bunch of work on the radosgw (mid-project)

94348518 · Karl Grube · 2cb38aea · 94348518 · 94348518 · 94348518
Commit 94348518 authored 1 year ago by Karl Grube
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+
+- name: restart radosgw
+  service:
+    name: radosgw
+    state: restarted
--- a/tasks/all.yml
+++ b/tasks/all.yml
@@ -4,4 +4,28 @@
  command: /usr/bin/ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring
  args:
    creates: /etc/ceph/ceph.client.radosgw.keyring
+  tags: ceph_key
+- name: ceph_conf
+  template:
+    src: ceph_conf.j2
+    dest: /etc/ceph/ceph.conf
+  notify: restart radosgw
+  tags: ceph_key

+- name: slurp keyring
+  slurp:
+    src: '/etc/ceph/ceph.client.radosgw.keyring'
+  register: ceph_keyring_slurp
+  tags: ceph_key
+
+- name: create my ceph key
+  command: 'ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.{{inventory_hostname}} --gen-key'
+  when: (ceph_keyring_slurp['content'] | b64decode) == ''
+  notify: restart radosgw
+  tags: ceph_key
+
+- name: 'slurp keyring (again)'
+  slurp:
+    src: '/etc/ceph/ceph.client.radosgw.keyring'
+  register: ceph_keyring_slurp
+  tags: ceph_key
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,3 +9,8 @@
 - include_tasks: "{{ansible_os_family|lower}}.yml"

 - import_tasks: all.yml
+
+- include_tasks: monitors.yml
+  with_items: "{{ ceph_mon }}"
+  loop_control:
+    loop_var: ceph_monitor
--- a/tasks/monitors.yml
+++ b/tasks/monitors.yml
+---
+
+- name: add key
+  template:
+    src: remote_keyring.j2
+    dest: "/etc/ceph/ceph.client.radosgw.{{inventory_hostname}}.keyring"
+    mode: 0600
+    owner: root
+    group: root
+  delegate_to: "{{ceph_monitor}}"
+
+- name: get current keys
+  command: 'ceph -k /etc/ceph/ceph.client.admin.keyring auth ls'
+  changed_when: False
+  register: monitor_keys
+  delegate_to: "{{ceph_monitor}}"
+
+- name: add my key
+  command: 'ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.{{inventory_hostname}} -i /etc/ceph/ceph.client.radosgw.{{inventory_hostname}}.keyring'
+  when: ((ceph_keyring_slurp['content'] | b64decode)|regex_replace('\n$','')) not in (monitor_keys['content'] | b64decode)
+  delegate_to: "{{ceph_monitor}}"
+
+
--- a/templates/ceph_conf.j2
+++ b/templates/ceph_conf.j2
+[global]
+         auth_client_required = cephx
+         auth_cluster_required = cephx
+         auth_service_required = cephx
+         fsid = {{ ceph_fsid }}
+         mon_allow_pool_delete = true
+         mon_host = {% for host in ceph_mon %}{{host}} {% endfor %}
+
+[client]
+         keyring = /etc/ceph/ceph.client.radosgw.keyring
--- a/templates/remote_keyring.j2
+++ b/templates/remote_keyring.j2
+{{(ceph_keyring_slurp['content'] | b64decode)|regex_replace('\n$','')}}
+        caps mon = "allow rwx"
+        caps osd = "allow rwx"