Try SpotterManage Cephx key(s)
| "added in version" 1.4.0 of stackhpc.cephadm"
Authors: Sebastien Han <seb@redhat.com> Michal Nasiadka <michal@stackhpc.com>
Install with ansible-galaxy collection install stackhpc.cephadm:==1.15.1
collections:
- name: stackhpc.cephadm
version: 1.15.1Manage CephX creation, deletion and updates. It can also list and get information about keyring(s).
- name: create cephx key
ceph_key:
name: "{{ item.name }}"
state: present
caps: "{{ item.caps }}"
with_items: "{{ keys_to_create }}"
- name: create cephx key but don't import it in Ceph
ceph_key:
name: "{{ item.name }}"
state: present
caps: "{{ item.caps }}"
import_key: false
with_items: "{{ keys_to_create }}"
- name: delete cephx key
ceph_key:
name: "my_key"
state: absent
- name: info cephx key
ceph_key:
name: "my_key"
state: info
- name: info cephx admin key (plain)
ceph_key:
name: client.admin
output_format: plain
state: info
register: client_admin_key
- name: list cephx keys
ceph_key:
state: list
caps:
default: {}
description:
- CephX key capabilities
required: false
type: dict
dest:
default: /etc/ceph/
description:
- destination directory to save key
required: false
type: str
mode:
description:
- File permission mode
required: false
type: raw
name:
description:
- name of the CephX key
required: false
type: str
group:
description:
- Group name for file ownership
required: false
type: str
owner:
description:
- File owner
required: false
type: str
state:
choices:
- present
- update
- absent
- list
- info
- fetch_initial_keys
- generate_secret
default: present
description:
- If 'present' is used, the module creates a keyring with the associated capabilities.
If 'present' is used and a secret is provided the module will always add the key.
Which means it will update the keyring if the secret changes, the same goes for
the capabilities. If 'absent' is used, the module will simply delete the keyring.
If 'list' is used, the module will list all the keys and will return a json output.
If 'info' is used, the module will return in a json format the description of a
given keyring. If 'generate_secret' is used, the module will simply output a cephx
keyring.
required: false
type: str
secret:
default: ''
description:
- keyring's secret value
required: false
type: str
serole:
description:
- SELinux role
required: false
type: str
setype:
description:
- SELinux type
required: false
type: str
seuser:
description:
- SELinux user
required: false
type: str
selevel:
description:
- SELinux level
required: false
type: str
attributes:
aliases:
- attr
description:
- File attributes
required: false
type: str
import_key:
default: true
description:
- Whether or not to import the created keyring into Ceph. This can be useful for someone
that only wants to generate keyrings but not add them into Ceph.
required: false
type: bool
output_format:
choices:
- json
- plain
- xml
- yaml
default: json
description:
- The key output format when retrieving the information of an entity.
required: false
type: str
unsafe_writes:
default: false
description:
- Enable unsafe writes
required: false
type: bool