From 19958f5c278d5da8b9cae05bf9222320b9e49761 Mon Sep 17 00:00:00 2001
From: Graeme Gillies <ggillies@akamai.com>
Date: Tue, 31 Jul 2018 09:24:21 +1000
Subject: [PATCH] Allow mgr bootstrap keyring to be defined

In environments where we wish to have manual/greater control over
how the bootstrap keyrings are used, we need to able to externally
define what the mgr keyring secret will be and have ceph-ansible
use it, instead of it being autogenerated

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1610213

Signed-off-by: Graeme Gillies <ggillies@akamai.com>
(cherry picked from commit a46025820d363dc3e91c380fd6b60fb6152b998b)
---
 group_vars/mons.yml.sample         | 1 +
 roles/ceph-mon/defaults/main.yml   | 1 +
 roles/ceph-mon/tasks/ceph_keys.yml | 1 +
 3 files changed, 3 insertions(+)

diff --git a/group_vars/mons.yml.sample b/group_vars/mons.yml.sample
index 1fea4bf70..cddd45f70 100644
--- a/group_vars/mons.yml.sample
+++ b/group_vars/mons.yml.sample
@@ -17,6 +17,7 @@ dummy:
 # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
 #monitor_secret: "{{ monitor_keyring.stdout }}"
 #admin_secret: 'admin_secret'
+#mgr_secret: 'mgr_secret'
 
 # Secure your cluster
 # This will set the following flags on all the pools:
diff --git a/roles/ceph-mon/defaults/main.yml b/roles/ceph-mon/defaults/main.yml
index 513f21d28..a52422c11 100644
--- a/roles/ceph-mon/defaults/main.yml
+++ b/roles/ceph-mon/defaults/main.yml
@@ -9,6 +9,7 @@ mon_group_name: mons
 # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
 monitor_secret: "{{ monitor_keyring.stdout }}"
 admin_secret: 'admin_secret'
+mgr_secret: 'mgr_secret'
 
 # Secure your cluster
 # This will set the following flags on all the pools:
diff --git a/roles/ceph-mon/tasks/ceph_keys.yml b/roles/ceph-mon/tasks/ceph_keys.yml
index 145fcadac..5f9a540da 100644
--- a/roles/ceph-mon/tasks/ceph_keys.yml
+++ b/roles/ceph-mon/tasks/ceph_keys.yml
@@ -76,6 +76,7 @@
       osd: allow *
       mds: allow *
     cluster: "{{ cluster }}"
+    secret: "{{ (mgr_secret != 'mgr_secret') | ternary(mgr_secret, omit) }}"
   when:
     - cephx
     - groups.get(mgr_group_name, []) | length > 0
-- 
2.47.3