iscsi: don't set default value for trusted_ip_list

It restricts access to the iSCSI API.
It can be left empty if the API isn't going to be access from outside the
gateway node

Even though this seems to be a limited use case, it's better to leave it
empty by default than having a meaningless default value.

We could make this variable mandatory but that would be a breaking
change. Let's just add a logic in the template in order to set this
variable in the configuration file only if it was specified by users.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1994930

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Co-authored-by: Dimitri Savineau <dsavinea@redhat.com>
pull/6856/head
Guillaume Abrioux 2021-08-18 13:23:44 +02:00 committed by Dimitri Savineau
parent 8ba6101bbb
commit 6802b8dddd
4 changed files with 10 additions and 4 deletions

View File

@ -30,7 +30,9 @@ dummy:
#api_port: 5000 #api_port: 5000
#api_secure: false #api_secure: false
#loop_delay: 1 #loop_delay: 1
#trusted_ip_list: 192.168.122.1 # set the variable below with a comma separated list of IPs
# in order to restrict the access to the iSCSI API
# trusted_ip_list: 192.168.122.1
########## ##########

View File

@ -22,7 +22,9 @@ api_password: admin
api_port: 5000 api_port: 5000
api_secure: false api_secure: false
loop_delay: 1 loop_delay: 1
trusted_ip_list: 192.168.122.1 # set the variable below with a comma separated list of IPs
# in order to restrict the access to the iSCSI API
# trusted_ip_list: 192.168.122.1
########## ##########

View File

@ -30,7 +30,7 @@
- name: add mgr ip address to trusted list with dashboard - ipv4 - name: add mgr ip address to trusted list with dashboard - ipv4
set_fact: set_fact:
trusted_ip_list: '{{ trusted_ip_list }},{{ hostvars[item]["ansible_facts"]["all_ipv4_addresses"] | ips_in_ranges(public_network.split(",")) | first }}' trusted_ip_list: '{{ trusted_ip_list | default("") }}{{ "," if trusted_ip_list is defined else "" }}{{ hostvars[item]["ansible_facts"]["all_ipv4_addresses"] | ips_in_ranges(public_network.split(",")) | first }}'
with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}' with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}'
when: when:
- dashboard_enabled | bool - dashboard_enabled | bool
@ -38,7 +38,7 @@
- name: add mgr ip address to trusted list with dashboard - ipv6 - name: add mgr ip address to trusted list with dashboard - ipv6
set_fact: set_fact:
trusted_ip_list: '{{ trusted_ip_list }},{{ hostvars[item]["ansible_facts"]["all_ipv6_addresses"] | ips_in_ranges(public_network.split(",")) | last }}' trusted_ip_list: '{{ trusted_ip_list | default("") }}{{ "," if trusted_ip_list is defined else "" }}{{ hostvars[item]["ansible_facts"]["all_ipv6_addresses"] | ips_in_ranges(public_network.split(",")) | last }}'
with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}' with_items: '{{ groups[mgr_group_name] | default(groups[mon_group_name]) }}'
when: when:
- dashboard_enabled | bool - dashboard_enabled | bool

View File

@ -25,4 +25,6 @@ api_user = {{ api_user }}
api_password = {{ api_password }} api_password = {{ api_password }}
api_port = {{ api_port }} api_port = {{ api_port }}
loop_delay = {{ loop_delay }} loop_delay = {{ loop_delay }}
{% if trusted_ip_list is defined %}
trusted_ip_list = {{ trusted_ip_list }} trusted_ip_list = {{ trusted_ip_list }}
{% endif %}