Initial commit

[ta/infra-ansible.git] / playbooks / set_keyring_owners.yml

---

# Copyright 2019 Nokia

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Set keyrings owners for controller
  hosts: controller
  become: yes
  become_method: sudo
  become_user: root
  gather_facts: no
  vars:
    cephkeys_access_group: "cephkeys"
  tasks:
  - name: Create cephkeys_access_group group
    group:
      name: "{{ cephkeys_access_group }}"
    when: (ceph_configured | default(False))
  - name: set keyrings owner
    file:
      path: "/etc/ceph/ceph.client.{{ item }}.keyring"
      owner: "{{ item }}"
      group: "{{ cephkeys_access_group }}"
      mode: 0640
    with_items:
      - glance
      - cinder
    when: (ceph_configured | default(False))

- name: Set keyrings owners for caas_master
  hosts: caas_master
  become: yes
  become_method: sudo
  become_user: root
  gather_facts: no
  vars:
    cephkeys_access_group: "cephkeys"
  tasks:
  - name: Create cephkeys_access_group group
    group:
      name: "{{ cephkeys_access_group }}"
    when: (ceph_configured | default(False))
  - name: set keyrings owner
    file:
      path: "/etc/ceph/ceph.client.caas.keyring"
      # TODO: Probably CaaS should have an own user
      owner: "{{ users.admin_user_name }}"
      group: "{{ cephkeys_access_group }}"
      mode: 0640
    when: (ceph_configured | default(False))