mon/client: apply mode from ceph_key

Do not use a dedicated task for this but use the ceph_key module
capability to set file mode.

Signed-off-by: Sébastien Han <seb@redhat.com>

diff --git a/roles/ceph-client/tasks/create_users_keys.yml b/roles/ceph-client/tasks/create_users_keys.yml
index f316106217405eab92501907fb525e247609a69a..d7b79bb9b789fcdd3e567bbabe1ff15311d23b21 100644 (file)
--- a/roles/ceph-client/tasks/create_users_keys.yml
+++ b/roles/ceph-client/tasks/create_users_keys.yml
@@ -41,7 +41,8 @@
     containerized: "{{ docker_exec_client_cmd | default('') }}"
     cluster: "{{ cluster }}"
     dest: "{{ ceph_conf_key_directory }}"
-    import_key: "{{ copy_admin_key }}"  # if the admin key is copied we assume the user wants to import the key in Ceph not only create it
+    import_key: "{{ copy_admin_key }}"
+    mode: "{{ item.mode|default(omit) }}"
   with_items: "{{ keys }}"
   run_once: true
   when:
@@ -97,15 +98,6 @@
     - not item.get('skipped', False)
     - not inventory_hostname == groups.get(client_group_name, []) | first
 
-- name: chmod cephx key(s)
-  file:
-    path: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring"
-    mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
-  with_items: "{{ keys }}"
-  when:
-    - cephx
-    - keys | length > 0
-
 - name: setfacl for cephx key(s)
   acl:
     path: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.0.name }}.keyring"

diff --git a/roles/ceph-mon/tasks/openstack_config.yml b/roles/ceph-mon/tasks/openstack_config.yml
index 72152ea01378d6a1f7644140f8051a1698da9b73..78cf13ff9a6de79ea3c6d767eefe07fbb7be6b4b 100644 (file)
--- a/roles/ceph-mon/tasks/openstack_config.yml
+++ b/roles/ceph-mon/tasks/openstack_config.yml
@@ -29,6 +29,7 @@
     secret: "{{ item.key | default('') }}"
     containerized: "{{ docker_exec_cmd | default(False) }}"
     cluster: "{{ cluster }}"
+    mode: "{{ item.mode|default(omit) }}"
   with_items: "{{ openstack_keys }}"
   when: cephx
 
@@ -50,27 +51,4 @@
   when:
     - cephx
     - openstack_config
-    - item.0 != groups[mon_group_name] | last
-
-- name: chmod openstack cephx key(s) on the other mons and this mon
-  file:
-    path: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
-    mode: "{{ item.1.mode|default(omit) }}" # if mode not in list, uses mode from ps umask
-  with_nested:
-    - "{{ groups[mon_group_name] }}"
-    - "{{ openstack_keys }}"
-  delegate_to: "{{ item.0 }}"
-  when:
-    - openstack_config
-    - cephx
-
-- name: setfacl for openstack cephx key(s) on the other mons and this mon
-  command: "setfacl -m {{ item.1.acls | join(',') }} /etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring"
-  with_nested:
-    - "{{ groups[mon_group_name] }}"
-    - "{{ openstack_keys }}"
-  delegate_to: "{{ item.0 }}"
-  when:
-    - item.1.get('acls', []) | length > 0
-    - openstack_config
-    - cephx
+    - item.0 != groups[mon_group_name] | last
\ No newline at end of file