From: Andrew Schoen <aschoen@redhat.com>
Date: Tue, 21 Feb 2017 18:35:00 +0000 (-0600)
Subject: ceph-common: remove infernalis comment on radosgw_civetweb_port
X-Git-Tag: v2.2.0rc1~22^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6cf842eb396d0a26882db9658cf7010ff84a7733;p=ceph-ansible.git

ceph-common: remove infernalis comment on radosgw_civetweb_port

As of Infernalis, the Ceph daemons run as an unprivileged "ceph" UID,
and this is by design.

Commit f19b765 altered the default
civetweb port from 80 to 8080 with a comment in the commit log about
"until this gets solved"

Remove the comment about permissions on Infernalis, because this is
always going to be the case on the Ceph versions we support, and it
is just confusing.

If users want to expose civetweb to s3 clients using privileged TCP
ports, they can redirect traffic with iptables, or use a reverse proxy
application like HAproxy.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
---

diff --git a/roles/ceph-common/defaults/main.yml b/roles/ceph-common/defaults/main.yml
index b1905f78b..3f5f2fe2d 100644
--- a/roles/ceph-common/defaults/main.yml
+++ b/roles/ceph-common/defaults/main.yml
@@ -285,7 +285,7 @@ mds_max_mds: 3
 #
 #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls
 radosgw_resolve_cname: false # enable for radosgw to resolve DNS CNAME based bucket names
-radosgw_civetweb_port: 8080 # on Infernalis we get: "set_ports_option: cannot bind to 80: 13 (Permission denied)"
+radosgw_civetweb_port: 8080
 radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}" # when using ipv6 enclose with brackets: "[{{ ansible_default_ipv6.address }}]"
 radosgw_civetweb_num_threads: 50
 # For additional civetweb configuration options available such as SSL, logging,