ceph-radosgw: disable NSS PKI db when SSL is disabled

The NSS PKI database is needed only if radosgw_keystone_ssl
is explicitly set to true, otherwise the SSL integration is
not enabled.

It is worth noting that the PKI support was removed from Keystone
starting from the Ocata release, so some code paths should be
changed anyway.

Also, remove radosgw_keystone, which is not useful anymore.
This variable was used until fcba2c801a122b7ce8ec6a5c27a70bc19589d177.
Now profiles drives the setting of rgw keystone *.

Signed-off-by: Luigi Toscano <ltoscano@redhat.com>

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index d6ad290c16280e9e85dba06de34f5a945e2072c2..59dfaaea97dbc612b61e645402057d46bb9676e3 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -381,7 +381,6 @@ dummy:
 #radosgw_interface: interface
 #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 #radosgw_address_block: subnet
-#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 #email_address: foo@bar.com

diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index 2010e8843044daba5d01c3f2e2d13898d2ed3662..09842ce65454a5188f944e0cbc40b4e00b870ab4 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -381,7 +381,6 @@ ceph_repository: rhcs
 #radosgw_interface: interface
 #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 #radosgw_address_block: subnet
-#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 #email_address: foo@bar.com

diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index 9e780f86907c473ebbae2774fbe2c35c9ed9ecf4..8d7c65dc9210db1d2a80265fa6e0f183b8218da4 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -384,7 +384,6 @@ radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
 radosgw_interface: interface
 radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 radosgw_address_block: subnet
-radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 email_address: foo@bar.com

diff --git a/roles/ceph-rgw/tasks/main.yml b/roles/ceph-rgw/tasks/main.yml
index 5b0f45398f0a2944f99f0739031178037a2b27b1..e760d4bfe22c572b0381fea7faffb6ef510f7490 100644 (file)
--- a/roles/ceph-rgw/tasks/main.yml
+++ b/roles/ceph-rgw/tasks/main.yml
@@ -18,7 +18,6 @@
 - name: include openstack-keystone.yml
   include: openstack-keystone.yml
   when:
-    - radosgw_keystone|bool
     - radosgw_keystone_ssl|bool
   # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
   static: False

diff --git a/tests/functional/centos/7/ooo-collocation/hosts b/tests/functional/centos/7/ooo-collocation/hosts
index 72521a6a09bda433fb8df0162273c0ca6fa30965..afffc37461fb1f7e34fc75328d580a22324aa4d3 100644 (file)
--- a/tests/functional/centos/7/ooo-collocation/hosts
+++ b/tests/functional/centos/7/ooo-collocation/hosts
@@ -64,7 +64,6 @@ all:
     public_network: 192.168.95.0/24
     radosgw_address_block: 192.168.95.0/24
     radosgw_civetweb_port: '8080'
-    radosgw_keystone: true
     radosgw_keystone_ssl: false
     user_config: true
     copy_admin_key: true