From cfe8e51d992b820de7be12604c4430e7ba18c4c5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Fri, 20 Apr 2018 16:37:05 +0200 Subject: [PATCH] mon/client: apply mode from ceph_key MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Do not use a dedicated task for this but use the ceph_key module capability to set file mode. Signed-off-by: Sébastien Han --- roles/ceph-client/tasks/create_users_keys.yml | 12 ++------- roles/ceph-mon/tasks/openstack_config.yml | 26 ++----------------- 2 files changed, 4 insertions(+), 34 deletions(-) diff --git a/roles/ceph-client/tasks/create_users_keys.yml b/roles/ceph-client/tasks/create_users_keys.yml index f31610621..d7b79bb9b 100644 --- a/roles/ceph-client/tasks/create_users_keys.yml +++ b/roles/ceph-client/tasks/create_users_keys.yml @@ -41,7 +41,8 @@ containerized: "{{ docker_exec_client_cmd | default('') }}" cluster: "{{ cluster }}" dest: "{{ ceph_conf_key_directory }}" - import_key: "{{ copy_admin_key }}" # if the admin key is copied we assume the user wants to import the key in Ceph not only create it + import_key: "{{ copy_admin_key }}" + mode: "{{ item.mode|default(omit) }}" with_items: "{{ keys }}" run_once: true when: @@ -97,15 +98,6 @@ - not item.get('skipped', False) - not inventory_hostname == groups.get(client_group_name, []) | first -- name: chmod cephx key(s) - file: - path: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.name }}.keyring" - mode: "{{ item.mode|default(omit) }}" # if mode not in list, uses mode from ps umask - with_items: "{{ keys }}" - when: - - cephx - - keys | length > 0 - - name: setfacl for cephx key(s) acl: path: "{{ ceph_conf_key_directory }}/{{ cluster }}.{{ item.0.name }}.keyring" diff --git a/roles/ceph-mon/tasks/openstack_config.yml b/roles/ceph-mon/tasks/openstack_config.yml index 72152ea01..78cf13ff9 100644 --- a/roles/ceph-mon/tasks/openstack_config.yml +++ b/roles/ceph-mon/tasks/openstack_config.yml @@ -29,6 +29,7 @@ secret: "{{ item.key | default('') }}" containerized: "{{ docker_exec_cmd | default(False) }}" cluster: "{{ cluster }}" + mode: "{{ item.mode|default(omit) }}" with_items: "{{ openstack_keys }}" when: cephx @@ -50,27 +51,4 @@ when: - cephx - openstack_config - - item.0 != groups[mon_group_name] | last - -- name: chmod openstack cephx key(s) on the other mons and this mon - file: - path: "/etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" - mode: "{{ item.1.mode|default(omit) }}" # if mode not in list, uses mode from ps umask - with_nested: - - "{{ groups[mon_group_name] }}" - - "{{ openstack_keys }}" - delegate_to: "{{ item.0 }}" - when: - - openstack_config - - cephx - -- name: setfacl for openstack cephx key(s) on the other mons and this mon - command: "setfacl -m {{ item.1.acls | join(',') }} /etc/ceph/{{ cluster }}.{{ item.1.name }}.keyring" - with_nested: - - "{{ groups[mon_group_name] }}" - - "{{ openstack_keys }}" - delegate_to: "{{ item.0 }}" - when: - - item.1.get('acls', []) | length > 0 - - openstack_config - - cephx + - item.0 != groups[mon_group_name] | last \ No newline at end of file -- 2.39.5