From: Sébastien Han <seb@redhat.com>
Date: Fri, 26 Oct 2018 12:32:49 +0000 (+0200)
Subject: mgr: only copy keys with dedicated mgr
X-Git-Tag: v4.0.0beta1~139
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=61082b3b3233568203f8c56466454975389d8f6e;p=ceph-ansible.git

mgr: only copy keys with dedicated mgr

When collocating mon and mgr, the mgr container will attempt to create
its own key since it has the admin key at its disposal. Also at this
point there is nothing to fetch since the key is not created by the
mons, as mentionned above the mgr creates the key on its own.

Signed-off-by: Sébastien Han <seb@redhat.com>
---

diff --git a/roles/ceph-mgr/tasks/common.yml b/roles/ceph-mgr/tasks/common.yml
index 5f0945da2..20d608436 100644
--- a/roles/ceph-mgr/tasks/common.yml
+++ b/roles/ceph-mgr/tasks/common.yml
@@ -15,7 +15,7 @@
     group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
     mode: "{{ ceph_keyring_permissions }}"
   with_items:
-    - { name: "/etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring", dest: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring", copy_key: true }
+    - { name: "/etc/ceph/{{ cluster }}.mgr.{{ ansible_hostname }}.keyring", dest: "/var/lib/ceph/mgr/{{ cluster }}-{{ ansible_hostname }}/keyring", copy_key: "{{ True if groups.get(mgr_group_name, []) | length > 0 else False }}" }
     - { name: "/etc/ceph/{{ cluster }}.client.admin.keyring", dest: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
   when:
     - cephx
@@ -29,3 +29,4 @@
     mode: "{{ ceph_keyring_permissions }}"
   when:
     - cephx
+    - groups.get(mgr_group_name, []) | length > 0