From 80aff677d7651b913b1bc7dab26b8f373e13a7b6 Mon Sep 17 00:00:00 2001 From: Francesco Pantano Date: Mon, 14 Sep 2020 17:36:50 +0200 Subject: [PATCH] Add dashboard_tls_external ceph-ansible parameter This change adds the dashboard_tls_external parameter to the ceph-ansible group_vars when tls-everywhere is enabled. By doing this ceph-ansible looks for cert/keys on the overcloud nodes (where certmonger generates them) instead of assuming they're present in the undercloud. Change-Id: Ia8f537d847c1854893df0646fb59edfb2536de89 (cherry picked from commit 53d892a73c2265455f785a1b499d7bcaa0702039) --- deployment/ceph-ansible/ceph-base.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deployment/ceph-ansible/ceph-base.yaml b/deployment/ceph-ansible/ceph-base.yaml index 6508631b01..7f7df294db 100644 --- a/deployment/ceph-ansible/ceph-base.yaml +++ b/deployment/ceph-ansible/ceph-base.yaml @@ -338,6 +338,9 @@ parameters: type: string constraints: - allowed_values: ['swift', 'file', 'rbd', 's3'] + EnableInternalTLS: + type: boolean + default: false parameter_groups: - label: deprecated @@ -386,6 +389,7 @@ conditions: expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1] data: {get_param: ContainerCephDaemonImage} expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty() + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: ContainerImageUrlParts: @@ -667,6 +671,12 @@ outputs: if: - dashboard_is_enabled - map_merge: + - if: + - internal_tls_enabled + - + dashboard_tls_external: true + dashboard_grafana_api_no_ssl_verify: true + - {} - {get_attr: [CephBaseAnsibleVars, value, vars]} - dashboard_admin_password: {get_param: CephDashboardAdminPassword} - grafana_admin_password: {get_param: CephGrafanaAdminPassword}