From a7bba850276e01f30463a788d497432b472bb610 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Thu, 13 Nov 2014 15:38:10 +0100 Subject: [PATCH] Fix autogen UUID and add auto gen monitor key MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This fixes the UUID auto generation and introduces the monitor key auto generation. Signed-off-by: Sébastien Han --- .gitignore | 2 +- Vagrantfile | 5 ----- roles/ceph-common/tasks/main.yml | 8 ++++++-- roles/ceph-mon/tasks/deploy_monitors.yml | 17 ++++++++++++++--- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 98550a81c..07573a658 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ .vagrant *.vdi *.keyring -fetch/4a158d27-f750-41d5-9e7f-26ce4c9d2d45 +fetch/* diff --git a/Vagrantfile b/Vagrantfile index e4461b5c6..7880ec6fd 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -21,11 +21,6 @@ ansible_provision = proc do |ansible| 'rgws' => (0..NRGWS - 1).map { |j| "rgw#{j}" } } - # In a production deployment, these should be secret - ansible.extra_vars = { - fsid: '4a158d27-f750-41d5-9e7f-26ce4c9d2d45', - monitor_secret: 'AQAWqilTCDh7CBAAawXt6kyTgLFCxSvJhTEmuw==' - } ansible.limit = 'all' end diff --git a/roles/ceph-common/tasks/main.yml b/roles/ceph-common/tasks/main.yml index 3567dc30a..86961fd01 100644 --- a/roles/ceph-common/tasks/main.yml +++ b/roles/ceph-common/tasks/main.yml @@ -23,11 +23,15 @@ register: socket - name: Generate cluster UUID - shell: "uuidgen | tee /etc/ceph/ceph_cluster_uuid.conf" creates=/etc/ceph/ceph_cluster_uuid.conf + shell: uuidgen | tee fetch/ceph_cluster_uuid.conf creates=fetch/ceph_cluster_uuid.conf + connection: local + sudo: false register: cluster_uuid - name: Read cluster UUID if it already exists - command: cat /etc/ceph/ceph_cluster_uuid.conf removes=/etc/ceph/ceph_cluster_uuid.conf + command: cat fetch/ceph_cluster_uuid.conf removes=fetch/ceph_cluster_uuid.conf + connection: local + sudo: false register: cluster_uuid - name: Generate Ceph configuration file diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml index 18edf5374..2227963b5 100644 --- a/roles/ceph-mon/tasks/deploy_monitors.yml +++ b/roles/ceph-mon/tasks/deploy_monitors.yml @@ -1,13 +1,24 @@ --- +- name: Create monitor secret + shell: ceph-authtool --gen-print-key | tee /etc/ceph/ceph_monitor_secret.conf creates=/etc/ceph/ceph_monitor_secret.conf + register: monitor_secret + +- name: Read monitor secret if it already exists + command: cat /etc/ceph/ceph_monitor_secret.conf removes=/etc/ceph/ceph_monitor_secret.conf + register: monitor_secret + - name: Create monitor initial keyring - command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}" + command: "ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret.stdout }} --cap mon 'allow *' creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}" - name: Set initial monitor key permissions file: > - path=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} - mode=0600 + path={{ item }} + mode=0400 owner=root group=root + with_items: + - /etc/ceph/ceph_monitor_secret.conf + - /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} - name: Create monitor directory file: > -- 2.39.5