ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dashboard: allow to set read-only admin user 

This commit allows one to set the role for the admin user as read-only.
This can be controlled via the dashboard_admin_user_ro variable but the
default value is false for backward compatibility.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1810176

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit fb69f6990c)
pull/5170/head
Dimitri Savineau 2020-03-18 10:53:40 -04:00 committed by Dimitri Savineau
parent bf9d628b65
commit 55c222d088
6 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/all.yml.sample
View File

@ -749,6 +749,7 @@ dummy:
#dashboard_protocol: http #dashboard_protocol: http
#dashboard_port: 8443 #dashboard_port: 8443
#dashboard_admin_user: admin #dashboard_admin_user: admin
#dashboard_admin_user_ro: false
# This variable must be set with a strong custom password when dashboard_enabled is True # This variable must be set with a strong custom password when dashboard_enabled is True
#dashboard_admin_password: p@ssw0rd #dashboard_admin_password: p@ssw0rd
# We only need this for SSL (https) connections # We only need this for SSL (https) connections

1
group_vars/rhcs.yml.sample
View File

@ -749,6 +749,7 @@ ceph_docker_registry_auth: true
#dashboard_protocol: http #dashboard_protocol: http
#dashboard_port: 8443 #dashboard_port: 8443
#dashboard_admin_user: admin #dashboard_admin_user: admin
#dashboard_admin_user_ro: false
# This variable must be set with a strong custom password when dashboard_enabled is True # This variable must be set with a strong custom password when dashboard_enabled is True
#dashboard_admin_password: p@ssw0rd #dashboard_admin_password: p@ssw0rd
# We only need this for SSL (https) connections # We only need this for SSL (https) connections

2
roles/ceph-dashboard/tasks/configure_dashboard.yml
View File

@ -84,7 +84,7 @@
if {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}; then if {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}; then
{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }}
else else
{{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} administrator {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }}
fi fi
retries: 6 retries: 6
delay: 5 delay: 5

1
roles/ceph-defaults/defaults/main.yml
View File

@ -741,6 +741,7 @@ dashboard_enabled: True
dashboard_protocol: http dashboard_protocol: http
dashboard_port: 8443 dashboard_port: 8443
dashboard_admin_user: admin dashboard_admin_user: admin
dashboard_admin_user_ro: false
# This variable must be set with a strong custom password when dashboard_enabled is True # This variable must be set with a strong custom password when dashboard_enabled is True
#dashboard_admin_password: p@ssw0rd #dashboard_admin_password: p@ssw0rd
# We only need this for SSL (https) connections # We only need this for SSL (https) connections

1
tests/functional/collocation/container/group_vars/all
View File

@ -20,4 +20,5 @@ ceph_conf_overrides:
handler_health_mon_check_delay: 10 handler_health_mon_check_delay: 10
handler_health_osd_check_delay: 10 handler_health_osd_check_delay: 10
dashboard_admin_password: $sX!cD$rYU6qR^B! dashboard_admin_password: $sX!cD$rYU6qR^B!
dashboard_admin_user_ro: true
grafana_admin_password: +xFRe+RES@7vg24n grafana_admin_password: +xFRe+RES@7vg24n

1
tests/functional/collocation/group_vars/all
View File

@ -17,4 +17,5 @@ ceph_conf_overrides:
handler_health_mon_check_delay: 10 handler_health_mon_check_delay: 10
handler_health_osd_check_delay: 10 handler_health_osd_check_delay: 10
dashboard_admin_password: $sX!cD$rYU6qR^B! dashboard_admin_password: $sX!cD$rYU6qR^B!
dashboard_admin_user_ro: true
grafana_admin_password: +xFRe+RES@7vg24n grafana_admin_password: +xFRe+RES@7vg24n