---
- name: get cephadm pub key (run once on ceph01)
  ansible.builtin.command: ceph cephadm get-pub-key
  register: ceph_pubkey_cmd
  changed_when: false
  delegate_to: dev-kyiv01-vm-ceph-main-01
  run_once: true

- name: set ceph pubkey fact for this play
  ansible.builtin.set_fact:
    ceph_pubkey: "{{ ceph_pubkey_cmd.stdout }}"
  run_once: true

- name: add ceph pub key to root authorized_keys
  ansible.posix.authorized_key:
    user: root
    key: "{{ ceph_pubkey }}"
    state: present
  when: inventory_hostname in ["dev-kyiv01-vm-ceph-main-02", "dev-kyiv01-vm-ceph-main-03"]

- name: restart ssh
  ansible.builtin.service:
    name: ssh
    state: restarted
  when: inventory_hostname in ["dev-kyiv01-vm-ceph-main-02", "dev-kyiv01-vm-ceph-main-03"]