Make ceph_dashboard haproxy config parametric
This change adds some parameters needed to make the Ceph Dashboard
haproxy section working when in a tls-everywhere enabled scenario.
In addition, the purpose of the change is to make the haproxy Ceph
dashboard config consistent with the reference documentation [1]
that describes the ssl use case and its prerequisites [2].
[1] https://docs.ceph.com/en/latest/mgr/dashboard/#haproxy-example-configuration
[2] https://docs.ceph.com/en/latest/mgr/dashboard/#disable-the-redirection
Change-Id: Ifb7a8d25b27457965c4ece21fbbb448bf204e32c
(cherry picked from commit 1a5be7eca5
)
This commit is contained in:
parent
49ca4208e2
commit
9868aa6358
@ -370,7 +370,7 @@
|
||||
#
|
||||
# [*ceph_dashboard_network*]
|
||||
# (optional) Specify the network ceph_dashboard is running on.
|
||||
# Defaults to hiera('ceph_mgr', undef)
|
||||
# Defaults to hiera('ceph_dashboard_network', undef)
|
||||
#
|
||||
# [*cinder_network*]
|
||||
# (optional) Specify the network cinder is running on.
|
||||
@ -981,6 +981,11 @@ class tripleo::haproxy (
|
||||
}
|
||||
|
||||
if $ceph_dashboard {
|
||||
if $enable_internal_tls {
|
||||
$ceph_dashboard_tls_member_options = ['ssl check verify none']
|
||||
} else {
|
||||
$ceph_dashboard_tls_member_options = []
|
||||
}
|
||||
::tripleo::haproxy::endpoint { 'ceph_dashboard':
|
||||
internal_ip => hiera('ceph_dashboard_vip', $controller_virtual_ip),
|
||||
service_port => $ports[ceph_dashboard_port],
|
||||
@ -994,7 +999,7 @@ class tripleo::haproxy (
|
||||
'http-check' => 'expect rstatus 2[0-9][0-9]',
|
||||
}),
|
||||
service_network => $ceph_dashboard_network,
|
||||
member_options => union($haproxy_member_options, $internal_tls_member_options),
|
||||
member_options => union($haproxy_member_options, $ceph_dashboard_tls_member_options),
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user