)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"e2f5adc239e429304b4c4682b4ab95efd6812c1b","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Importing keyrings from files rather than from mons"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This change permit users to specify a directory where are their keyrings."},{"line_number":10,"context_line":"It is usefull when openstack-ansible have no ssh access to he ceph"},{"line_number":11,"context_line":"cluster."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"7faddb67_15587ef8","line":9,"range":{"start_line":9,"start_character":12,"end_line":9,"end_character":18},"updated":"2019-07-22 08:01:51.000000000","message":"permits","commit_id":"12b2a1ee6996eb57ad98d658919f20db4e98518c"},{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"e2f5adc239e429304b4c4682b4ab95efd6812c1b","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Importing keyrings from files rather than from mons"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This change permit users to specify a directory where are their keyrings."},{"line_number":10,"context_line":"It is usefull when openstack-ansible have no ssh access to he ceph"},{"line_number":11,"context_line":"cluster."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"7faddb67_f56e0295","line":9,"range":{"start_line":9,"start_character":54,"end_line":9,"end_character":72},"updated":"2019-07-22 08:01:51.000000000","message":"the keyrings are located.","commit_id":"12b2a1ee6996eb57ad98d658919f20db4e98518c"},{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"e2f5adc239e429304b4c4682b4ab95efd6812c1b","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Importing keyrings from files rather than from mons"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This change permit users to specify a directory where are their keyrings."},{"line_number":10,"context_line":"It is usefull when openstack-ansible have no ssh access to he ceph"},{"line_number":11,"context_line":"cluster."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Change-Id: I6693a7f9d0bc7fe1e20eee53a96de8df8985e148"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"7faddb67_550356bf","line":10,"range":{"start_line":10,"start_character":59,"end_line":10,"end_character":61},"updated":"2019-07-22 08:01:51.000000000","message":"the","commit_id":"12b2a1ee6996eb57ad98d658919f20db4e98518c"},{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"e2f5adc239e429304b4c4682b4ab95efd6812c1b","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Importing keyrings from files rather than from mons"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This change permit users to specify a directory where are their keyrings."},{"line_number":10,"context_line":"It is usefull when openstack-ansible have no ssh access to he ceph"},{"line_number":11,"context_line":"cluster."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Change-Id: I6693a7f9d0bc7fe1e20eee53a96de8df8985e148"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"7faddb67_b5688a87","line":10,"range":{"start_line":10,"start_character":6,"end_line":10,"end_character":13},"updated":"2019-07-22 08:01:51.000000000","message":"useful","commit_id":"12b2a1ee6996eb57ad98d658919f20db4e98518c"}],"defaults/main.yml":[{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"e2f5adc239e429304b4c4682b4ab95efd6812c1b","unresolved":false,"context_lines":[{"line_number":64,"context_line":"# Leave this variable (ceph_keyrings_dir) empty to obtain keyrings from the monitors defined in ceph_mons"},{"line_number":65,"context_line":"# If you want to provide keyrings from existing files, because you do not have ssh access to the monitors"},{"line_number":66,"context_line":"# set the path to the repository containing the keyrings files."},{"line_number":67,"context_line":"# ie : ceph_keyrings_dir: /etc/openstack_deploy/ceph-conf "},{"line_number":68,"context_line":"# The files names inside the keyring directory must look like client-name.keyring."},{"line_number":69,"context_line":"# ie: /etc/openstack_deploy/ceph-conf"},{"line_number":70,"context_line":"# cinder.keyring"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"7faddb67_15071e1b","line":67,"range":{"start_line":67,"start_character":57,"end_line":67,"end_character":58},"updated":"2019-07-22 08:01:51.000000000","message":"remove this space please","commit_id":"12b2a1ee6996eb57ad98d658919f20db4e98518c"},{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"e2f5adc239e429304b4c4682b4ab95efd6812c1b","unresolved":false,"context_lines":[{"line_number":65,"context_line":"# If you want to provide keyrings from existing files, because you do not have ssh access to the monitors"},{"line_number":66,"context_line":"# set the path to the repository containing the keyrings files."},{"line_number":67,"context_line":"# ie : ceph_keyrings_dir: /etc/openstack_deploy/ceph-conf "},{"line_number":68,"context_line":"# The files names inside the keyring directory must look like client-name.keyring."},{"line_number":69,"context_line":"# ie: /etc/openstack_deploy/ceph-conf"},{"line_number":70,"context_line":"# cinder.keyring"},{"line_number":71,"context_line":"# glance.keyring"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"7faddb67_b5172a46","line":68,"range":{"start_line":68,"start_character":6,"end_line":68,"end_character":17},"updated":"2019-07-22 08:01:51.000000000","message":"The filenames inside the keyring directory must be in the structure of client-name.keyring","commit_id":"12b2a1ee6996eb57ad98d658919f20db4e98518c"},{"author":{"_account_id":17068,"name":"Jean-Philippe Evrard","email":"openstack@a.spamming.party","username":"evrardjp"},"change_message_id":"a6663be0c36e59afffc921a185f36d608cd4354d","unresolved":false,"context_lines":[{"line_number":70,"context_line":"# cinder.keyring"},{"line_number":71,"context_line":"# glance.keyring"},{"line_number":72,"context_line":"# etc.."},{"line_number":73,"context_line":"ceph_keyrings_dir: \"\""},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"# Ceph client usernames for glance, cinder+nova and gnocchi"},{"line_number":76,"context_line":"glance_ceph_client: glance"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_cd675651","line":73,"range":{"start_line":73,"start_character":0,"end_line":73,"end_character":21},"updated":"2019-07-29 08:12:35.000000000","message":"I would set a default location for the keyring, and then lookup for files (fileglob) inside the default folder.","commit_id":"37d6da65b8bbaf93135be3bd8280079eba8a9e8f"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"dba17ee8eb00cd0b5e1dc9fcd4b49e449bdc6d93","unresolved":false,"context_lines":[{"line_number":63,"context_line":"# Path to local keyrings directory"},{"line_number":64,"context_line":"# If you want to provide keyrings from existing files, because you do not have ssh access to the monitors"},{"line_number":65,"context_line":"# set the path to the repository containing the keyrings files."},{"line_number":66,"context_line":"# ie : ceph_keyrings_dir: /etc/openstack_deploy/ceph-conf"},{"line_number":67,"context_line":"# The filenames inside the keyring directory must be in the structure of client-name.keyring"},{"line_number":68,"context_line":"# ie: /etc/openstack_deploy/ceph-conf"},{"line_number":69,"context_line":"# cinder.keyring"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"7faddb67_f3cd85b7","line":66,"range":{"start_line":66,"start_character":26,"end_line":66,"end_character":57},"updated":"2019-08-26 16:50:24.000000000","message":"nit: this dir contains ceph keys, not ceph config so the name is a bit misleading","commit_id":"5b7031b9be401a2a4f6371601393ce061ac1e1a8"}],"releasenotes/notes/ceph_keyrings_in_files-7d6a01e64861f8c6.yaml":[{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"3593f9834ff125254faa4e27c3040f81e3377068","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    the keyrings will be extracted from files. All files in the directory"},{"line_number":6,"context_line":"    must have ``.keyring`` extention and be named with its corresponding"},{"line_number":7,"context_line":"    ``ceph_client`` name. For example, if ``cinder_ceph_client`` is ``cinder``"},{"line_number":8,"context_line":"    the cinder keyring file must be named ``cinder.keyring``. "},{"line_number":9,"context_line":"    Each file must contain username and the key and nothing more, below"},{"line_number":10,"context_line":"    an example for cinder.keyring content."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_83065121","line":8,"range":{"start_line":8,"start_character":61,"end_line":8,"end_character":62},"updated":"2019-11-28 16:14:28.000000000","message":"trailing whitespace","commit_id":"4861a7a93589c71c41eb75ff4c819d2787e1156c"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"bc7ae10595a5722c9a874ede3ec98c34a4217b1b","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    the keyrings will be extracted from files. All files in the directory"},{"line_number":6,"context_line":"    must have ``.keyring`` extention and be named with its corresponding"},{"line_number":7,"context_line":"    ``ceph_client`` name. For example, if ``cinder_ceph_client`` is ``cinder``"},{"line_number":8,"context_line":"    the cinder keyring file must be named ``cinder.keyring``. "},{"line_number":9,"context_line":"    Each file must contain username and the key and nothing more, below"},{"line_number":10,"context_line":"    an example for cinder.keyring content."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_3e4d323b","line":8,"range":{"start_line":8,"start_character":61,"end_line":8,"end_character":62},"in_reply_to":"3fa7e38b_83065121","updated":"2019-11-28 16:26:37.000000000","message":"oups, sorry i used reno lint but it seems it did not work, i will use yamllint :)","commit_id":"4861a7a93589c71c41eb75ff4c819d2787e1156c"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"3593f9834ff125254faa4e27c3040f81e3377068","unresolved":false,"context_lines":[{"line_number":10,"context_line":"    an example for cinder.keyring content."},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"    .. code-block:: text"},{"line_number":13,"context_line":"    "},{"line_number":14,"context_line":"    [client.cinder]"},{"line_number":15,"context_line":"    key \u003d XXXXXXXXXXX"}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_defade0f","line":13,"range":{"start_line":13,"start_character":0,"end_line":13,"end_character":4},"updated":"2019-11-28 16:14:28.000000000","message":"ditto","commit_id":"4861a7a93589c71c41eb75ff4c819d2787e1156c"}],"tasks/ceph_auth.yml":[{"author":{"_account_id":18279,"name":"Jonathan Herlin","email":"jonte@jherlin.se","username":"Jonher937"},"change_message_id":"43518aa32cb5600cdc853d033d93dfa0aed790de","unresolved":false,"context_lines":[{"line_number":34,"context_line":"    - always"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"- name: Retrieve keyrings for openstack clients from provided files"},{"line_number":37,"context_line":"  shell: cat {{  ceph_keyrings_dir }}/{{ item }}.keyring"},{"line_number":38,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":39,"context_line":"  changed_when: false"},{"line_number":40,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_5b2ce749","line":37,"range":{"start_line":37,"start_character":15,"end_line":37,"end_character":17},"updated":"2019-07-22 10:15:35.000000000","message":"two spaces here, should be a single space","commit_id":"d62fae0fe2fa56b93e475b466d4cd464543e6ced"},{"author":{"_account_id":17068,"name":"Jean-Philippe Evrard","email":"openstack@a.spamming.party","username":"evrardjp"},"change_message_id":"a6663be0c36e59afffc921a185f36d608cd4354d","unresolved":false,"context_lines":[{"line_number":33,"context_line":"    - ceph-config"},{"line_number":34,"context_line":"    - always"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"- name: Retrieve keyrings for openstack clients from provided files"},{"line_number":37,"context_line":"  shell: cat {{ ceph_keyrings_dir }}/{{ item }}.keyring"},{"line_number":38,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":39,"context_line":"  changed_when: false"},{"line_number":40,"context_line":"  delegate_to: localhost"},{"line_number":41,"context_line":"  register: ceph_client_keyrings"},{"line_number":42,"context_line":"  until: ceph_client_keyrings is success"},{"line_number":43,"context_line":"  when:"},{"line_number":44,"context_line":"    - ceph_keyrings_dir !\u003d \"\""},{"line_number":45,"context_line":"  tags:"},{"line_number":46,"context_line":"    - ceph-config"},{"line_number":47,"context_line":"    - always"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"7faddb67_0dd48ebc","line":44,"range":{"start_line":36,"start_character":0,"end_line":44,"end_character":29},"updated":"2019-07-29 08:12:35.000000000","message":"I would start with a lookup on the default ceph_keyrings_dir.\n\nIf none found, use the current behaviour (connect to ceph mons).\nIf found, skip \"Retrieve keyrings for openstack clients from ceph cluster\" task, and set fact ceph_client_keyrings with a file lookup on the previously found file. \n\nThis way you avoid shell tasks, and stay very ansibley.","commit_id":"37d6da65b8bbaf93135be3bd8280079eba8a9e8f"},{"author":{"_account_id":17068,"name":"Jean-Philippe Evrard","email":"openstack@a.spamming.party","username":"evrardjp"},"change_message_id":"5fbec93b1db5d06213d3269498a4c00a6dd83b36","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"## Ceph client keyrings"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"- name: From files | Check if keyring files are provided"},{"line_number":20,"context_line":"  find:"},{"line_number":21,"context_line":"    path: \"{{ ceph_keyrings_dir }}\""}],"source_content_type":"text/x-yaml","patch_set":5,"id":"7faddb67_a238679f","line":18,"updated":"2019-08-06 09:41:16.000000000","message":"This is fine for me.\n\nNit: Couldn\u0027t we have make this simpler?\nFor example, if you remove the first two tasks, and replace\nthe copy at L69 with:\n\n```\ncopy:\n  dest: \"/etc/ceph/ceph.client.{{ item | basename }}\"\n  content: \"{{ lookup(\u0027file\u0027, item) }}\"\nwith_fileglob:\n  - \"{{ ceph_keyrings_dir }}/*.keyring\"\n  \n```\n\nand if you want to restrict on which ceph_client_filtered_clients it runs (because you don\u0027t trust the user), you can either loop over it in an include, and/or you use a when condition.","commit_id":"7b0d52d3a959aafb12b61a51816f848e1feb6c5a"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"86a5af73eba0107ffe15f8bb5d44707a451140d2","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"## Ceph client keyrings"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"- name: From files | Check if keyring files are provided"},{"line_number":20,"context_line":"  find:"},{"line_number":21,"context_line":"    path: \"{{ ceph_keyrings_dir }}\""}],"source_content_type":"text/x-yaml","patch_set":5,"id":"7faddb67_02485bb0","line":18,"in_reply_to":"7faddb67_a238679f","updated":"2019-08-06 10:02:15.000000000","message":"The first task register \"keyring_from_files\" so I can use \"when keyring_from_files_matched \u003d\u003d 0 or \u003e\u003d1\" in order to know if we have to trigger tasks \"From ceph cluster or From files\".\nThe second one  permit to associate key with user cinder,glance... so it can be used to set the nova secret L121.","commit_id":"7b0d52d3a959aafb12b61a51816f848e1feb6c5a"},{"author":{"_account_id":17068,"name":"Jean-Philippe Evrard","email":"openstack@a.spamming.party","username":"evrardjp"},"change_message_id":"5fbec93b1db5d06213d3269498a4c00a6dd83b36","unresolved":false,"context_lines":[{"line_number":118,"context_line":"    - always"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":121,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""},{"line_number":122,"context_line":"  when:"},{"line_number":123,"context_line":"    - inventory_hostname in groups.nova_compute"},{"line_number":124,"context_line":"    - keyring_from_files.matched \u003e\u003d 1"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"7faddb67_a2d4e720","line":121,"range":{"start_line":121,"start_character":2,"end_line":121,"end_character":9},"updated":"2019-08-06 09:41:16.000000000","message":"nit: It would be easier to set fact, instead of running an echo, isn\u0027t it?","commit_id":"7b0d52d3a959aafb12b61a51816f848e1feb6c5a"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"86a5af73eba0107ffe15f8bb5d44707a451140d2","unresolved":false,"context_lines":[{"line_number":118,"context_line":"    - always"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":121,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""},{"line_number":122,"context_line":"  when:"},{"line_number":123,"context_line":"    - inventory_hostname in groups.nova_compute"},{"line_number":124,"context_line":"    - keyring_from_files.matched \u003e\u003d 1"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"7faddb67_82b20be4","line":121,"range":{"start_line":121,"start_character":2,"end_line":121,"end_character":9},"in_reply_to":"7faddb67_a2d4e720","updated":"2019-08-06 10:02:15.000000000","message":"I used echo because Line 178 it wait for a stdout. Using echo permit to not change the \"Set nova secret value in libvirt\" task L. 177-189.","commit_id":"7b0d52d3a959aafb12b61a51816f848e1feb6c5a"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"dba17ee8eb00cd0b5e1dc9fcd4b49e449bdc6d93","unresolved":false,"context_lines":[{"line_number":31,"context_line":"  changed_when: false"},{"line_number":32,"context_line":"  delegate_to: localhost"},{"line_number":33,"context_line":"  when:"},{"line_number":34,"context_line":"    - keyring_from_files.matched \u003e\u003d 1"},{"line_number":35,"context_line":"  tags:"},{"line_number":36,"context_line":"    - ceph-config"},{"line_number":37,"context_line":"    - always"}],"source_content_type":"text/x-yaml","patch_set":6,"id":"7faddb67_5351f9d8","line":34,"range":{"start_line":34,"start_character":6,"end_line":34,"end_character":32},"updated":"2019-08-26 16:50:24.000000000","message":"why not make ceph_keyrings_dir default to undefined and then the tasks can simply be conditional on it being defined. Then no clever tricks needed to decide if from files/mons","commit_id":"5b7031b9be401a2a4f6371601393ce061ac1e1a8"}],"tasks/ceph_get_keyrings_from_files.yml":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"a5f9f1f0910ae3afaa8a9742f303c4d6bc3b74f0","unresolved":false,"context_lines":[{"line_number":33,"context_line":"    - ceph-config"},{"line_number":34,"context_line":"    - always"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"- name: From files | Provision ceph client keyrings"},{"line_number":37,"context_line":"  copy:"},{"line_number":38,"context_line":"    dest: \"/etc/ceph/ceph.client.{{ item }}.keyring\""},{"line_number":39,"context_line":"    content: \"{{ vars[ item + \u0027_keyring\u0027 ] }}\""},{"line_number":40,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":41,"context_line":"  notify:"},{"line_number":42,"context_line":"    - Restart os services"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":45,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""}],"source_content_type":"text/x-yaml","patch_set":9,"id":"7faddb67_9a0f72df","line":42,"range":{"start_line":36,"start_character":0,"end_line":42,"end_character":25},"updated":"2019-08-27 15:01:16.000000000","message":"you should add the owner: mode: and group: parameters matching those used in the \"from mons\" tasks","commit_id":"640014c77ba1d1349fc0500952e0373add0a1162"},{"author":{"_account_id":518,"name":"Soren Hansen","email":"soren@linux2go.dk","username":"soren"},"change_message_id":"bf49d268e29e70cb79c8552cabd02433b113e7c3","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5faad753_b7d06752","line":28,"updated":"2019-09-09 12:07:49.000000000","message":"I had to add rsplit\u003dFalse to the lookup call here, otherwise there will be no trailing linefeed in the keyring file on the target hosts and that causes my Ceph connect attempts to fail with EINVAL.","commit_id":"100627816595a591714cd0f374fd307d6bdb0fe4"},{"author":{"_account_id":518,"name":"Soren Hansen","email":"soren@linux2go.dk","username":"soren"},"change_message_id":"a26556b19cb41b35bf8b852c01d84ece08a8f36c","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5faad753_416fda91","line":28,"in_reply_to":"5faad753_379b16ca","updated":"2019-09-10 08:06:03.000000000","message":"Just username and key.","commit_id":"100627816595a591714cd0f374fd307d6bdb0fe4"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"164770804ac66ff25331aeb701d8fe6a029e9442","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5faad753_7cbb9d71","line":28,"in_reply_to":"5faad753_416fda91","updated":"2019-09-10 09:26:33.000000000","message":"Thanks :) perhaps it will be easier to add \"\\n\" in content line 39 ? or perhaps you already test it and it did not work ?","commit_id":"100627816595a591714cd0f374fd307d6bdb0fe4"},{"author":{"_account_id":518,"name":"Soren Hansen","email":"soren@linux2go.dk","username":"soren"},"change_message_id":"1dab27cd2ed29fe49419512db882ede8380eab3e","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5faad753_c7d51a45","line":28,"in_reply_to":"5faad753_7cbb9d71","updated":"2019-09-10 09:41:24.000000000","message":"That should work, too. Either way is fine with me.\n\nI just realised I wrote \"rsplit\" in my initial comment. I meant rstrip, but I\u0027m guessing the context made that clear :)","commit_id":"100627816595a591714cd0f374fd307d6bdb0fe4"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"d524a4a8c73e6f4b79f910a3fb0f6aadd9e1f7a3","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5faad753_379b16ca","line":28,"in_reply_to":"5faad753_b7d06752","updated":"2019-09-09 12:59:04.000000000","message":"Thanks for the comment.\n\nFor keyrings files did you provide a file only with username and keyrings or with username, keyrings and caps ?","commit_id":"100627816595a591714cd0f374fd307d6bdb0fe4"},{"author":{"_account_id":518,"name":"Soren Hansen","email":"soren@linux2go.dk","username":"soren"},"change_message_id":"8f40953b3af988108ee868ccc33235f4b70f88e1","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"5faad753_07725212","line":28,"in_reply_to":"5faad753_c7d51a45","updated":"2019-09-10 10:03:39.000000000","message":"I also just realised that the version of ansible installed by openstack-ansible\u0027s bootstrap script doesn\u0027t support the rstrip option on lookup anyway, so your solution is far better.","commit_id":"100627816595a591714cd0f374fd307d6bdb0fe4"},{"author":{"_account_id":17799,"name":"Logan V","email":"logan2211@gmail.com","username":"Logan2211"},"change_message_id":"ea622983ab6893ce5ac1d837960cd15bd734ca89","unresolved":false,"context_lines":[{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"5faad753_c920834b","line":28,"range":{"start_line":28,"start_character":0,"end_line":28,"end_character":97},"updated":"2019-09-12 21:49:13.000000000","message":"The way this task nests jinja tags is not valid and shouldn\u0027t work. But I\u0027ll suggest a different approach instead. Rather than setting a large number of vars (one per client key) you could set them all into a single dict.\n\nset_fact:\n  ceph_client_keys: |-\n    {% set _keys \u003d [] %}\n    {% for client in ceph_client_filtered_clients %}\n    {%   set _ \u003d _keys.update({\n            client: lookup(\u0027file\u0027, ceph_keyrings_dir ~ \u0027/\u0027 ~ item ~ \u0027.keyring\u0027)\n        })\n    %}\n    {% endfor %}\n    {{ _keys }}","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":17799,"name":"Logan V","email":"logan2211@gmail.com","username":"Logan2211"},"change_message_id":"ea622983ab6893ce5ac1d837960cd15bd734ca89","unresolved":false,"context_lines":[{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"},{"line_number":28,"context_line":"    {\"{{ item }}_keyring\" : \"{{ lookup(\u0027file\u0027, \u0027{{ ceph_keyrings_dir }}/{{ item }}.keyring\u0027) }}\"}"},{"line_number":29,"context_line":"  with_items: \"{{ ceph_client_filtered_clients }}\""},{"line_number":30,"context_line":"  changed_when: false"},{"line_number":31,"context_line":"  delegate_to: localhost"},{"line_number":32,"context_line":"  tags:"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"5faad753_a97f4713","line":29,"range":{"start_line":29,"start_character":0,"end_line":29,"end_character":50},"updated":"2019-09-12 21:49:13.000000000","message":"This loop is not needed with the set_fact suggestion above applied","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":17799,"name":"Logan V","email":"logan2211@gmail.com","username":"Logan2211"},"change_message_id":"ea622983ab6893ce5ac1d837960cd15bd734ca89","unresolved":false,"context_lines":[{"line_number":36,"context_line":"- name: From files | Provision ceph client keyrings"},{"line_number":37,"context_line":"  copy:"},{"line_number":38,"context_line":"    dest: \"/etc/ceph/ceph.client.{{ item }}.keyring\""},{"line_number":39,"context_line":"    content: \"{{ vars[ item + \u0027_keyring\u0027 ] }}\\n\""},{"line_number":40,"context_line":"    group:    \"{{ cephkeys_access_group }}\""},{"line_number":41,"context_line":"    # ideally the permission will be: 0600 and the owner/group will be either"},{"line_number":42,"context_line":"    # glance , nova or cinder. For keys that require access by different users"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"5faad753_a9a427a7","line":39,"range":{"start_line":39,"start_character":17,"end_line":39,"end_character":42},"updated":"2019-09-12 21:49:13.000000000","message":"hostvars[\u0027localhost\u0027][\u0027ceph_client_keys\u0027][item]","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":17799,"name":"Logan V","email":"logan2211@gmail.com","username":"Logan2211"},"change_message_id":"ea622983ab6893ce5ac1d837960cd15bd734ca89","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    - Restart os services"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":53,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""},{"line_number":54,"context_line":"  register: ceph_nova_secret"},{"line_number":55,"context_line":"  when:"},{"line_number":56,"context_line":"    - inventory_hostname in groups.nova_compute"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"5faad753_29ba77c0","line":53,"range":{"start_line":53,"start_character":21,"end_line":53,"end_character":58},"updated":"2019-09-12 21:49:13.000000000","message":"hostvars[\u0027localhost\u0027][\u0027ceph_client_keys\u0027][nova_ceph_client]","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"211adbd874f5228392d83a638574202178858d05","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    - Restart os services"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":53,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""},{"line_number":54,"context_line":"  register: ceph_nova_secret"},{"line_number":55,"context_line":"  when:"},{"line_number":56,"context_line":"    - inventory_hostname in groups.nova_compute"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"3fa7e38b_d07ae9b8","line":53,"range":{"start_line":53,"start_character":2,"end_line":53,"end_character":16},"updated":"2019-10-18 08:54:42.000000000","message":"why this is command: echo and not set_fact instead?","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"bc58828a6dabc64fe8b75146b32ccf3b6c71473a","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    - Restart os services"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":53,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""},{"line_number":54,"context_line":"  register: ceph_nova_secret"},{"line_number":55,"context_line":"  when:"},{"line_number":56,"context_line":"    - inventory_hostname in groups.nova_compute"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"3fa7e38b_0bda8f78","line":53,"range":{"start_line":53,"start_character":2,"end_line":53,"end_character":16},"in_reply_to":"3fa7e38b_363b36c9","updated":"2019-10-18 15:34:46.000000000","message":"ah, ok then.","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"9a466ec5a1b3c1b56dd9e362a01bb18a68ed462f","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    - Restart os services"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"- name: From file | Retrieve nova secret"},{"line_number":53,"context_line":"  command : echo \"{{ vars[ nova_ceph_client + \u0027_keyring\u0027 ] | regex_replace(\u0027^.*\\n.*\u003d (.*)\u0027, \u0027\\1\u0027)}}\""},{"line_number":54,"context_line":"  register: ceph_nova_secret"},{"line_number":55,"context_line":"  when:"},{"line_number":56,"context_line":"    - inventory_hostname in groups.nova_compute"}],"source_content_type":"text/x-yaml","patch_set":12,"id":"3fa7e38b_363b36c9","line":53,"range":{"start_line":53,"start_character":2,"end_line":53,"end_character":16},"in_reply_to":"3fa7e38b_d07ae9b8","updated":"2019-10-18 09:11:34.000000000","message":"I used echo because in ceph_auth.yml line 87 it wait for a stdout. Using echo permit to not change the \"Set nova secret value in libvirt\".","commit_id":"b973e3c714327ed2fdff8036320c160fc53f6d0d"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"3593f9834ff125254faa4e27c3040f81e3377068","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"## Ceph client keyrings"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- name: Get keyring files"},{"line_number":19,"context_line":"  find:"},{"line_number":20,"context_line":"    path: \"{{ ceph_keyrings_dir }}\""},{"line_number":21,"context_line":"    file_type: file"},{"line_number":22,"context_line":"    pattern: \"*.keyring\""},{"line_number":23,"context_line":"  register: keyring_from_files"},{"line_number":24,"context_line":"  delegate_to: localhost"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_be57e201","line":24,"range":{"start_line":18,"start_character":0,"end_line":24,"end_character":24},"updated":"2019-11-28 16:14:28.000000000","message":"It looks like it\u0027s not used anywhere... Or I\u0027m missing smth?","commit_id":"4861a7a93589c71c41eb75ff4c819d2787e1156c"},{"author":{"_account_id":29239,"name":"Mikael Loaec","email":"mikael.loaec@inra.fr","username":"miloa"},"change_message_id":"bc7ae10595a5722c9a874ede3ec98c34a4217b1b","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"## Ceph client keyrings"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- name: Get keyring files"},{"line_number":19,"context_line":"  find:"},{"line_number":20,"context_line":"    path: \"{{ ceph_keyrings_dir }}\""},{"line_number":21,"context_line":"    file_type: file"},{"line_number":22,"context_line":"    pattern: \"*.keyring\""},{"line_number":23,"context_line":"  register: keyring_from_files"},{"line_number":24,"context_line":"  delegate_to: localhost"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"- name: From files | Retrieve keyrings for openstack clients"},{"line_number":27,"context_line":"  set_fact:"}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_3edf7267","line":24,"range":{"start_line":18,"start_character":0,"end_line":24,"end_character":24},"in_reply_to":"3fa7e38b_be57e201","updated":"2019-11-28 16:26:37.000000000","message":"you are right, the changes proposed by Logan make this task obsolete. :)","commit_id":"4861a7a93589c71c41eb75ff4c819d2787e1156c"}],"tasks/main.yml":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"a5f9f1f0910ae3afaa8a9742f303c4d6bc3b74f0","unresolved":false,"context_lines":[{"line_number":61,"context_line":"  tags:"},{"line_number":62,"context_line":"    - ceph-config"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"- include_tasks: ceph_get_keyrings_from_mons.yml"},{"line_number":65,"context_line":"  when:"},{"line_number":66,"context_line":"    - cephx | bool"},{"line_number":67,"context_line":"    - ceph_keyrings_dir is not defined"},{"line_number":68,"context_line":"  tags:"},{"line_number":69,"context_line":"   - ceph-config"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"- include_tasks: ceph_get_keyrings_from_files.yml"},{"line_number":72,"context_line":"  when:"},{"line_number":73,"context_line":"    - cephx | bool"},{"line_number":74,"context_line":"    - ceph_keyrings_dir is defined"},{"line_number":75,"context_line":"  tags:"},{"line_number":76,"context_line":"   - ceph-config"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"- include_tasks: ceph_auth.yml"},{"line_number":79,"context_line":"  when:"}],"source_content_type":"text/x-yaml","patch_set":9,"id":"7faddb67_5a1a5a18","line":76,"range":{"start_line":64,"start_character":0,"end_line":76,"end_character":16},"updated":"2019-08-27 15:01:16.000000000","message":"tasks included here rely on the group \"cephkeys_access_group\" being present which is only guaranteed part way through ceph_auth.yml. I suggest moving these includes into ceph_auth.yml after the appropriate setup tasks have been done. That will also simplify the conditionals.","commit_id":"640014c77ba1d1349fc0500952e0373add0a1162"}]}