Bug 1280478
Summary: | OSPd over deploying cephx keys | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Keith Schincke <kschinck> |
Component: | openstack-tripleo-heat-templates | Assignee: | Yogev Rabl <yrabl> |
Status: | CLOSED ERRATA | QA Contact: | Yogev Rabl <yrabl> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.0 (Kilo) | CC: | athomas, gfidente, jomurphy, mburns, nlevine, rhel-osp-director-maint, sclewis, scohen, seb, tbarron, yrabl |
Target Milestone: | Upstream M2 | Keywords: | TestOnly, Triaged |
Target Release: | 12.0 (Pike) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-13 20:37:32 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Keith Schincke
2015-11-11 20:16:36 UTC
to scope this a little more, the admin and the bootstrap keyrings are only readable by the root account on the overcloud nodes we should still avoid the deployment of them on all nodes and distribute the keyrings as needed for the various functionalities We can't block the 7.3 release on this, given that it's not a regression. It is effectively an RFE. We'll address in a future release. This bug did not make the OSP 8.0 release. It is being deferred to OSP 10. *** Bug 1326925 has been marked as a duplicate of this bug. *** No progress so far. We agreed on moving this one to 11. We will commit on bringing this feature for 11. The current expectation is this issue will be resolved when OSP-12 switches from using puppet-ceph to ceph-ansible. ceph-ansible already manages ceph key distribution per the desired behavior in the bug description. For this reason, the team has said there's little desire to invest resources in fixing this in puppet-ceph. verified, the admin keyring is set only on the controllers Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462 |