From dca1534ee6718094936c77d0f19d271f723cacf7 Mon Sep 17 00:00:00 2001
From: Jukka Nousiainen <jukka.nousiainen@csc.fi>
Date: Wed, 2 Dec 2020 11:07:25 +0200
Subject: [PATCH] ceph-mon: No become during gen mon initial keyring

Since the backing generate_secret() just hands out urandom output,
running as privileged doesn't seem to be required. It's not
desireable to provide sudo in some Ansible runner environments.

Signed-off-by: Jukka Nousiainen <jukka.nousiainen@csc.fi>
(cherry picked from commit eb7473491b25c5f899a110f6ae1076ef5096d6d5)
---
 roles/ceph-mon/tasks/deploy_monitors.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 81eb2f64c..ef057f96b 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -19,6 +19,7 @@
     state: generate_secret
   register: monitor_keyring
   delegate_to: localhost
+  become: false
   run_once: true
   when:
     - initial_mon_key.skipped is defined
-- 
2.47.3