From: John Fulton Date: Thu, 10 Aug 2017 17:50:08 +0000 (-0400) Subject: Set the permissions mode on all of the OpenStack keys X-Git-Tag: v3.0.0rc3^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F1759%2Fhead;p=ceph-ansible.git Set the permissions mode on all of the OpenStack keys The original fix to issue #1755 only set the permissions on the monitors to which the key was copied, but not the original monitor where the key was created. Thus, we use a separate task to set the permission of the key. --- diff --git a/roles/ceph-mon/tasks/openstack_config.yml b/roles/ceph-mon/tasks/openstack_config.yml index 89536b722..a9ac748b2 100644 --- a/roles/ceph-mon/tasks/openstack_config.yml +++ b/roles/ceph-mon/tasks/openstack_config.yml @@ -41,7 +41,6 @@ copy: src: "{{ fetch_directory }}/{{ fsid }}/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" dest: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" - mode: "{{ item.1.mode }}" with_nested: - "{{ groups[mon_group_name] }}" - "{{ openstack_keys }}" @@ -63,3 +62,12 @@ when: - openstack_config - cephx + +- name: chmod openstack key(s) + file: + path: "/etc/ceph/{{ cluster }}.{{ item.name }}.keyring" + mode: "{{ item.mode }}" + with_items: "{{ openstack_keys }}" + when: + - openstack_config + - cephx