mirror of https://github.com/ceph/ceph-ansible.git
Add a switch to disable nss PKI database initialization
The PKI keys are used to decrypt the Keystone revocation list when PKI tokens are used. When UUID or Fernet token providers are used in Keystone, PKI certs may not exist, so we now accommodate this scenario by allowing the operator to disable the PKI tasks.pull/1179/head
parent
12f8b5c38e
commit
aa0bfaa89a
|
@ -285,6 +285,7 @@ dummy:
|
|||
#radosgw_civetweb_num_threads: 50
|
||||
#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
|
||||
#radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
|
||||
#radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
|
||||
# for admin_token method, define radosgw_keystone_admin_token
|
||||
# for auth_token method, define _user, _password, and _tenant
|
||||
#radosgw_keystone_auth_method: admin_token
|
||||
|
|
|
@ -277,6 +277,7 @@ radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}"
|
|||
radosgw_civetweb_num_threads: 50
|
||||
radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
|
||||
#radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
|
||||
radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
|
||||
# for admin_token method, define radosgw_keystone_admin_token
|
||||
# for auth_token method, define _user, _password, and _tenant
|
||||
radosgw_keystone_auth_method: admin_token
|
||||
|
|
|
@ -125,9 +125,11 @@ rgw keystone accepted roles = {{ radosgw_keystone_accepted_roles }}
|
|||
rgw keystone token cache size = {{ radosgw_keystone_token_cache_size }}
|
||||
rgw keystone revocation interval = {{ radosgw_keystone_revocation_internal }}
|
||||
rgw s3 auth use keystone = {{ radosgw_s3_auth_use_keystone }}
|
||||
{% if radosgw_keystone_ssl | bool %}
|
||||
nss db path = {{ radosgw_nss_db_path }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
|
|
|
@ -5,7 +5,9 @@
|
|||
static: False
|
||||
|
||||
- include: openstack-keystone.yml
|
||||
when: radosgw_keystone
|
||||
when:
|
||||
- radosgw_keystone|bool
|
||||
- radosgw_keystone_ssl|bool
|
||||
# Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
|
||||
static: False
|
||||
|
||||
|
|
Loading…
Reference in New Issue