ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ceph-rgw: allow SSL certificate content to supplied 

Allow SSL certificate & key contents to be written to the path
specified by radosgw_frontend_ssl_certificate. This permits a
certificate to be deployed & renewal of expired certificates
through ceph-ansible.

Signed-off-by: Sam Choraria <sam.choraria@bbc.co.uk>
pull/5054/head
Sam Choraria 2019-12-03 12:23:13 +00:00 committed by Guillaume Abrioux
parent c644ea9041
commit 2a2656a985
4 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/all.yml.sample
View File

@ -405,6 +405,7 @@ dummy:
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
#radosgw_frontend_ssl_certificate: ""
#radosgw_frontend_ssl_certificate_data: "" # certificate contents to be written to path defined by radosgw_frontend_ssl_certificate
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
#radosgw_thread_pool_size: 512

1
group_vars/rhcs.yml.sample
View File

@ -405,6 +405,7 @@ ceph_iscsi_config_dev: false
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
#radosgw_frontend_ssl_certificate: ""
#radosgw_frontend_ssl_certificate_data: "" # certificate contents to be written to path defined by radosgw_frontend_ssl_certificate
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
#radosgw_thread_pool_size: 512

1
roles/ceph-defaults/defaults/main.yml
View File

@ -397,6 +397,7 @@ radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
radosgw_frontend_ssl_certificate: ""
radosgw_frontend_ssl_certificate_data: "" # certificate contents to be written to path defined by radosgw_frontend_ssl_certificate
radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
radosgw_thread_pool_size: 512

10
roles/ceph-rgw/tasks/common.yml
View File

@ -41,3 +41,13 @@
when:
- cephx | bool
- item.item.copy_key | bool
- name: copy SSL certificate & key data to certificate path
copy:
content: "{{ radosgw_frontend_ssl_certificate_data }}"
dest: "{{ radosgw_frontend_ssl_certificate }}"
owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
mode: 0440
when: radosgw_frontend_ssl_certificate | length > 0 and radosgw_frontend_ssl_certificate_data | length > 0
notify: restart ceph rgws