+---
+
+# Copyright 2019 Nokia
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set keyrings owners for controller
+ hosts: controller
+ become: yes
+ become_method: sudo
+ become_user: root
+ gather_facts: no
+ vars:
+ cephkeys_access_group: "cephkeys"
+ tasks:
+ - name: Create cephkeys_access_group group
+ group:
+ name: "{{ cephkeys_access_group }}"
+ when: (ceph_configured | default(False))
+ - name: set keyrings owner
+ file:
+ path: "/etc/ceph/ceph.client.{{ item }}.keyring"
+ owner: "{{ item }}"
+ group: "{{ cephkeys_access_group }}"
+ mode: 0640
+ with_items:
+ - glance
+ - cinder
+ when: (ceph_configured | default(False))
+
+- name: Set keyrings owners for caas_master
+ hosts: caas_master
+ become: yes
+ become_method: sudo
+ become_user: root
+ gather_facts: no
+ vars:
+ cephkeys_access_group: "cephkeys"
+ tasks:
+ - name: Create cephkeys_access_group group
+ group:
+ name: "{{ cephkeys_access_group }}"
+ when: (ceph_configured | default(False))
+ - name: set keyrings owner
+ file:
+ path: "/etc/ceph/ceph.client.caas.keyring"
+ # TODO: Probably CaaS should have an own user
+ owner: "{{ users.admin_user_name }}"
+ group: "{{ cephkeys_access_group }}"
+ mode: 0640
+ when: (ceph_configured | default(False))