---
# Copyright 2015, Serge van Ginderachter <serge@vanginderachter.be>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

## Ceph client keyrings

- name: From files | Retrieve keyrings for openstack clients
  set_fact:
    ceph_client_keys: |-
      {% set _keys = {} %}
      {% for client in ceph_client_filtered_clients %}
      {%   set _ = _keys.update({
              client['name']: lookup('file', ceph_keyrings_dir ~ '/' ~ client['name'] ~ '.keyring')
          })
      %}
      {% endfor %}
      {{ _keys }}
  changed_when: false
  delegate_facts: False
  delegate_to: localhost
  tags:
    - ceph-config
    - always

- name: From files | Provision ceph client keyrings
  copy:
    dest: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item['name'] }}.keyring"
    content: |
      {{ ceph_client_keys[item['name']] }}
    owner: "{{ client['owner'] | default('root') }}"
    group: "{{ client['group'] | default(cephkeys_access_group) }}"
    # ideally the permission will be: 0600 and the owner/group will be either
    # glance , nova or cinder. For keys that require access by different users
    # (the cinder one) we should probably create a group 'cephkeys' and add
    # nova/cinder to it.
    # If I'm correct, the use case for multiple users is on the computre nodes,
    # access needed by users libvirt-qemu and nova
    mode: "{{ client['mode'] | default('0640') }}"
  with_items: "{{ ceph_client_filtered_clients }}"
  notify:
    - Restart os services

- name: From file | Retrieve nova secret
  set_fact:
    ceph_nova_secret:
      stdout: "{{ (ceph_client_keys[nova_ceph_client] | regex_search('.*^\\s*key\\s*=\\s*(.*)$.*', '\\1', multiline=True))[0] }}"
  when:
    - inventory_hostname in groups.nova_compute
    - nova_ceph_client in ceph_client_filtered_clients | map(attribute='name') | list
  delegate_to: localhost
  tags:
    - always