Set the permissions mode on all of the OpenStack keys

The original fix to issue #1755 only set the permissions on
the monitors to which the key was copied, but not the original
monitor where the key was created. Thus, we use a separate task
to set the permission of the key.

diff --git a/roles/ceph-mon/tasks/openstack_config.yml b/roles/ceph-mon/tasks/openstack_config.yml
index 89536b72243d1cd4862ef39c599faa2464efcc17..a9ac748b2ccc1dc8708cbf4c236bc86c3153332a 100644 (file)
--- a/roles/ceph-mon/tasks/openstack_config.yml
+++ b/roles/ceph-mon/tasks/openstack_config.yml
@@ -41,7 +41,6 @@
   copy:
     src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
     dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
-    mode: "{{ item.1.mode }}"
   with_nested:
     - "{{ groups[mon_group_name] }}"
     - "{{ openstack_keys }}"
@@ -63,3 +62,12 @@
   when:
     - openstack_config
     - cephx
+
+- name: chmod openstack key(s)
+  file:
+    path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring"
+    mode: "{{ item.mode }}"
+  with_items: "{{ openstack_keys }}"
+  when:
+    - openstack_config
+    - cephx