ceph-radosgw: disable NSS PKI db when SSL is disabled

The NSS PKI database is needed only if radosgw_keystone_ssl is explicitly set to true, otherwise the SSL integration is not enabled. It is worth noting that the PKI support was removed from Keystone starting from the Ocata release, so some code paths should be changed anyway. Also, remove radosgw_keystone, which is not useful anymore. This variable was used until fcba2c801a. Now profiles drives the setting of rgw keystone *. Signed-off-by: Luigi Toscano <ltoscano@redhat.com>
2018-05-22 11:46:33 +02:00 · 2018-05-22 11:46:33 +02:00 · 43e96c1f98
parent bf9593bced
commit 43e96c1f98
5 changed files with 0 additions and 5 deletions
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@ -381,7 +381,6 @@ dummy:
 #radosgw_interface: interface
 #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 #radosgw_address_block: subnet
-#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 #email_address: foo@bar.com
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@ -381,7 +381,6 @@ ceph_repository: rhcs
 #radosgw_interface: interface
 #radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 #radosgw_address_block: subnet
-#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 #email_address: foo@bar.com
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@ -384,7 +384,6 @@ radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
 radosgw_interface: interface
 radosgw_address: "{{ '0.0.0.0' if rgw_containerized_deployment else 'address' }}" # backward compatibility with stable-2.2, will disappear in stable 3.1
 radosgw_address_block: subnet
-radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 radosgw_keystone_ssl: false # activate this when using keystone PKI keys
 # Rados Gateway options
 email_address: foo@bar.com
--- a/roles/ceph-rgw/tasks/main.yml
+++ b/roles/ceph-rgw/tasks/main.yml
@ -18,7 +18,6 @@
 - name: include openstack-keystone.yml
  include: openstack-keystone.yml
  when:
-    - radosgw_keystone|bool
    - radosgw_keystone_ssl|bool
  # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
  static: False
--- a/tests/functional/centos/7/ooo-collocation/hosts
+++ b/tests/functional/centos/7/ooo-collocation/hosts
@ -64,7 +64,6 @@ all:
    public_network: 192.168.95.0/24
    radosgw_address_block: 192.168.95.0/24
    radosgw_civetweb_port: '8080'
-    radosgw_keystone: true
    radosgw_keystone_ssl: false
    user_config: true
    copy_admin_key: true