Add dashboard_tls_external ceph-ansible parameter

This change adds the dashboard_tls_external parameter
to the ceph-ansible group_vars when tls-everywhere is
enabled.
By doing this ceph-ansible looks for cert/keys on the
overcloud nodes (where certmonger generates them)
instead of assuming they're present in the undercloud.

Change-Id: Ia8f537d847c1854893df0646fb59edfb2536de89
This commit is contained in:
Francesco Pantano 2020-09-14 17:36:50 +02:00
parent 003effe1a1
commit 53d892a73c
No known key found for this signature in database
GPG Key ID: 799868C47301D458
1 changed files with 10 additions and 0 deletions

View File

@ -326,6 +326,9 @@ parameters:
type: string type: string
constraints: constraints:
- allowed_values: ['swift', 'file', 'rbd', 's3'] - allowed_values: ['swift', 'file', 'rbd', 's3']
EnableInternalTLS:
type: boolean
default: false
parameter_groups: parameter_groups:
- label: deprecated - label: deprecated
@ -374,6 +377,7 @@ conditions:
equals: equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6 - 6
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources: resources:
ContainerImageUrlParts: ContainerImageUrlParts:
@ -615,6 +619,12 @@ outputs:
if: if:
- dashboard_is_enabled - dashboard_is_enabled
- map_merge: - map_merge:
- if:
- internal_tls_enabled
-
dashboard_tls_external: true
dashboard_grafana_api_no_ssl_verify: true
- {}
- {get_attr: [CephBaseAnsibleVars, value, vars]} - {get_attr: [CephBaseAnsibleVars, value, vars]}
- dashboard_admin_password: {get_param: CephDashboardAdminPassword} - dashboard_admin_password: {get_param: CephDashboardAdminPassword}
- grafana_admin_password: {get_param: CephGrafanaAdminPassword} - grafana_admin_password: {get_param: CephGrafanaAdminPassword}