meta:
- desc: configure the permissions for client.mirror
overrides:
  ceph:
    conf:
      client:
        debug cephfs_mirror: 20
        log to stderr: false
      # make these predictable
      client.mirror1:
        admin socket: /var/run/ceph/cephfs-mirror1.asok
        pid file: /var/run/ceph/cephfs-mirror1.pid
      client.mirror2:
        admin socket: /var/run/ceph/cephfs-mirror2.asok
        pid file: /var/run/ceph/cephfs-mirror2.pid
      client.mirror3:
        admin socket: /var/run/ceph/cephfs-mirror3.asok
        pid file: /var/run/ceph/cephfs-mirror3.pid
tasks:
- exec:
    client.mirror1:
      - "sudo ceph auth caps client.mirror1 mon 'profile cephfs-mirror' mds 'allow r' osd 'allow rw tag cephfs metadata=*, allow r tag cephfs data=*' mgr 'allow r'"
    client.mirror2:
      - "sudo ceph auth caps client.mirror2 mon 'profile cephfs-mirror' mds 'allow r' osd 'allow rw tag cephfs metadata=*, allow r tag cephfs data=*' mgr 'allow r'"
    client.mirror3:
      - "sudo ceph auth caps client.mirror3 mon 'profile cephfs-mirror' mds 'allow r' osd 'allow rw tag cephfs metadata=*, allow r tag cephfs data=*' mgr 'allow r'"
    client.mirror_remote:
      - "sudo ceph auth caps client.mirror_remote mon 'allow r' mds 'allow rwps' osd 'allow rw tag cephfs *=*' mgr 'allow r'"
    client.1:
      - "sudo ceph auth caps client.0 mon 'allow r' mds 'allow rwps' osd 'allow rw tag cephfs *=*' mgr 'allow r'"
    client.2:
      - "sudo ceph auth caps client.1 mon 'allow r' mds 'allow rwps' osd 'allow rw tag cephfs *=*' mgr 'allow r'"