From: Sébastien Han Date: Mon, 10 Mar 2014 23:47:24 +0000 (+0100) Subject: Autogenerate initial mon key X-Git-Tag: v1.0.0~395^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F25%2Fhead;p=ceph-ansible.git Autogenerate initial mon key As mentionned in the issue 24 it's not really safe to store a default fsid nor a monitor key. Thus the commit brings the auto-generation of the initial monitor key. However it is quite complex to do the same for the fsid, so I leave this to the person in charge of the deployment to generate one and edit group_vars/all accordingly. The default fsid has been removed as well. Close: #24 Signed-off-by: Sébastien Han --- diff --git a/group_vars/all b/group_vars/all index 7e85e3190..afae88c4f 100644 --- a/group_vars/all +++ b/group_vars/all @@ -10,7 +10,7 @@ redhat_distro: el6 # supported distros are el6, rhel6, f18, f19, opensuse12.2, s # Ceph options cephx: true mds: false # disable mds configuration in ceph.conf -fsid: 4a158d27-f750-41d5-9e7f-26ce4c9d2d45 +fsid: # /!\ GENERATE ONE WITH 'uuidgen -r' /!\ # Monitors options monitor_interface: eth1 diff --git a/group_vars/mons b/group_vars/mons deleted file mode 100644 index d1d9daa51..000000000 --- a/group_vars/mons +++ /dev/null @@ -1,5 +0,0 @@ ---- -# Variables here are applicable to all host groups NOT roles - -# Monitor options -monitor_secret: AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw== diff --git a/roles/mon/tasks/main.yml b/roles/mon/tasks/main.yml index f4eafc364..6d9e701d9 100644 --- a/roles/mon/tasks/main.yml +++ b/roles/mon/tasks/main.yml @@ -2,14 +2,22 @@ ## Deploy Ceph monitor(s) # +- name: Generate monitor initial keyring + command: ceph-authtool -C foo --gen-print-key creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} + when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx + register: monitor_secret + +- set_fact: 'monitor_secret="{{ monitor_secret.stdout }}"' + when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx + - name: Create monitor initial keyring - command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} + command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ hostvars[groups['mons'][0]]['monitor_secret'] }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} - name: Set initial monitor key permissions file: path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} mode=0600 owner=root group=root - name: Create monitor directory - action: file path=/var/lib/ceph/mon/ceph-{{ ansible_hostname }} state=directory owner=root group=root mode=0644 + file: path=/var/lib/ceph/mon/ceph-{{ ansible_hostname }} state=directory owner=root group=root mode=0644 - name: Ceph monitor mkfs command: ceph-mon --mkfs -i {{ ansible_hostname }} --keyring /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} creates=/var/lib/ceph/mon/ceph-{{ ansible_hostname }}/keyring