ceph/qa/suites/rgw/crypt/2-kms/kmip.yaml

   1 overrides:
   2   ceph:
   3     conf:
   4       client:
   5         rgw crypt s3 kms backend: kmip
   6         rgw crypt kmip ca path: /etc/ceph/kmiproot.crt
   7         rgw crypt kmip client cert: /etc/ceph/kmip-client.crt
   8         rgw crypt kmip client key: /etc/ceph/kmip-client.key
   9         rgw crypt kmip kms key template: pykmip-$keyid
  10   rgw:
  11     client.0:
  12       use-pykmip-role: client.0
  13
  14 tasks:
  15 - openssl_keys:
  16     kmiproot:
  17       client: client.0
  18       cn: kmiproot
  19       key-type: rsa:4096
  20     kmip-server:
  21       client: client.0
  22       ca: kmiproot
  23     kmip-client:
  24       client: client.0
  25       ca: kmiproot
  26       cn: rgw-client
  27 - exec:
  28     client.0:
  29       - chmod 644 /home/ubuntu/cephtest/ca/kmip-client.key
  30 - pykmip:
  31     client.0:
  32       clientca: kmiproot
  33       servercert: kmip-server
  34       clientcert: kmip-client
  35       secrets:
  36       - name: pykmip-my-key-1
  37       - name: pykmip-my-key-2