ceph-radosgw: disable NSS PKI db when SSL is disabled

The NSS PKI database is needed only if radosgw_keystone_ssl
is explicitly set to true, otherwise the SSL integration is
not enabled.

It is worth noting that the PKI support was removed from Keystone
starting from the Ocata release, so some code paths should be
changed anyway.

Also, remove radosgw_keystone, which is not useful anymore.
This variable was used until fcba2c801a122b7ce8ec6a5c27a70bc19589d177.
Now profiles drives the setting of rgw keystone *.

Signed-off-by: Luigi Toscano <ltoscano@redhat.com>
(cherry picked from commit 43e96c1f98312734e2f12a1ea5ef29981e9072bd)
Signed-off-by: Sébastien Han <seb@redhat.com>

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index d6ad290c16280e9e85dba06de34f5a945e2072c2..59dfaaea97dbc612b61e645402057d46bb9676e3 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -381,7 +381,6 @@ dummy:
 #radosgw_interface: interface
 #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 #radosgw_address_block: subnet
-#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 #email_address: foo@bar.com

diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index 2010e8843044daba5d01c3f2e2d13898d2ed3662..09842ce65454a5188f944e0cbc40b4e00b870ab4 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -381,7 +381,6 @@ ceph_repository: rhcs
 #radosgw_interface: interface
 #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 #radosgw_address_block: subnet
-#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 #email_address: foo@bar.com

diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index 081833491be02bdbfe218629f3e41c418630211e..ce26fa64af1f1e28d307128a24e84508138c27fd 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -373,7 +373,6 @@ radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
 radosgw_interface: interface
 radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 radosgw_address_block: subnet
-radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 email_address: foo@bar.com

diff --git a/roles/ceph-rgw/tasks/main.yml b/roles/ceph-rgw/tasks/main.yml
index 5b0f45398f0a2944f99f0739031178037a2b27b1..e760d4bfe22c572b0381fea7faffb6ef510f7490 100644 (file)
--- a/roles/ceph-rgw/tasks/main.yml
+++ b/roles/ceph-rgw/tasks/main.yml
@@ -18,7 +18,6 @@
 - name: include openstack-keystone.yml
   include: openstack-keystone.yml
   when:
-    - radosgw_keystone|bool
     - radosgw_keystone_ssl|bool
   # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
   static: False

diff --git a/tests/functional/centos/7/ooo-collocation/hosts b/tests/functional/centos/7/ooo-collocation/hosts
index 72521a6a09bda433fb8df0162273c0ca6fa30965..afffc37461fb1f7e34fc75328d580a22324aa4d3 100644 (file)
--- a/tests/functional/centos/7/ooo-collocation/hosts
+++ b/tests/functional/centos/7/ooo-collocation/hosts
@@ -64,7 +64,6 @@ all:
     public_network: 192.168.95.0/24
     radosgw_address_block: 192.168.95.0/24
     radosgw_civetweb_port: '8080'
-    radosgw_keystone: true
     radosgw_keystone_ssl: false
     user_config: true
     copy_admin_key: true