From: Graeme Gillies Date: Mon, 30 Jul 2018 23:24:21 +0000 (+1000) Subject: Allow mgr bootstrap keyring to be defined X-Git-Tag: v3.2.0beta2~80 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a46025820d363dc3e91c380fd6b60fb6152b998b;p=ceph-ansible.git Allow mgr bootstrap keyring to be defined In environments where we wish to have manual/greater control over how the bootstrap keyrings are used, we need to able to externally define what the mgr keyring secret will be and have ceph-ansible use it, instead of it being autogenerated Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1610213 Signed-off-by: Graeme Gillies --- diff --git a/group_vars/mons.yml.sample b/group_vars/mons.yml.sample index 1fea4bf70..cddd45f70 100644 --- a/group_vars/mons.yml.sample +++ b/group_vars/mons.yml.sample @@ -17,6 +17,7 @@ dummy: # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT #monitor_secret: "{{ monitor_keyring.stdout }}" #admin_secret: 'admin_secret' +#mgr_secret: 'mgr_secret' # Secure your cluster # This will set the following flags on all the pools: diff --git a/roles/ceph-mon/defaults/main.yml b/roles/ceph-mon/defaults/main.yml index 513f21d28..a52422c11 100644 --- a/roles/ceph-mon/defaults/main.yml +++ b/roles/ceph-mon/defaults/main.yml @@ -9,6 +9,7 @@ mon_group_name: mons # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT monitor_secret: "{{ monitor_keyring.stdout }}" admin_secret: 'admin_secret' +mgr_secret: 'mgr_secret' # Secure your cluster # This will set the following flags on all the pools: diff --git a/roles/ceph-mon/tasks/ceph_keys.yml b/roles/ceph-mon/tasks/ceph_keys.yml index ca22db723..23b12c6a8 100644 --- a/roles/ceph-mon/tasks/ceph_keys.yml +++ b/roles/ceph-mon/tasks/ceph_keys.yml @@ -76,6 +76,7 @@ osd: allow * mds: allow * cluster: "{{ cluster }}" + secret: "{{ (mgr_secret != 'mgr_secret') | ternary(mgr_secret, omit) }}" when: - cephx - groups.get(mgr_group_name, []) | length > 0