/etc/ansible/roles/ceph-ansible/roles/ceph-rgw/tasks/pre_requisite.yml
---
- name: create rados gateway instance keyring
  command: ceph --cluster {{ cluster }} --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/{{ cluster }}.keyring auth get-or-create client.rgw.{{ ansible_hostname }}.{{ item.instance_name }} osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}.{{ item.instance_name }}/keyring
  args:
    creates: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}.{{ item.instance_name }}/keyring
  changed_when: false
  with_items: "{{ rgw_instances }}"
  when: cephx | bool

- name: set rados gateway instance key permissions
  file:
    path: /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ ansible_hostname }}.{{ item.instance_name }}/keyring
    owner: "ceph"
    group: "ceph"
    mode: "0600"
  with_items: "{{ rgw_instances }}"
  when: cephx | bool