qa/suites/rgw/crypt/2-kms/kmip.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

overrides:
  ceph:
    conf:
      client:
        rgw crypt s3 kms backend: kmip
        rgw crypt kmip ca path: /etc/ceph/kmiproot.crt
        rgw crypt kmip client cert: /etc/ceph/kmip-client.crt
        rgw crypt kmip client key: /etc/ceph/kmip-client.key
        rgw crypt kmip kms key template: pykmip-$keyid
  rgw:
    client.0:
      use-pykmip-role: client.0

tasks:
- openssl_keys:
    kmiproot:
      client: client.0
      cn: kmiproot
      key-type: rsa:4096
    kmip-server:
      client: client.0
      ca: kmiproot
    kmip-client:
      client: client.0
      ca: kmiproot
      cn: rgw-client
- exec:
    client.0:
      - chmod 644 /home/ubuntu/cephtest/ca/kmip-client.key
- pykmip:
    client.0:
      clientca: kmiproot
      servercert: kmip-server
      clientcert: kmip-client
      secrets:
      - name: pykmip-my-key-1
      - name: pykmip-my-key-2