Correct how we fetch certificate for cephadm/rgw

lookup is a local thing, so it's trying to get the certificate from the undercloud instead of the remote node. Change-Id: I67e6a877f551de3dd620ce1257968b6b3affbb98
2021-11-04 15:08:30 +01:00 · 2021-11-04 15:08:30 +01:00 · 88de955d0d
parent 90633c5d58
commit 88de955d0d
1 changed files with 9 additions and 6 deletions
--- a/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml
+++ b/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml
@ -29,6 +29,14 @@
      with_items: "{{ groups['ceph_rgw'] }}"
      when: not tripleo_cephadm_fqdn | bool

+    - name: Get certificate from remote node if needed
+      become: true
+      when:
+        - tripleo_cephadm_internal_tls_enabled | bool
+      register: slurp_cert
+      ansible.builtin.slurp:
+        src: "{{ radosgw_frontend_ssl_certificate | default('/etc/pki/tls/certs/ceph_rgw.crt')}}"
+
    - name: Create the RGW Daemon spec definition
      become: true
      ceph_mkspec:
@ -48,11 +56,6 @@
        CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
        CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
      vars:
-        rgw_frontend_cert: |-
-          {% set fcert_lookup = '' %}
-          {% if tripleo_cephadm_internal_tls_enabled | bool %}
-          {%   set fcert_lookup = lookup('file', radosgw_frontend_ssl_certificate) %}
-          {% endif %}
-          {{ fcert_lookup }}
+        rgw_frontend_cert: "{{ slurp_cert.get('content', '') | b64decode }}"
  when:
    - tripleo_enabled_services | intersect(['ceph_rgw'])