72 lines
2.9 KiB
YAML
72 lines
2.9 KiB
YAML
---
|
|
# Copyright 2020 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: reset profiles string to avoid complex string manipulation
|
|
set_fact:
|
|
profiles: ""
|
|
|
|
- name: build openstack client key
|
|
block:
|
|
- name: build openstack client profiles per pool
|
|
set_fact:
|
|
profiles: "{{ 'profile rbd pool='.join((profiles|default(''), (current+', '))) }}"
|
|
vars:
|
|
current: "{{ item.name }}"
|
|
with_items: "{{ openstack_pools.openstack_pools }}"
|
|
|
|
- name: set openstack client caps
|
|
set_fact:
|
|
osp_client_default_caps: {'mgr': 'allow *', 'mon': 'profile rbd'}
|
|
|
|
- name: set openstack client osd(s) caps
|
|
set_fact:
|
|
osp_client_osd_caps: {'osd': "{{ profiles | regex_replace('\\, $', '') }}"}
|
|
when: profiles|length > 0
|
|
|
|
- name: Combine caps
|
|
set_fact:
|
|
osp_client_caps: "{{ osp_client_default_caps | combine(osp_client_osd_caps|default({})) }}"
|
|
|
|
- name: set openstack client key
|
|
set_fact:
|
|
client_key: [{'name': '{{ ".".join(("client", ceph_keys.openstack_client.name)) }}',
|
|
'key': '{{ ceph_keys.openstack_client.key }}', 'mode':'0600', 'caps': '{{ osp_client_caps }}'}]
|
|
|
|
- name: build manila key for openstack
|
|
vars:
|
|
manila_caps: {"mgr": "allow *", "mon": "allow r, allow command 'auth del', allow command 'auth caps',
|
|
allow command 'auth get', allow command 'auth get-or-create'", "mds": "allow *", "osd": "allow rw"}
|
|
set_fact:
|
|
manila_key: [{'name': '{{ ".".join(("client", ceph_keys.manila.name)) }}', 'key': '{{ ceph_keys.manila.key }}',
|
|
'mode': '0600', 'caps': '{{ manila_caps }}'}]
|
|
when:
|
|
- tripleo_enabled_services | intersect(['manila_api'])
|
|
|
|
- name: build radosgw key for openstack
|
|
vars:
|
|
rgw_caps: {"mgr": "allow *", "mon": "allow rw", "osd": "allow rwx"}
|
|
set_fact:
|
|
rgw_key: [{'name': '{{ ".".join(("client", ceph_keys.radosgw.name)) }}', 'key': '{{ ceph_keys.radosgw.key }}',
|
|
'mode': '0600', 'caps': '{{ rgw_caps }}'}]
|
|
when:
|
|
- tripleo_enabled_services | intersect(['ceph_rgw'])
|
|
|
|
- name: build the resulting keys
|
|
set_fact:
|
|
openstack_keys: "{ 'openstack_keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) +
|
|
ceph_keys.extra_keys|default([]) }} }"
|
|
keys: "{ 'keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) + ceph_keys.extra_keys|default([]) }} }"
|