Add the certificate specs in ceph_mgr service
In order to meet the tls cert request requirements, this change adds the tht config and metadata settings when the ceph dashboard is enabled. Change-Id: I888bb421eaa6b82ebac57a5420fc60fc4744840a
This commit is contained in:
Francesco Pantano
parent
cd89b10e96
commit
d3d66f6182
@ -32,19 +32,28 @@ parameters:
|
||||
type: json
|
||||
CephDashboardAdminUser:
|
||||
default: 'admin'
|
||||
description: Admin user for grafana component
|
||||
description: Admin user for the dashboard component
|
||||
type: string
|
||||
CephDashboardAdminPassword:
|
||||
description: Admin password for grafana component
|
||||
description: Admin password for the dashboard component
|
||||
type: string
|
||||
hidden: true
|
||||
CephEnableDashboard:
|
||||
type: boolean
|
||||
default: false
|
||||
description: Parameter used to trigger the dashboard deployment.
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
conditions:
|
||||
dashboard_enabled: {equals: [{get_param: CephEnableDashboard}, true]}
|
||||
internal_tls_enabled:
|
||||
and:
|
||||
- dashboard_enabled
|
||||
- equals:
|
||||
- get_param: EnableInternalTLS
|
||||
- true
|
||||
|
||||
resources:
|
||||
CephBase:
|
||||
@ -70,6 +79,8 @@ resources:
|
||||
dashboard_rgw_api_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
dashboard_rgw_api_scheme: {get_param: [EndpointMap, CephRgwInternal, protocol]}
|
||||
dashboard_rgw_api_no_ssl_verify: false
|
||||
dashboard_port: 8444
|
||||
dashboard_frontend_vip: {get_param: [EndpointMap, CephGrafanaInternal, host]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -83,7 +94,7 @@ outputs:
|
||||
- - '6800-7300'
|
||||
- if:
|
||||
- dashboard_enabled
|
||||
- - '8443'
|
||||
- - '8444'
|
||||
- []
|
||||
upgrade_tasks: []
|
||||
puppet_config:
|
||||
@ -100,10 +111,47 @@ outputs:
|
||||
block:
|
||||
- name: set ceph-ansible group vars mgrs
|
||||
set_fact:
|
||||
ceph_ansible_group_vars_mgrs: {get_attr: [CephMgrAnsibleVars, value, vars]}
|
||||
ceph_ansible_group_vars_mgrs:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
map_merge:
|
||||
- {get_attr: [CephMgrAnsibleVars, value, vars]}
|
||||
- dashboard_crt: /etc/pki/tls/certs/ceph_dashboard.crt
|
||||
- dashboard_key: /etc/pki/tls/private/ceph_dashboard.key
|
||||
- {get_attr: [CephMgrAnsibleVars, value, vars]}
|
||||
- name: generate ceph-ansible group vars mgrs
|
||||
copy:
|
||||
dest: "{{playbook_dir}}/ceph-ansible/group_vars/mgrs.yml"
|
||||
content: "{{ceph_ansible_group_vars_mgrs|to_nice_yaml}}"
|
||||
external_update_tasks: {get_attr: [CephBase, role_data, external_update_tasks]}
|
||||
external_upgrade_tasks: {get_attr: [CephBase, role_data, external_upgrade_tasks]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
generate_service_certificates: true
|
||||
ceph_dashboard_certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/ceph_dashboard.crt'
|
||||
service_key: '/etc/pki/tls/private/ceph_dashboard.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "ceph_dashboard/%{hiera('fqdn_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, CephDashboardNetwork]}
|
||||
postsave_cmd: "/usr/bin/certmonger-dashboard-refresh.sh"
|
||||
- {}
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: ceph_dashboard
|
||||
network: {get_param: [ServiceNetMap, CephDashboardNetwork]}
|
||||
type: node
|
||||
- null
|
||||
|
||||
@ -22,6 +22,7 @@ parameter_defaults:
|
||||
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
CephDashboardInternal: {protocol: http, port: '8444', host: IP_ADDRESS}
|
||||
CephGrafanaInternal: {protocol: http, port: '3100', host: IP_ADDRESS}
|
||||
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
|
||||
@ -18,6 +18,7 @@ parameter_defaults:
|
||||
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'CLOUDNAME'}
|
||||
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'CLOUDNAME'}
|
||||
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
|
||||
@ -18,6 +18,7 @@ parameter_defaults:
|
||||
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
|
||||
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'IP_ADDRESS'}
|
||||
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'IP_ADDRESS'}
|
||||
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
|
||||
@ -18,6 +18,7 @@ parameter_defaults:
|
||||
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'CLOUDNAME'}
|
||||
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'CLOUDNAME'}
|
||||
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||
|
||||
@ -269,6 +269,11 @@ Swift:
|
||||
port: 3000
|
||||
port: 8080
|
||||
|
||||
CephDashboard:
|
||||
Internal:
|
||||
net_param: CephDashboard
|
||||
port: 8444
|
||||
|
||||
CephGrafana:
|
||||
Internal:
|
||||
net_param: CephGrafana
|
||||
|
||||
@ -43,6 +43,10 @@ parameters:
|
||||
protocol: http
|
||||
port: '9311'
|
||||
host: IP_ADDRESS
|
||||
CephDashboardInternal:
|
||||
protocol: http
|
||||
port: '8444'
|
||||
host: IP_ADDRESS
|
||||
CephGrafanaInternal:
|
||||
protocol: http
|
||||
port: '3100'
|
||||
@ -1139,6 +1143,133 @@ outputs:
|
||||
- EndpointMap
|
||||
- BarbicanPublic
|
||||
- port
|
||||
CephDashboardInternal:
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
template: NETWORK_uri
|
||||
host_nobrackets:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- port
|
||||
protocol:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- protocol
|
||||
uri:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- port
|
||||
uri_no_suffix:
|
||||
make_url:
|
||||
scheme:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- protocol
|
||||
host:
|
||||
str_replace:
|
||||
template:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- host
|
||||
params:
|
||||
CLOUDNAME:
|
||||
get_param:
|
||||
- CloudEndpoints
|
||||
- get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
IP_ADDRESS:
|
||||
get_param:
|
||||
- NetIpMap
|
||||
- str_replace:
|
||||
params:
|
||||
NETWORK:
|
||||
get_param:
|
||||
- ServiceNetMap
|
||||
- CephDashboardNetwork
|
||||
template: NETWORK_uri
|
||||
port:
|
||||
get_param:
|
||||
- EndpointMap
|
||||
- CephDashboardInternal
|
||||
- port
|
||||
CephGrafanaInternal:
|
||||
host:
|
||||
str_replace:
|
||||
|
||||
@ -74,6 +74,7 @@ parameters:
|
||||
MysqlNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
|
||||
SnmpdNetwork: ctlplane
|
||||
CephClusterNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
|
||||
CephDashboardNetwork: ctlplane
|
||||
CephGrafanaNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
|
||||
CephMonNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
|
||||
CephRgwNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
|
||||
|
||||
@ -126,6 +126,7 @@ environments:
|
||||
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
|
||||
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'IP_ADDRESS'}
|
||||
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'IP_ADDRESS'}
|
||||
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
@ -231,6 +232,7 @@ environments:
|
||||
BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
|
||||
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'CLOUDNAME'}
|
||||
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'CLOUDNAME'}
|
||||
CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
|
||||
@ -336,6 +338,7 @@ environments:
|
||||
BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||
BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
|
||||
BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
|
||||
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'CLOUDNAME'}
|
||||
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'CLOUDNAME'}
|
||||
CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||
CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
|
||||
@ -451,6 +454,7 @@ environments:
|
||||
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
CephDashboardInternal: {protocol: http, port: '8444', host: IP_ADDRESS}
|
||||
CephGrafanaInternal: {protocol: http, port: '3100', host: IP_ADDRESS}
|
||||
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user