diff --git a/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py b/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py index a2f83e003..a976c2edb 100644 --- a/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py +++ b/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py @@ -42,7 +42,8 @@ ALLOWED_SPEC_KEYS = { 'rgw_frontend_type', 'rgw_realm', 'rgw_zone', - 'rgw_ip_address' + 'rgw_ip_address', + 'rgw_frontend_ssl_certificate' ], 'nfs': [ 'namespace', @@ -206,8 +207,8 @@ class CephDaemonSpec(object): # append the spec if provided if len(self.spec.keys()) > 0: - if(self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS)): - sp = {'spec': self.spec} + if self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS): + sp = {'spec': self.filter_spec(self.spec)} else: raise Exception("Fatal: the spec should be composed by only allowed keywords") @@ -215,6 +216,9 @@ class CephDaemonSpec(object): spec_template = {**spec_template, **ntw, **self.extra, **pl, **sp} return spec_template + def filter_spec(self, spec): + return {k: v for k, v in spec.items() if v} + def validate_keys(self, spec, ALLOWED_KEYS): ''' When the spec section is created, if constraints are diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py b/tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py index de8e123d4..7f617df55 100644 --- a/tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py +++ b/tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py @@ -184,11 +184,21 @@ def render(path, content): if path is not None and len(path) > 0: with open(path, 'w') as f: f.write('---\n') - f.write(yaml.dump(content, indent=2)) + f.write(yaml.safe_dump(content, indent=2)) else: print('Nothing to dump!') +def repr_str(dumper, data): + if '\n' in data: + return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style='|') + return dumper.org_represent_str(data) + + +yaml.SafeDumper.org_represent_str = yaml.SafeDumper.represent_str +yaml.add_representer(str, repr_str, Dumper=yaml.SafeDumper) + + def run_module(): module = AnsibleModule( diff --git a/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml b/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml index 8bee03be0..f1a91ee80 100644 --- a/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml @@ -44,5 +44,6 @@ tripleo_cephadm_conf_overrides: {} tripleo_cephadm_fsid_list: [] tripleo_cephadm_fqdn: false tripleo_cephadm_crush_rules: [] +tripleo_cephadm_internal_tls_enabled: false # todo(fultonj) add is_hci boolean for target memory # https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/Z77XO23JPXDNHKM7IG6UN4URYKA6L7VH/ diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml index c0c624649..7f7367ff2 100644 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml +++ b/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml @@ -39,11 +39,19 @@ rgw_frontend_port: "{{ radosgw_frontend_port }}" rgw_realm: 'default' rgw_zone: 'default' + rgw_frontend_ssl_certificate: "{{ rgw_frontend_cert }}" render_path: "{{ tripleo_cephadm_spec_home }}" networks: "{{ radosgw_address_block }}" register: spc environment: CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" + vars: + rgw_frontend_cert: |- + {% set fcert_lookup = '' %} + {% if tripleo_cephadm_internal_tls_enabled | bool %} + {% set fcert_lookup = lookup('file', radosgw_frontend_ssl_certificate) %} + {% endif %} + {{ fcert_lookup }} when: - tripleo_enabled_services | intersect(['ceph_rgw']) diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml index 463346324..a6fa0e76d 100644 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml +++ b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml @@ -122,3 +122,4 @@ tripleo_enabled_services: {{ enabled_services | default([]) }} tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}" tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}" + tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}"