Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use Jira Cloud for all bug tracking management.

Bug 1498583

Summary: [ceph-ansible] : admin, mon, mgr keyrings being copied to all nodes of the cluster
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Vasishta <vashastr>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED ERRATA QA Contact: Sidhant Agrawal <sagrawal>
Severity: low Docs Contact:
Priority: medium    
Version: 3.0CC: adeza, anharris, aschoen, ceph-eng-bugs, gabrioux, gmeno, hnallurv, nthomas, sankarshan, shan
Target Milestone: rc   
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: RHEL: ceph-ansible-3.0.0-0.1.rc17 Ubuntu: ceph-ansible-3.0.0~rc17-2redhat1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-05 23:46:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File contains terminal log snippet, ansible-playbook log none

Description Vasishta 2017-10-04 16:45:41 UTC 
Created attachment 1334378 [details]
File contains terminal log snippet, ansible-playbook log

Description of problem:
client.admin keyring, mgr keyrings, monitor keyrings are getting copied to all nodes of the cluster. 
admin keyring is getting copied to all nodes irrespective of value set for copy_admin_key variable in respective yml files.

Version-Release number of selected component (if applicable):
ceph-ansible-3.0.0-0.1.rc15.el7cp.noarch

How reproducible:
Always

Steps to Reproduce:
1. Configure ceph-ansible to get a cluster up without setting any value for copy_admin_keyring in all yml files in group_vars.
2. Run playbook.


Actual results:
admin, mon, mgr keyrings being copied to all nodes of the cluster

Expected results:
Nodes must be having only keyrings needed to run the services running in that particular node.

(Attachment contains ansible log of the latest run which had only configured mgrs and terminal log snippet showcasing presence of all keyrings on all nodes irrespective of services running on particular node)
Comment 2 Guillaume Abrioux 2017-10-04 23:31:59 UTC 
waiting for the PR upstream to be merged.
Comment 3 Guillaume Abrioux 2017-10-05 12:32:38 UTC 
upstream fix : https://github.com/ceph/ceph-ansible/commit/70e2787fe2970f4e255d013cd51658ebf3125ea3

will be in rc17
Comment 6 Sidhant Agrawal 2017-10-30 11:35:05 UTC 
Verified on ceph-ansible-3.0.6-1.el7cp.noarch.

Looks fine to me.
Comment 9 errata-xmlrpc 2017-12-05 23:46:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3387