openstack
/
openstack-ansible-ceph_client
Code Issues Proposed changes
openstack-ansible-ceph_client/tasks/ceph_auth.yml

138 lines
4.0 KiB
YAML
Raw Blame History

---
# Copyright 2015, Serge van Ginderachter <serge@vanginderachter.be>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create cephkeys_access_group group
group:
name: "{{ cephkeys_access_group }}"
- name: Including ceph_get_keyrings_from_mons tasks
include_tasks: ceph_get_keyrings_from_mons.yml
when: ceph_keyrings_dir is not defined
- name: Including ceph_get_keyrings_from_files tasks
include_tasks: ceph_get_keyrings_from_files.yml
when: ceph_keyrings_dir is defined
- name: Add OpenStack service to cephkeys_access_group group
user:
name: "{{ openstack_service_system_user }}"
groups: "{{ cephkeys_access_group }}"
append: yes
notify:
- Restart os services
- name: Make sure libvirt is started
service:
name: "{{ libvirt_service_name }}"
state: "started"
when: inventory_hostname in groups.nova_compute
- name: Check if nova secret is defined in libvirt
shell: virsh secret-list|grep {{ nova_ceph_client_uuid }}
when:
- inventory_hostname in groups.nova_compute
changed_when: false
failed_when: false
register: libvirt_nova_defined
tags:
- always
- name: Provide xml file to create the secret
template:
src: secret.xml.j2
dest: /tmp/nova-secret.xml
mode: "0600"
with_items:
- secret_uuid: "{{ nova_ceph_client_uuid }}"
client_name: "{{ nova_ceph_client }}"
when:
- inventory_hostname in groups.nova_compute
- libvirt_nova_defined.rc is defined
- libvirt_nova_defined.rc != 0
tags:
- always
- name: Define libvirt nova secret
command: virsh secret-define --file /tmp/nova-secret.xml # noqa: no-changed-when
when:
- inventory_hostname in groups.nova_compute
- libvirt_nova_defined.rc is defined
- libvirt_nova_defined.rc != 0
notify:
- Restart os services
tags:
- always
- name: Check if nova secret value is set in libvirt
command: virsh secret-get-value {{ nova_ceph_client_uuid }}
when:
- inventory_hostname in groups.nova_compute
changed_when: false
failed_when: false
register: libvirt_nova_set
tags:
- always
- name: Set nova secret value in libvirt
command: virsh secret-set-value --secret {{ nova_ceph_client_uuid }} --base64 {{ ceph_nova_secret.stdout }}
changed_when: false
when:
- inventory_hostname in groups.nova_compute
- libvirt_nova_set.rc is defined
- libvirt_nova_set.rc != 0 or
(libvirt_nova_set.rc == 0 and
libvirt_nova_set.stdout != ceph_nova_secret.stdout)
notify:
- Restart os services
tags:
- ceph-config
- name: Remove libvirt nova secret file
file:
path: "/tmp/nova-secret.xml"
state: "absent"
when:
- inventory_hostname in groups.nova_compute and libvirt_nova_set
tags:
- always
- name: Detect correct group for extra auth
set_fact:
ceph_in_extra_auth_group: True
with_items: "{{ ceph_extra_auth_groups }}"
when:
- ceph_extra_confs is defined
- inventory_hostname in groups[item]
- name: Including ceph_auth_extra tasks
include_tasks: ceph_auth_extra.yml
when:
- ceph_in_extra_auth_group is defined
- ceph_in_extra_auth_group | bool
- name: Detect extra nova uuid secret
set_fact:
ceph_extra_nova_uuid: True
with_items: "{{ ceph_extra_confs | default([]) }}"
when:
- inventory_hostname in groups[ceph_extra_compute_group]
- item.secret_uuid is defined
- name: Including ceph_auth_extra_compute tasks
include_tasks: ceph_auth_extra_compute.yml
when:
- ceph_extra_nova_uuid is defined
- ceph_extra_nova_uuid | bool
View Git Blame Copy Permalink