ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a switch to disable nss PKI database initialization 

The PKI keys are used to decrypt the Keystone revocation list when
PKI tokens are used. When UUID or Fernet token providers are used in
Keystone, PKI certs may not exist, so we now accommodate this scenario
by allowing the operator to disable the PKI tasks.
pull/1179/head
Logan V 2016-07-14 14:09:31 -05:00
parent 12f8b5c38e
commit aa0bfaa89a
4 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/all.yml.sample
View File

@ -285,6 +285,7 @@ dummy:
#radosgw_civetweb_num_threads: 50
#radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
#radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
#radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
# for admin_token method, define radosgw_keystone_admin_token
# for auth_token method, define _user, _password, and _tenant
#radosgw_keystone_auth_method: admin_token

1
roles/ceph-common/defaults/main.yml
View File

@ -277,6 +277,7 @@ radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}"
radosgw_civetweb_num_threads: 50
radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
#radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
# for admin_token method, define radosgw_keystone_admin_token
# for auth_token method, define _user, _password, and _tenant
radosgw_keystone_auth_method: admin_token

2
roles/ceph-common/templates/ceph.conf.j2
View File

@ -125,9 +125,11 @@ rgw keystone accepted roles = {{ radosgw_keystone_accepted_roles }}
rgw keystone token cache size = {{ radosgw_keystone_token_cache_size }}
rgw keystone revocation interval = {{ radosgw_keystone_revocation_internal }}
rgw s3 auth use keystone = {{ radosgw_s3_auth_use_keystone }}
{% if radosgw_keystone_ssl | bool %}
nss db path = {{ radosgw_nss_db_path }}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}

4
roles/ceph-rgw/tasks/main.yml
View File

@ -5,7 +5,9 @@
static: False
- include: openstack-keystone.yml
when: radosgw_keystone
when:
- radosgw_keystone|bool
- radosgw_keystone_ssl|bool
# Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
static: False