From: Sébastien Han <sebastien.han@enovance.com>
Date: Thu, 13 Nov 2014 14:38:10 +0000 (+0100)
Subject: Fix autogen UUID and add auto gen monitor key
X-Git-Tag: v1.0.0~303^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=a7bba850276e01f30463a788d497432b472bb610;p=ceph-ansible.git

Fix autogen UUID and add auto gen monitor key

This fixes the UUID auto generation and introduces the monitor key auto
generation.

Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
---

diff --git a/.gitignore b/.gitignore
index 98550a81c..07573a658 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 .vagrant
 *.vdi
 *.keyring
-fetch/4a158d27-f750-41d5-9e7f-26ce4c9d2d45
+fetch/*
diff --git a/Vagrantfile b/Vagrantfile
index e4461b5c6..7880ec6fd 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -21,11 +21,6 @@ ansible_provision = proc do |ansible|
     'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" }
   }
 
-  # In a production deployment, these should be secret
-  ansible.extra_vars = {
-    fsid: '4a158d27-f750-41d5-9e7f-26ce4c9d2d45',
-    monitor_secret: 'AQAWqilTCDh7CBAAawXt6kyTgLFCxSvJhTEmuw=='
-  }
   ansible.limit = 'all'
 end
 
diff --git a/roles/ceph-common/tasks/main.yml b/roles/ceph-common/tasks/main.yml
index 3567dc30a..86961fd01 100644
--- a/roles/ceph-common/tasks/main.yml
+++ b/roles/ceph-common/tasks/main.yml
@@ -23,11 +23,15 @@
   register: socket
 
 - name: Generate cluster UUID
-  shell: "uuidgen | tee /etc/ceph/ceph_cluster_uuid.conf" creates=/etc/ceph/ceph_cluster_uuid.conf
+  shell: uuidgen | tee fetch/ceph_cluster_uuid.conf creates=fetch/ceph_cluster_uuid.conf
+  connection: local
+  sudo: false
   register: cluster_uuid
 
 - name: Read cluster UUID if it already exists
-  command: cat /etc/ceph/ceph_cluster_uuid.conf removes=/etc/ceph/ceph_cluster_uuid.conf
+  command: cat fetch/ceph_cluster_uuid.conf removes=fetch/ceph_cluster_uuid.conf
+  connection: local
+  sudo: false
   register: cluster_uuid
 
 - name: Generate Ceph configuration file
diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 18edf5374..2227963b5 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -1,13 +1,24 @@
 ---
+- name: Create monitor secret
+  shell: ceph-authtool --gen-print-key | tee /etc/ceph/ceph_monitor_secret.conf creates=/etc/ceph/ceph_monitor_secret.conf
+  register: monitor_secret
+
+- name: Read monitor secret if it already exists
+  command: cat /etc/ceph/ceph_monitor_secret.conf removes=/etc/ceph/ceph_monitor_secret.conf
+  register: monitor_secret
+
 - name: Create monitor initial keyring
-  command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
+  command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret.stdout }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}"
 
 - name: Set initial monitor key permissions
   file: >
-    path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
-    mode=0600
+    path={{ item }}
+    mode=0400
     owner=root
     group=root
+  with_items:
+    - /etc/ceph/ceph_monitor_secret.conf
+    - /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
 
 - name: Create monitor directory
   file: >