tripleo-heat-templates/deployment/cephadm
Michele Baldessari 92f722a05c Do not ask for cephdashboard certificates when it is disabled
When deploying with TLS-E and cephadm, I disabled the ceph dashboard:
(undercloud) [stack@undercloud-0 ~]$ openstack stack environment show
overcloud -f yaml |grep -i cephenabledashboard

  CephEnableDashboard: false

Yet it still tries to request a cert for it (and fails due to
https://bugs.launchpad.net/tripleo/+bug/1926746):
2021-05-03 14:02:54.876228 | 5254004b-fe7a-614d-c9eb-00000000e323 |
FATAL | Ensure certificate requests | ctrl-3-0 | item={'ca': 'ipa',
'dns': 'ctrl-3-0.mainnetwork.bgp.ftw', 'key_size': '2048', 'name':
'ceph_dashboard', 'principal':
'ceph_dashboard/ctrl-3-0.mainnetwork.bgp.ftw@BGP.FTW', 'run_after': '#
Get mgr systemd unit\nmgr_unit=$(systemctl list-units | awk \'/ceph-mgr/
{print $1}\')\n# Restart the mgr systemd unit\nif [ -n "$mgr_unit" ];
then\n systemctl restart "$mgr_unit"\nfi\n'} |
error={"ansible_loop_var": "item", "changed": false, "cmd":
"/bin/getcert request -N CN=ctrl-3-0.mainnetwork.bgp.ftw -c IPA -w -k
/etc/pki/tls/private/ceph_dashboard.key -f
/etc/pki/tls/certs/ceph_dashboard.crt -D ctrl-3-0.mainnetwork.bgp.ftw -D
'' -A '' -E '' -r -g 2048 -K '' -K '' -u digitalSignature -u
keyEncipherment -U 1.3.6.1.5.5.7.3.1 -U 1.3.6.1.5.5.7.3.2 -U '' -B '' -C
/etc/certmonger/post-scripts/ceph_dashboard-838da8a.sh", "item": {"ca":
"ipa", "dns": "ctrl-3-0.mainnetwork.bgp.ftw", "key_size": "2048",
"name": "ceph_dashboard", "principal":
"ceph_dashboard/ctrl-3-0.mainnetwork.bgp.ftw@BGP.FTW", "run_after": "#
Get mgr systemd unit\nmgr_unit=$(systemctl list-units | awk '/ceph-mgr/
{print $1}')\n# Restart the mgr systemd unit\nif [ -n \"$mgr_unit\" ];
then\n systemctl restart \"$mgr_unit\"\nfi\n"}, "msg": "", "rc": 2,
"stderr": "", "stderr_lines": [], "stdout": "New signing request
\"20210503140253\" added.\n", "stdout_lines": ["New signing request
\"20210503140253\" added."]}

With this patch applied I correctly get passed this point and am able to
reach later steps:
2021-05-04 12:40:44.300445 | 5254004b-fe7a-5ccf-c0b9-0000000000df | TASK | External deployment step 2

The problem is that the 'enable_internal_tls' is global and only checks
for internal TLS being enabled so it will still be triggered when
CephEnabledDashboard is set to false. Let's switch it to the internal
condition internal_tls_enabled which takes the dashboard into account.

Change-Id: I73a58b00f31bfeffb724e12515d8c5cb0625ca7f
Closes-Bug: #1927093
2021-05-04 14:41:48 +02:00
..
ceph-base.yaml Default CephClientConfigVars within --working-dir 2021-04-28 14:16:48 +00:00
ceph-client.yaml Default CephClientConfigVars within --working-dir 2021-04-28 14:16:48 +00:00
ceph-external.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30
ceph-grafana.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30
ceph-mds.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30
ceph-mgr.yaml Do not ask for cephdashboard certificates when it is disabled 2021-05-04 14:41:48 +02:00
ceph-mon.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30
ceph-nfs.yaml Define the GaneshaNetwork parameter used by cephadm 2021-04-28 06:16:39 +00:00
ceph-osd.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30
ceph-rbdmirror.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30
ceph-rgw.yaml Simplify cephadm service templates 2021-04-26 09:12:20 +05:30