From: Sébastien Han <sebastien.han@enovance.com>
Date: Wed, 12 Mar 2014 12:31:22 +0000 (+0100)
Subject: Revert 37882255d6ac5d15b7725df6a2c15a2c0c22928f (auto key generation)
X-Git-Tag: v1.0.0~387^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F34%2Fhead;p=ceph-ansible.git

Revert 37882255d6ac5d15b7725df6a2c15a2c0c22928f (auto key generation)

We introduced a key generation mechanism that aimed to ease deployment.
In the end, it brought more complexity to the playbook and doesn't
scale.

Reverting the auto generation commit and instructing users to generate
their own keys.

Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
---

diff --git a/group_vars/mons b/group_vars/mons
new file mode 100644
index 000000000..daa64bf42
--- /dev/null
+++ b/group_vars/mons
@@ -0,0 +1,5 @@
+----
+# Variables here are applicable to all host groups NOT roles
+
+# Monitor options
+monitor_secret: # /!\ GENERATE ONE WITH 'ceph-authtool -C foo --gen-print-key' /!\
diff --git a/roles/mon/tasks/main.yml b/roles/mon/tasks/main.yml
index 6d9e701d9..04331c9e1 100644
--- a/roles/mon/tasks/main.yml
+++ b/roles/mon/tasks/main.yml
@@ -2,16 +2,8 @@
 ## Deploy Ceph monitor(s)
 #
 
-- name: Generate monitor initial keyring
-  command: ceph-authtool -C foo --gen-print-key creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
-  when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx
-  register: monitor_secret
-
-- set_fact: 'monitor_secret="{{ monitor_secret.stdout }}"'
-  when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx
-
 - name: Create monitor initial keyring
-  command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ hostvars[groups['mons'][0]]['monitor_secret'] }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
+  command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
 
 - name: Set initial monitor key permissions
   file: path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} mode=0600 owner=root group=root