From: Luigi Toscano Date: Tue, 22 May 2018 09:46:33 +0000 (+0200) Subject: ceph-radosgw: disable NSS PKI db when SSL is disabled X-Git-Tag: v3.2.0beta1~84 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=43e96c1f98312734e2f12a1ea5ef29981e9072bd;p=ceph-ansible.git ceph-radosgw: disable NSS PKI db when SSL is disabled The NSS PKI database is needed only if radosgw_keystone_ssl is explicitly set to true, otherwise the SSL integration is not enabled. It is worth noting that the PKI support was removed from Keystone starting from the Ocata release, so some code paths should be changed anyway. Also, remove radosgw_keystone, which is not useful anymore. This variable was used until fcba2c801a122b7ce8ec6a5c27a70bc19589d177. Now profiles drives the setting of rgw keystone *. Signed-off-by: Luigi Toscano --- diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index d6ad290c1..59dfaaea9 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -381,7 +381,6 @@ dummy: #radosgw_interface: interface #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1 #radosgw_address_block: subnet -#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/ #radosgw_keystone_ssl: false # activate this when using keystone PKI keys # Rados Gateway options #email_address: foo@bar.com diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample index 2010e8843..09842ce65 100644 --- a/group_vars/rhcs.yml.sample +++ b/group_vars/rhcs.yml.sample @@ -381,7 +381,6 @@ ceph_repository: rhcs #radosgw_interface: interface #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1 #radosgw_address_block: subnet -#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/ #radosgw_keystone_ssl: false # activate this when using keystone PKI keys # Rados Gateway options #email_address: foo@bar.com diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index 9e780f869..8d7c65dc9 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -384,7 +384,6 @@ radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}" radosgw_interface: interface radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1 radosgw_address_block: subnet -radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/ radosgw_keystone_ssl: false # activate this when using keystone PKI keys # Rados Gateway options email_address: foo@bar.com diff --git a/roles/ceph-rgw/tasks/main.yml b/roles/ceph-rgw/tasks/main.yml index 5b0f45398..e760d4bfe 100644 --- a/roles/ceph-rgw/tasks/main.yml +++ b/roles/ceph-rgw/tasks/main.yml @@ -18,7 +18,6 @@ - name: include openstack-keystone.yml include: openstack-keystone.yml when: - - radosgw_keystone|bool - radosgw_keystone_ssl|bool # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent) static: False diff --git a/tests/functional/centos/7/ooo-collocation/hosts b/tests/functional/centos/7/ooo-collocation/hosts index 72521a6a0..afffc3746 100644 --- a/tests/functional/centos/7/ooo-collocation/hosts +++ b/tests/functional/centos/7/ooo-collocation/hosts @@ -64,7 +64,6 @@ all: public_network: 192.168.95.0/24 radosgw_address_block: 192.168.95.0/24 radosgw_civetweb_port: '8080' - radosgw_keystone: true radosgw_keystone_ssl: false user_config: true copy_admin_key: true