keyring: use ceph_key module for get-or-create cmd

Instead of using ceph auth get-or-create command via the ansible command module then we can use the ceph_key module. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
ceph · Nov 2, 2020 · b02589a · b02589a
1 parent 59ecddc
commit b02589a
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 40 deletions.
diff --git a/roles/ceph-mds/tasks/non_containerized.yml b/roles/ceph-mds/tasks/non_containerized.yml
@@ -21,18 +21,20 @@
     - ansible_os_family in ['Suse', 'RedHat']
 
 - name: create mds keyring
-  command: ceph --cluster {{ cluster }} --name client.bootstrap-mds --keyring /var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring auth get-or-create mds.{{ ansible_hostname }} osd 'allow rwx' mds 'allow' mon 'allow profile mds' -o /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
-  args:
-    creates: /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
-  changed_when: false
-  when: cephx | bool
-
-- name: set mds key permissions
-  file:
-    path: /var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring
-    owner: "ceph"
-    group: "ceph"
-    mode: "0600"
+  ceph_key:
+    name: "mds.{{ ansible_hostname }}"
+    cluster: "{{ cluster }}"
+    user: client.bootstrap-mds
+    user_key: "/var/lib/ceph/bootstrap-mds/{{ cluster }}.keyring"
+    caps:
+      mon: "allow profile mds"
+      mds: "allow"
+      osd: "allow rwx"
+    dest: "/var/lib/ceph/mds/{{ cluster }}-{{ ansible_hostname }}/keyring"
+    import_key: false
+    owner: ceph
+    group: ceph
+    mode: "{{ ceph_keyring_permissions }}"
   when: cephx | bool
 
 - name: ensure systemd service override directory exists

diff --git a/roles/ceph-nfs/tasks/pre_requisite_non_container.yml b/roles/ceph-nfs/tasks/pre_requisite_non_container.yml
@@ -79,14 +79,16 @@
       when: nfs_obj_gw | bool
       block:
         - name: create rados gateway keyring
-          command: ceph --cluster {{ cluster }} --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring auth get-or-create client.rgw.{{ ansible_hostname }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
-          args:
-            creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
-          changed_when: false
-
-        - name: set rados gateway key permissions
-          file:
-            path: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring
-            owner: "ceph"
-            group: "ceph"
-            mode: "0600"
+          ceph_key:
+            name: "client.rgw.{{ ansible_hostname }}"
+            cluster: "{{ cluster }}"
+            user: client.bootstrap-rgw
+            user_key: "/var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring"
+            caps:
+              mon: "allow rw"
+              osd: "allow rwx"
+            dest: "/var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}/keyring"
+            import_key: false
+            owner: ceph
+            group: ceph
+            mode: "{{ ceph_keyring_permissions }}"
diff --git a/roles/ceph-rbd-mirror/tasks/common.yml b/roles/ceph-rbd-mirror/tasks/common.yml
@@ -31,22 +31,17 @@
     - item.item.copy_key | bool
 
 - name: create rbd-mirror keyring
-  command: >
-    ceph --cluster {{ cluster }}
-    --name client.bootstrap-rbd-mirror
-    --keyring /var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring
-    auth get-or-create client.rbd-mirror.{{ ansible_hostname }}
-    mon 'profile rbd-mirror'
-    osd 'profile rbd'
-    -o /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
-  args:
-    creates: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
-  when: not containerized_deployment | bool
-
-- name: set rbd-mirror key permissions
-  file:
-    path: /etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring
-    owner: "ceph"
-    group: "ceph"
+  ceph_key:
+    name: "client.rbd-mirror.{{ ansible_hostname }}"
+    cluster: "{{ cluster }}"
+    user: client.bootstrap-rbd-mirror
+    user_key: "/var/lib/ceph/bootstrap-rbd-mirror/{{ cluster }}.keyring"
+    caps:
+      mon: "profile rbd-mirror"
+      osd: "profile rbd"
+    dest: "/etc/ceph/{{ cluster }}.client.rbd-mirror.{{ ansible_hostname }}.keyring"
+    import_key: false
+    owner: ceph
+    group: ceph
     mode: "{{ ceph_keyring_permissions }}"
   when: not containerized_deployment | bool