--- # Copyright 2020 Red Hat, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - name: reset profiles string to avoid complex string manipulation set_fact: profiles: "" - name: build openstack client key block: - name: build openstack client profiles per pool set_fact: profiles: "{{ 'profile rbd pool='.join((profiles|default(''), (current+', '))) }}" vars: current: "{{ item.name }}" with_items: "{{ openstack_pools.openstack_pools }}" - name: set openstack client caps set_fact: osp_client_default_caps: {'mgr': 'allow *', 'mon': 'profile rbd'} - name: set openstack client osd(s) caps set_fact: osp_client_osd_caps: {'osd': "{{ profiles | regex_replace('\\, $', '') }}"} when: profiles|length > 0 - name: Combine caps set_fact: osp_client_caps: "{{ osp_client_default_caps | combine(osp_client_osd_caps|default({})) }}" - name: set openstack client key set_fact: client_key: [{'name': '{{ ".".join(("client", ceph_keys.openstack_client.name)) }}', 'key': '{{ ceph_keys.openstack_client.key }}', 'mode':'0600', 'caps': '{{ osp_client_caps }}'}] - name: build manila key for openstack vars: manila_caps: {"mgr": "allow *", "mon": "allow r, allow command 'auth del', allow command 'auth caps', allow command 'auth get', allow command 'auth get-or-create'", "mds": "allow *", "osd": "allow rw"} set_fact: manila_key: [{'name': '{{ ".".join(("client", ceph_keys.manila.name)) }}', 'key': '{{ ceph_keys.manila.key }}', 'mode': '0600', 'caps': '{{ manila_caps }}'}] when: - tripleo_enabled_services | intersect(['manila_api']) - name: build radosgw key for openstack vars: rgw_caps: {"mgr": "allow *", "mon": "allow rw", "osd": "allow rwx"} set_fact: rgw_key: [{'name': '{{ ".".join(("client", ceph_keys.radosgw.name)) }}', 'key': '{{ ceph_keys.radosgw.key }}', 'mode': '0600', 'caps': '{{ rgw_caps }}'}] when: - tripleo_enabled_services | intersect(['ceph_rgw']) - name: build the resulting keys set_fact: openstack_keys: "{ 'openstack_keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) + ceph_keys.extra_keys|default([]) }} }" keys: "{ 'keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) + ceph_keys.extra_keys|default([]) }} }"