From 53d892a73c2265455f785a1b499d7bcaa0702039 Mon Sep 17 00:00:00 2001
From: Francesco Pantano <fpantano@redhat.com>
Date: Mon, 14 Sep 2020 17:36:50 +0200
Subject: [PATCH] Add dashboard_tls_external ceph-ansible parameter

This change adds the dashboard_tls_external parameter
to the ceph-ansible group_vars when tls-everywhere is
enabled.
By doing this ceph-ansible looks for cert/keys on the
overcloud nodes (where certmonger generates them)
instead of assuming they're present in the undercloud.

Change-Id: Ia8f537d847c1854893df0646fb59edfb2536de89
---
 deployment/ceph-ansible/ceph-base.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deployment/ceph-ansible/ceph-base.yaml b/deployment/ceph-ansible/ceph-base.yaml
index 5b6894c45f..d74c254c87 100644
--- a/deployment/ceph-ansible/ceph-base.yaml
+++ b/deployment/ceph-ansible/ceph-base.yaml
@@ -326,6 +326,9 @@ parameters:
     type: string
     constraints:
     - allowed_values: ['swift', 'file', 'rbd', 's3']
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 parameter_groups:
 - label: deprecated
@@ -374,6 +377,7 @@ conditions:
     equals:
       - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
       - 6
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
   ContainerImageUrlParts:
@@ -615,6 +619,12 @@ outputs:
                   if:
                   - dashboard_is_enabled
                   - map_merge:
+                    - if:
+                      - internal_tls_enabled
+                      -
+                        dashboard_tls_external: true
+                        dashboard_grafana_api_no_ssl_verify: true
+                      - {}
                     - {get_attr: [CephBaseAnsibleVars, value, vars]}
                     - dashboard_admin_password: {get_param: CephDashboardAdminPassword}
                     - grafana_admin_password: {get_param: CephGrafanaAdminPassword}