openstack
/
puppet-tripleo
Code Issues Proposed changes

Fix tls related grafana check in the cephadm context 

When grafana is deployed by cephadm as part of the Ceph cluster monitoring
stack, the key/cert info are stored within the Ceph monitors' config-key
store.
This change allows to avoid haproxy producing several tls errors related
to this config change in Ceph.

Depends-On: Ia6f6c472a8f7332ae3e998078f167f5f7d027857
Change-Id: Ibaca9010269e84e7a97c66ed419886796a011df9
This commit is contained in:
Francesco Pantano 2022-06-28 13:26:10 +02:00
parent 8a9ccd3fed
commit f593a9a09f
No known key found for this signature in database
GPG Key ID: 0458D4D1F41BD75C
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
manifests/haproxy.pp
View File

@ -956,6 +956,11 @@ class tripleo::haproxy (
}
if $ceph_grafana {
if $enable_internal_tls {
$ceph_grafana_tls_member_options = ['ssl check verify none']
} else {
$ceph_grafana_tls_member_options = []
}
::tripleo::haproxy::endpoint { 'ceph_grafana':
internal_ip => hiera('ceph_dashboard_vip', $controller_virtual_ip),
service_port => $ports[ceph_grafana_port],
@ -973,7 +978,7 @@ class tripleo::haproxy (
'balance' => 'source',
}),
service_network => $ceph_grafana_network,
member_options => union($haproxy_member_options, $internal_tls_member_options),
member_options => union($haproxy_member_options, $ceph_grafana_tls_member_options),
}
::tripleo::haproxy::endpoint { 'ceph_prometheus':
internal_ip => hiera('ceph_grafana_vip', $controller_virtual_ip),