/etc/ansible/roles/ceph-ansible/roles/ceph-mon/tasks/ceph_keys.yml
---
- name: waiting for the monitor(s) to form the quorum...
  command: >
    {{ container_exec_cmd }}
    ceph
    --cluster {{ cluster }}
    -n mon.
    -k /var/lib/ceph/mon/{{ cluster }}-{{ ansible_hostname }}/keyring
    mon_status
    --format json
  register: ceph_health_raw
  run_once: true
  until: >
    (ceph_health_raw.stdout | length > 0) and (ceph_health_raw.stdout | default('{}') | from_json)['state'] in ['leader', 'peon']
  retries: "{{ handler_health_mon_check_retries }}"
  delay: "{{ handler_health_mon_check_delay }}"
  changed_when: false

- name: fetch ceph initial keys
  ceph_key:
    state: fetch_initial_keys
    cluster: "{{ cluster }}"
    owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
    group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
    mode: "0400"
  environment:
    CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
    CEPH_CONTAINER_BINARY: "{{ container_binary }}"
    CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
  when:
    - cephx | bool