Currently shared storage TLS was being enabled across volumes
which causes checks to be put in place, to ensure that all hosts
that form the cluster are part of the play, and also repeats the
play for as many volumes there are.
Changed this to run per gluster cluster group, which restricts the
number of times this is called, and further removed the check on
extra hosts in the play, as the role is included only for those
hosts that are part of the cluster group and not others.
The gap now is, any filtered role invocation of secure-shared-storage
that does not include all hosts in the cluster, but all hosts are present
as part of the play_hosts, will pass scrutiny and get executed.
NOTE: The above is not possible when using the existing playbooks
Currently shared storage TLS was being enabled across volumes which causes checks to be put in place, to ensure that all hosts that form the cluster are part of the play, and also repeats the play for as many volumes there are.
Changed this to run per gluster cluster group, which restricts the number of times this is called, and further removed the check on extra hosts in the play, as the role is included only for those hosts that are part of the cluster group and not others.
The gap now is, any filtered role invocation of secure-shared-storage that does not include all hosts in the cluster, but all hosts are present as part of the play_hosts, will pass scrutiny and get executed.
NOTE: The above is not possible when using the existing playbooks
This fixes #44
Signed-off-by: ShyamsundarR srangana@redhat.com