Add dashboard_tls_external ceph-ansible parameter

This change adds the dashboard_tls_external parameter to the ceph-ansible group_vars when tls-everywhere is enabled. By doing this ceph-ansible looks for cert/keys on the overcloud nodes (where certmonger generates them) instead of assuming they're present in the undercloud. Change-Id: Ia8f537d847c1854893df0646fb59edfb2536de89 (cherry picked from commit 53d892a73c)
2020-09-14 17:36:50 +02:00 · 2020-09-14 17:36:50 +02:00 · 80aff677d7
parent c6ef0f2ace
commit 80aff677d7
1 changed files with 10 additions and 0 deletions
--- a/deployment/ceph-ansible/ceph-base.yaml
+++ b/deployment/ceph-ansible/ceph-base.yaml
@ -338,6 +338,9 @@ parameters:
    type: string
    constraints:
    - allowed_values: ['swift', 'file', 'rbd', 's3']
+  EnableInternalTLS:
+    type: boolean
+    default: false

 parameter_groups:
 - label: deprecated
@ -386,6 +389,7 @@ conditions:
                expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
                data: {get_param: ContainerCephDaemonImage}
            expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

 resources:
  ContainerImageUrlParts:
@ -667,6 +671,12 @@ outputs:
                  if:
                  - dashboard_is_enabled
                  - map_merge:
+                    - if:
+                      - internal_tls_enabled
+                      -
+                        dashboard_tls_external: true
+                        dashboard_grafana_api_no_ssl_verify: true
+                      - {}
                    - {get_attr: [CephBaseAnsibleVars, value, vars]}
                    - dashboard_admin_password: {get_param: CephDashboardAdminPassword}
                    - grafana_admin_password: {get_param: CephGrafanaAdminPassword}