Allow tripleo_cephadm to process tls info when provided
When internal_tls is true, step1 runs the linux-system-roles.certificate which is able to produce the ceph_rgw.pem file [1]. When this info is available, we need to make sure that cephadm is able to process it using the spec, and it's included in the deployed rgw(s) instances. If the rgw_frontend_ssl_certificate is empty, then this key can be ignored (this means tls is not enabled). The ceph_spec module is now able to filter and drop empty keys if the value is not provided when the spec dict is built. [1] https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/cephadm/ceph-rgw.yaml#L169 Change-Id: I22b93cc1057b5894e2c8342c578a3b8080b542ae
This commit is contained in:
parent
168541b0de
commit
417588a589
|
@ -42,7 +42,8 @@ ALLOWED_SPEC_KEYS = {
|
|||
'rgw_frontend_type',
|
||||
'rgw_realm',
|
||||
'rgw_zone',
|
||||
'rgw_ip_address'
|
||||
'rgw_ip_address',
|
||||
'rgw_frontend_ssl_certificate'
|
||||
],
|
||||
'nfs': [
|
||||
'namespace',
|
||||
|
@ -206,8 +207,8 @@ class CephDaemonSpec(object):
|
|||
|
||||
# append the spec if provided
|
||||
if len(self.spec.keys()) > 0:
|
||||
if(self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS)):
|
||||
sp = {'spec': self.spec}
|
||||
if self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS):
|
||||
sp = {'spec': self.filter_spec(self.spec)}
|
||||
else:
|
||||
raise Exception("Fatal: the spec should be composed by only allowed keywords")
|
||||
|
||||
|
@ -215,6 +216,9 @@ class CephDaemonSpec(object):
|
|||
spec_template = {**spec_template, **ntw, **self.extra, **pl, **sp}
|
||||
return spec_template
|
||||
|
||||
def filter_spec(self, spec):
|
||||
return {k: v for k, v in spec.items() if v}
|
||||
|
||||
def validate_keys(self, spec, ALLOWED_KEYS):
|
||||
'''
|
||||
When the spec section is created, if constraints are
|
||||
|
|
|
@ -184,11 +184,21 @@ def render(path, content):
|
|||
if path is not None and len(path) > 0:
|
||||
with open(path, 'w') as f:
|
||||
f.write('---\n')
|
||||
f.write(yaml.dump(content, indent=2))
|
||||
f.write(yaml.safe_dump(content, indent=2))
|
||||
else:
|
||||
print('Nothing to dump!')
|
||||
|
||||
|
||||
def repr_str(dumper, data):
|
||||
if '\n' in data:
|
||||
return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style='|')
|
||||
return dumper.org_represent_str(data)
|
||||
|
||||
|
||||
yaml.SafeDumper.org_represent_str = yaml.SafeDumper.represent_str
|
||||
yaml.add_representer(str, repr_str, Dumper=yaml.SafeDumper)
|
||||
|
||||
|
||||
def run_module():
|
||||
|
||||
module = AnsibleModule(
|
||||
|
|
|
@ -44,5 +44,6 @@ tripleo_cephadm_conf_overrides: {}
|
|||
tripleo_cephadm_fsid_list: []
|
||||
tripleo_cephadm_fqdn: false
|
||||
tripleo_cephadm_crush_rules: []
|
||||
tripleo_cephadm_internal_tls_enabled: false
|
||||
# todo(fultonj) add is_hci boolean for target memory
|
||||
# https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/Z77XO23JPXDNHKM7IG6UN4URYKA6L7VH/
|
||||
|
|
|
@ -39,11 +39,19 @@
|
|||
rgw_frontend_port: "{{ radosgw_frontend_port }}"
|
||||
rgw_realm: 'default'
|
||||
rgw_zone: 'default'
|
||||
rgw_frontend_ssl_certificate: "{{ rgw_frontend_cert }}"
|
||||
render_path: "{{ tripleo_cephadm_spec_home }}"
|
||||
networks: "{{ radosgw_address_block }}"
|
||||
register: spc
|
||||
environment:
|
||||
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
|
||||
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
|
||||
vars:
|
||||
rgw_frontend_cert: |-
|
||||
{% set fcert_lookup = '' %}
|
||||
{% if tripleo_cephadm_internal_tls_enabled | bool %}
|
||||
{% set fcert_lookup = lookup('file', radosgw_frontend_ssl_certificate) %}
|
||||
{% endif %}
|
||||
{{ fcert_lookup }}
|
||||
when:
|
||||
- tripleo_enabled_services | intersect(['ceph_rgw'])
|
||||
|
|
|
@ -122,3 +122,4 @@
|
|||
tripleo_enabled_services: {{ enabled_services | default([]) }}
|
||||
tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}"
|
||||
tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}"
|
||||
tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}"
|
||||
|
|
Loading…
Reference in New Issue