8c1e7061f8
Ceph can function just fine generating the keys before the pools have been created so we can apply the proper permissions to the auth string ahead of time. This allows us to not require additional steps to add a cache tier on the fly in the future. Change-Id: I8214c567fb7c337f95d908c5699d1da922bfa1a6 Closes-Bug: #1518475
57 lines
2.3 KiB
YAML
57 lines
2.3 KiB
YAML
---
|
|
- name: Ensuring config directory exists
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item }}"
|
|
state: "directory"
|
|
with_items:
|
|
- "cinder-volume"
|
|
- "cinder-backup"
|
|
when: inventory_hostname in groups['cinder-volume']
|
|
|
|
- name: Copying over config(s)
|
|
template:
|
|
src: roles/ceph/templates/ceph.conf.j2
|
|
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
|
|
with_items:
|
|
- "cinder-volume"
|
|
- "cinder-backup"
|
|
when: inventory_hostname in groups['cinder-volume']
|
|
|
|
- include: ../../ceph_pools.yml
|
|
vars:
|
|
pool_name: "{{ cinder_pool_name }}"
|
|
pool_type: "{{ cinder_pool_type }}"
|
|
cache_mode: "{{ cinder_cache_mode }}"
|
|
|
|
- include: ../../ceph_pools.yml
|
|
vars:
|
|
pool_name: "{{ cinder_backup_pool_name }}"
|
|
pool_type: "{{ cinder_backup_pool_type }}"
|
|
cache_mode: "{{ cinder_backup_cache_mode }}"
|
|
|
|
# TODO(SamYaple): Improve changed_when tests
|
|
- name: Pulling cephx keyring for cinder
|
|
command: docker exec ceph_mon ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_pool_name }}, allow rwx pool={{ ceph_cinder_pool_name }}-cache, allow rwx pool={{ ceph_nova_pool_name }}, allow rwx pool={{ ceph_nova_pool_name }}-cache, allow rx pool={{ ceph_glance_pool_name }}, allow rx pool={{ ceph_glance_pool_name }}-cache'
|
|
register: cephx_key_cinder
|
|
delegate_to: "{{ groups['ceph-mon'][0] }}"
|
|
changed_when: False
|
|
run_once: True
|
|
|
|
# TODO(SamYaple): Improve changed_when tests
|
|
- name: Pulling cephx keyring for cinder-backup
|
|
command: docker exec ceph_mon ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool={{ ceph_cinder_backup_pool_name }}, allow rwx pool={{ ceph_cinder_backup_pool_name }}-cache'
|
|
register: cephx_key_cinder_backup
|
|
delegate_to: "{{ groups['ceph-mon'][0] }}"
|
|
changed_when: False
|
|
run_once: True
|
|
|
|
- name: Pushing cephx keyring
|
|
copy:
|
|
content: "{{ item.content }}\n\r"
|
|
dest: "{{ node_config_directory }}/{{ item.service_name }}/ceph.client.{{ item.key_name }}.keyring"
|
|
mode: "0600"
|
|
with_items:
|
|
- { service_name: "cinder-volume", key_name: "cinder", content: "{{ cephx_key_cinder.stdout }}" }
|
|
- { service_name: "cinder-backup", key_name: "cinder-backup", content: "{{ cephx_key_cinder_backup.stdout }}" }
|
|
when: inventory_hostname in groups['cinder-volume']
|