62 lines
2.2 KiB
YAML
62 lines
2.2 KiB
YAML
---
|
|
# Copyright 2015, Serge van Ginderachter <serge@vanginderachter.be>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Ceph client keyrings
|
|
|
|
- name: From files | Retrieve keyrings for openstack clients
|
|
set_fact:
|
|
ceph_client_keys: |-
|
|
{% set _keys = {} %}
|
|
{% for client in ceph_client_filtered_clients %}
|
|
{% set _ = _keys.update({
|
|
client: lookup('file', ceph_keyrings_dir ~ '/' ~ client['name'] ~ '.keyring')
|
|
})
|
|
%}
|
|
{% endfor %}
|
|
{{ _keys }}
|
|
changed_when: false
|
|
delegate_facts: False
|
|
delegate_to: localhost
|
|
tags:
|
|
- ceph-config
|
|
- always
|
|
|
|
- name: From files | Provision ceph client keyrings
|
|
copy:
|
|
dest: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item['name'] }}.keyring"
|
|
content: "{{ ceph_client_keys[item['name']] }}\n" # noqa 206
|
|
owner: "{{ client['owner'] | default('root') }}"
|
|
group: "{{ client['group'] | default(cephkeys_access_group) }}"
|
|
# ideally the permission will be: 0600 and the owner/group will be either
|
|
# glance , nova or cinder. For keys that require access by different users
|
|
# (the cinder one) we should probably create a group 'cephkeys' and add
|
|
# nova/cinder to it.
|
|
# If I'm correct, the use case for multiple users is on the computre nodes,
|
|
# access needed by users libvirt-qemu and nova
|
|
mode: "{{ client['mode'] | default ('0640') }}"
|
|
with_items: "{{ ceph_client_filtered_clients }}"
|
|
notify:
|
|
- Restart os services
|
|
|
|
- name: From file | Retrieve nova secret
|
|
set_fact :
|
|
ceph_nova_secret:
|
|
stdout: "{{ (ceph_client_keys[nova_ceph_client] | regex_search('.*^\\s*key\\s*=\\s*(.*)$.*', '\\1', multiline=True))[0] }}"
|
|
when:
|
|
- inventory_hostname in groups.nova_compute
|
|
delegate_to: localhost
|
|
tags:
|
|
- always
|