Bug 1581573

Summary: ceph-radosgw: disable NSS PKI db when SSL is disabled
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Sébastien Han <shan>
Component: Ceph-AnsibleAssignee: Sébastien Han <shan>
Status: CLOSED ERRATA QA Contact: Yogev Rabl <yrabl>
Severity: low Docs Contact:
Priority: low    
Version: 3.0CC: adeza, aschoen, ceph-eng-bugs, ceph-qe-bugs, gabrioux, gmeno, hnallurv, nthomas, sankarshan, tserlin
Target Milestone: z4   
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: RHEL: ceph-ansible-3.0.35-1.el7cp Ubuntu: ceph-ansible_3.0.35-2redhat1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-11 18:11:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sébastien Han 2018-05-23 06:26:25 UTC 
The NSS PKI database is needed only if radosgw_keystone_ssl
is explicitly set to true, otherwise the SSL integration is
not enabled.

It is worth noting that the PKI support was removed from Keystone
starting from the Ocata release, so some code paths should be
changed anyway.
Comment 4 Guillaume Abrioux 2018-05-24 13:43:22 UTC 
fix will be in v3.1.0rc4 and 3.0.35
Comment 12 Sébastien Han 2018-06-11 12:38:58 UTC 
ceph DFG should test this, not ceph QE.
Comment 14 Yogev Rabl 2018-07-02 13:28:59 UTC 
Verified
Comment 16 errata-xmlrpc 2018-07-11 18:11:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2177