Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1488999

Summary: [ceph-ansible] [ceph-container] : admin keyring getting copied to mds node even if copy_admin_key is set to false
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Vasishta <vashastr>
Component: Ceph-AnsibleAssignee: Guillaume Abrioux <gabrioux>
Status: CLOSED ERRATA QA Contact: Vasishta <vashastr>
Severity: low Docs Contact:
Priority: low    
Version: 3.0CC: adeza, anharris, aschoen, ceph-eng-bugs, gmeno, hnallurv, kdreyer, nthomas, sankarshan, seb, shan
Target Milestone: rc   
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: RHEL: ceph-ansible-3.0.0-0.1.rc14.el7cp Ubuntu: ceph-ansible_3.0.0~rc14-2redhat1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-05 23:42:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File contains contents ansible-playbook log, inventory file snippet, osds.yml contents none

Description Vasishta 2017-09-06 14:55:58 UTC 
Description of problem:
Client admin keyring file is getting copied to mds node even if copy_admin_key in mdss.yml is set to false

Version-Release number of selected component (if applicable):
ceph-ansible-3.0.0-0.1.rc4.el7cp.noarch

How reproducible:
Always (2/2)

Steps to Reproduce:
1. Configure ceph-ansible to setup a cluster with one mds node.
2. Run ansible-playbook site-docker.yml
3. Observe admin keyring copied into /etc/ceph directory of mds node

Actual results:
Client admin keyring file is getting copied to mds node even if copy_admin_key in mdss.yml is set to false

Expected results:
Client admin keyring file must not be copied to mds node even if copy_admin_key in mdss.yml is set to false

Additional info:
$ cat group_vars/mdss.yml | grep admin
------------------------
#copy_admin_key: false
Comment 5 Vasishta 2017-09-26 11:15:30 UTC 
Created attachment 1331002 [details]
File contains contents ansible-playbook log, inventory file snippet, osds.yml contents

Hi Guillaume,

I faced this issue even on OSD nodes along with mds nodes.
Moving back to ASSIGNED state.
 
$ rpm -qa|grep ceph-ansible
ceph-ansible-3.0.0-0.1.rc11.el7cp.noarch

Regards,
Vasishta
Comment 6 Guillaume Abrioux 2017-10-02 13:19:48 UTC 
Fixed upstream :
https://github.com/ceph/ceph-ansible/commit/62770cd7de0f47cc0afc7eab2dcdadb5b1b356d2
Comment 7 Ken Dreyer (Red Hat) 2017-10-02 15:40:37 UTC 
Guillaume or SĂ©bastien, would you please tag a new ceph-ansible version upstream with this change so we know to pull it downstream?
Comment 8 Guillaume Abrioux 2017-10-02 15:43:58 UTC 
Ken,

Sebastien has tagged v3.0.0rc14 upstream with this change.
Comment 12 Vasishta 2017-10-11 16:06:03 UTC 
Working fine, Moving to VERIFIED state.
(ceph-ansible-3.0.0-0.1.rc19.el7cp.noarch)
Comment 15 errata-xmlrpc 2017-12-05 23:42:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3387