client.test, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }
- - { name: client.test2, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }
+ - { name: client.test, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }
+ - { name: client.test2, key: "ADD-KEYRING-HERE==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }
---
+- name: check keys has been filled in users.key variables
+ fail:
+ msg: "you must generate and set keys properly in users.key variables"
+ with_items: "{{ keys }}"
+ when:
+ - user_config
+ - item.key == 'ADD-KEYRING-HERE=='
+
- name: set selinux permissions
shell: |
chcon -Rt svirt_sandbox_file_t {{ item }}
---
copy_admin_key: true
+keys:
+ - { name: client.test, key: "AQAin8tUoMPDGRAACcfAQHbq4eTuUoTCZdW1Uw==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test", mode: "0600", acls: [] }
+ - { name: client.test2, key: "AQAin8tUAJkGGhAA8WZ8Lz5c7IkT8QZ5s7bI1A==", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool=test2", mode: "0600", acls: [] }
projects / ceph-ansible.git / commitdiff