Bug 1994930
Summary: | [gss][ceph-ansible][iscsigw]ceph-ansible automatically appending trusted_ip_list=192.168.122.1 in iscsi-gateway.cfg | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Geo Jose <gjose> |
Component: | Ceph-Ansible | Assignee: | Guillaume Abrioux <gabrioux> |
Status: | CLOSED ERRATA | QA Contact: | Ameena Suhani S H <amsyedha> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.2 | CC: | aschoen, ceph-eng-bugs, dsavinea, gabrioux, gmeno, lithomas, nthomas, pdhange, rmandyam, tserlin, vereddy, ykaul |
Target Milestone: | --- | ||
Target Release: | 4.3 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ceph-ansible-4.0.65-1.el8cp, ceph-ansible-4.0.65-1.el7cp | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-05 07:53:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Geo Jose
2021-08-18 08:09:23 UTC
- As per roles/ceph-iscsi-gw, this is the template file which is creating iscsi-gateway.cfg: $ cat templates/iscsi-gateway.cfg.j2 # This is seed configuration used by the ceph_iscsi_config modules # when handling configuration tasks for iscsi gateway(s) # # {{ ansible_managed }} [config] cluster_name = {{ cluster }} # API settings. # The API supports a number of options that allow you to tailor it to your # local environment. If you want to run the API under https, you will need to # create cert/key files that are compatible for each iSCSI gateway node, that is # not locked to a specific node. SSL cert and key files *must* be called # 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory # on *each* gateway node. With the SSL files in place, you can use 'api_secure = true' # to switch to https mode. # To support the API, the bear minimum settings are: api_secure = {{ api_secure }} # Optional settings related to the CLI/API service api_user = {{ api_user }} api_password = {{ api_password }} api_port = {{ api_port }} loop_delay = {{ loop_delay }} trusted_ip_list = {{ trusted_ip_list }} <<=== $ grep 'trusted' /usr/share/ceph-ansible/group_vars/iscsigws.yml #trusted_ip_list: 192.168.122.1 - From /usr/share/ceph-ansible/roles/ceph-iscsi-gw/defaults/main.yml ################## # RBD-TARGET-API # ################## # Optional settings related to the CLI/API service api_user: admin api_password: admin api_port: 5000 api_secure: false loop_delay: 1 trusted_ip_list: 192.168.122.1 <<=== Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1716 |