From 36d034ad201c53dab308108a94a57d69844ff1cd Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Wed, 12 Mar 2014 13:31:22 +0100 Subject: [PATCH] Revert 37882255d6ac5d15b7725df6a2c15a2c0c22928f (auto key generation) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit We introduced a key generation mechanism that aimed to ease deployment. In the end, it brought more complexity to the playbook and doesn't scale. Reverting the auto generation commit and instructing users to generate their own keys. Signed-off-by: Sébastien Han --- group_vars/mons | 5 +++++ roles/mon/tasks/main.yml | 10 +--------- 2 files changed, 6 insertions(+), 9 deletions(-) create mode 100644 group_vars/mons diff --git a/group_vars/mons b/group_vars/mons new file mode 100644 index 000000000..daa64bf42 --- /dev/null +++ b/group_vars/mons @@ -0,0 +1,5 @@ +---- +# Variables here are applicable to all host groups NOT roles + +# Monitor options +monitor_secret: # /!\ GENERATE ONE WITH 'ceph-authtool -C foo --gen-print-key' /!\ diff --git a/roles/mon/tasks/main.yml b/roles/mon/tasks/main.yml index 6d9e701d9..04331c9e1 100644 --- a/roles/mon/tasks/main.yml +++ b/roles/mon/tasks/main.yml @@ -2,16 +2,8 @@ ## Deploy Ceph monitor(s) # -- name: Generate monitor initial keyring - command: ceph-authtool -C foo --gen-print-key creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} - when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx - register: monitor_secret - -- set_fact: 'monitor_secret="{{ monitor_secret.stdout }}"' - when: ansible_hostname == hostvars[groups['mons'][0]]['ansible_hostname'] and cephx - - name: Create monitor initial keyring - command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ hostvars[groups['mons'][0]]['monitor_secret'] }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} + command: ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} - name: Set initial monitor key permissions file: path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} mode=0600 owner=root group=root -- 2.39.5