Browse Source

Merge "Allow tripleo_cephadm to process tls info when provided"

changes/89/788189/1
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
f01c7a2b37
5 changed files with 28 additions and 4 deletions
  1. +7
    -3
      tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py
  2. +11
    -1
      tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py
  3. +1
    -0
      tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml
  4. +8
    -0
      tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml
  5. +1
    -0
      tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml

+ 7
- 3
tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py View File

@ -42,7 +42,8 @@ ALLOWED_SPEC_KEYS = {
'rgw_frontend_type',
'rgw_realm',
'rgw_zone',
'rgw_ip_address'
'rgw_ip_address',
'rgw_frontend_ssl_certificate'
],
'nfs': [
'namespace',
@ -206,8 +207,8 @@ class CephDaemonSpec(object):
# append the spec if provided
if len(self.spec.keys()) > 0:
if(self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS)):
sp = {'spec': self.spec}
if self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS):
sp = {'spec': self.filter_spec(self.spec)}
else:
raise Exception("Fatal: the spec should be composed by only allowed keywords")
@ -215,6 +216,9 @@ class CephDaemonSpec(object):
spec_template = {**spec_template, **ntw, **self.extra, **pl, **sp}
return spec_template
def filter_spec(self, spec):
return {k: v for k, v in spec.items() if v}
def validate_keys(self, spec, ALLOWED_KEYS):
'''
When the spec section is created, if constraints are


+ 11
- 1
tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py View File

@ -184,11 +184,21 @@ def render(path, content):
if path is not None and len(path) > 0:
with open(path, 'w') as f:
f.write('---\n')
f.write(yaml.dump(content, indent=2))
f.write(yaml.safe_dump(content, indent=2))
else:
print('Nothing to dump!')
def repr_str(dumper, data):
if '\n' in data:
return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style='|')
return dumper.org_represent_str(data)
yaml.SafeDumper.org_represent_str = yaml.SafeDumper.represent_str
yaml.add_representer(str, repr_str, Dumper=yaml.SafeDumper)
def run_module():
module = AnsibleModule(


+ 1
- 0
tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml View File

@ -44,5 +44,6 @@ tripleo_cephadm_conf_overrides: {}
tripleo_cephadm_fsid_list: []
tripleo_cephadm_fqdn: false
tripleo_cephadm_crush_rules: []
tripleo_cephadm_internal_tls_enabled: false
# todo(fultonj) add is_hci boolean for target memory
# https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/Z77XO23JPXDNHKM7IG6UN4URYKA6L7VH/

+ 8
- 0
tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml View File

@ -39,11 +39,19 @@
rgw_frontend_port: "{{ radosgw_frontend_port }}"
rgw_realm: 'default'
rgw_zone: 'default'
rgw_frontend_ssl_certificate: "{{ rgw_frontend_cert }}"
render_path: "{{ tripleo_cephadm_spec_home }}"
networks: "{{ radosgw_address_block }}"
register: spc
environment:
CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}"
CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}"
vars:
rgw_frontend_cert: |-
{% set fcert_lookup = '' %}
{% if tripleo_cephadm_internal_tls_enabled | bool %}
{% set fcert_lookup = lookup('file', radosgw_frontend_ssl_certificate) %}
{% endif %}
{{ fcert_lookup }}
when:
- tripleo_enabled_services | intersect(['ceph_rgw'])

+ 1
- 0
tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml View File

@ -122,3 +122,4 @@
tripleo_enabled_services: {{ enabled_services | default([]) }}
tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}"
tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}"
tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}"

Loading…
Cancel
Save