Make ceph_dashboard haproxy config parametric

This change adds some parameters needed to make the Ceph Dashboard haproxy section working when in a tls-everywhere enabled scenario. In addition, the purpose of the change is to make the haproxy Ceph dashboard config consistent with the reference documentation [1] that describes the ssl use case and its prerequisites [2]. [1] https://docs.ceph.com/en/latest/mgr/dashboard/#haproxy-example-configuration [2] https://docs.ceph.com/en/latest/mgr/dashboard/#disable-the-redirection Depends-On: I237272bd9afaaf1d82ead341368af985073326ca Change-Id: Ifb7a8d25b27457965c4ece21fbbb448bf204e32c (cherry picked from commit 1a5be7eca5)
2020-10-02 10:48:53 +02:00 · 2020-10-02 10:48:53 +02:00 · c49d8de7b6
parent f716ef5a85
commit c49d8de7b6
1 changed files with 7 additions and 2 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -394,7 +394,7 @@
 #
 # [*ceph_dashboard_network*]
 #  (optional) Specify the network ceph_dashboard is running on.
-#  Defaults to hiera('ceph_mgr', undef)
+#  Defaults to hiera('ceph_dashboard_network', undef)
 #
 # [*cinder_network*]
 #  (optional) Specify the network cinder is running on.
@ -1071,6 +1071,11 @@ class tripleo::haproxy (
  }

  if $ceph_dashboard {
+    if $enable_internal_tls {
+      $ceph_dashboard_tls_member_options = ['ssl check verify none']
+    } else {
+      $ceph_dashboard_tls_member_options = []
+    }
    ::tripleo::haproxy::endpoint { 'ceph_dashboard':
      internal_ip     => hiera('ceph_dashboard_vip', $controller_virtual_ip),
      service_port    => $ports[ceph_dashboard_port],
@ -1084,7 +1089,7 @@ class tripleo::haproxy (
        'http-check' => 'expect rstatus 2[0-9][0-9]',
      }),
      service_network => $ceph_dashboard_network,
-      member_options  => union($haproxy_member_options, $internal_tls_member_options),
+      member_options  => union($haproxy_member_options, $ceph_dashboard_tls_member_options),
    }
  }