X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=playbooks%2Fset_keyring_owners.yml;fp=playbooks%2Fset_keyring_owners.yml;h=66b7b85ec23f621b767187f34e2816fa8f380e90;hb=74a49ba6ef2ea715fa492db0bcd85c30398688e8;hp=0000000000000000000000000000000000000000;hpb=a936af362724cca0c5dc2c424902d398f9833410;p=ta%2Finfra-ansible.git diff --git a/playbooks/set_keyring_owners.yml b/playbooks/set_keyring_owners.yml new file mode 100644 index 0000000..66b7b85 --- /dev/null +++ b/playbooks/set_keyring_owners.yml @@ -0,0 +1,61 @@ +--- + +# Copyright 2019 Nokia + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Set keyrings owners for controller + hosts: controller + become: yes + become_method: sudo + become_user: root + gather_facts: no + vars: + cephkeys_access_group: "cephkeys" + tasks: + - name: Create cephkeys_access_group group + group: + name: "{{ cephkeys_access_group }}" + when: (ceph_configured | default(False)) + - name: set keyrings owner + file: + path: "/etc/ceph/ceph.client.{{ item }}.keyring" + owner: "{{ item }}" + group: "{{ cephkeys_access_group }}" + mode: 0640 + with_items: + - glance + - cinder + when: (ceph_configured | default(False)) + +- name: Set keyrings owners for caas_master + hosts: caas_master + become: yes + become_method: sudo + become_user: root + gather_facts: no + vars: + cephkeys_access_group: "cephkeys" + tasks: + - name: Create cephkeys_access_group group + group: + name: "{{ cephkeys_access_group }}" + when: (ceph_configured | default(False)) + - name: set keyrings owner + file: + path: "/etc/ceph/ceph.client.caas.keyring" + # TODO: Probably CaaS should have an own user + owner: "{{ users.admin_user_name }}" + group: "{{ cephkeys_access_group }}" + mode: 0640 + when: (ceph_configured | default(False))