Add radosgw_frontend_ssl_certificate parameter

This is necessary when configuring RGW with SSL because
in addition to passing specific frontend options, civetweb
appends the 's' character to the binding port and beast uses
ssl_endpoint instead of endpoint.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1722071
Signed-off-by: Giulio Fidente <gfidente@redhat.com>
(cherry picked from commit d526803c6c)
pull/4185/head
Giulio Fidente 2019-06-19 14:59:15 +02:00 committed by mergify[bot]
parent 2295a4cf0a
commit 72e0ac1f44
6 changed files with 29 additions and 6 deletions

View File

@ -404,11 +404,13 @@ dummy:
#radosgw_civetweb_port: 8080
#radosgw_civetweb_num_threads: 512
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
# For additional civetweb configuration options available such as SSL, logging,
# For additional civetweb configuration options available such as logging,
# keepalive, and timeout settings, please see the civetweb docs at
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
#radosgw_frontend_ssl_certificate: ""
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
#radosgw_thread_pool_size: 512

View File

@ -404,11 +404,13 @@ ceph_rhcs_version: 4
#radosgw_civetweb_port: 8080
#radosgw_civetweb_num_threads: 512
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
# For additional civetweb configuration options available such as SSL, logging,
# For additional civetweb configuration options available such as logging,
# keepalive, and timeout settings, please see the civetweb docs at
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
#radosgw_frontend_ssl_certificate: ""
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
#radosgw_thread_pool_size: 512

View File

@ -117,7 +117,15 @@ osd memory target = {{ _osd_memory_target | default(osd_memory_target) }}
host = {{ _rgw_hostname }}
keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ _rgw_hostname + '.' + instance['instance_name'] }}/keyring
log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] + '.' + instance['instance_name'] }}.log
rgw frontends = {{ radosgw_frontend_type }} {{ 'port' if radosgw_frontend_type == 'civetweb' else 'endpoint' }}={{ instance['radosgw_address'] }}:{{ instance['radosgw_frontend_port'] }} {{ radosgw_frontend_options }}
{% set _rgw_binding_socket = instance['radosgw_address']|string + ':' + instance['radosgw_frontend_port']|string %}
{%- macro frontend_line(frontend_type) -%}
{%- if frontend_type == 'civetweb' -%}
{{ radosgw_frontend_type }} port={{ _rgw_binding_socket }}{{ 's ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}
{%- elif frontend_type == 'beast' -%}
{{ radosgw_frontend_type }} {{ 'ssl_' if radosgw_frontend_ssl_certificate else '' }}endpoint={{ _rgw_binding_socket }}{{ ' ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}
{%- endif -%}
{%- endmacro -%}
rgw frontends = {{ frontend_line(radosgw_frontend_type) }} {{ radosgw_frontend_options }}
{% if 'num_threads' not in radosgw_frontend_options %}
rgw thread pool size = {{ radosgw_thread_pool_size }}
{% endif %}

View File

@ -396,11 +396,13 @@ radosgw_frontend_type: beast # For additionnal frontends see: http://docs.ceph.c
radosgw_civetweb_port: 8080
radosgw_civetweb_num_threads: 512
radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
# For additional civetweb configuration options available such as SSL, logging,
# For additional civetweb configuration options available such as logging,
# keepalive, and timeout settings, please see the civetweb docs at
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
radosgw_frontend_ssl_certificate: ""
radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
radosgw_thread_pool_size: 512

View File

@ -5,6 +5,12 @@ DELAY="{{ handler_health_rgw_check_delay }}"
HOST_NAME="{{ ansible_hostname }}"
RGW_NUMS={{ radosgw_num_instances }}
RGW_BASE_PORT={{ radosgw_frontend_port }}
RGW_FRONTEND_SSL_CERT={{ radosgw_frontend_ssl_certificate }}
if [ -n "$RGW_FRONTEND_SSL_CERT" ]; then
RGW_PROTOCOL=https
else
RGW_PROTOCOL=http
fi
declare -a DOCKER_EXECS
for ((i=0; i<${RGW_NUMS}; i++)); do
DOCKER_EXECS[i]=""
@ -57,13 +63,13 @@ check_rest() {
check_for_curl_or_wget ${i}
local succ=0
while [ $RETRIES -ne 0 ]; do
test "$rgw_test_command http://$RGW_IP:$((RGW_BASE_PORT+i))" && succ=$((succ+1)) && break
test "$rgw_test_command $RGW_PROTOCOL://$RGW_IP:$((RGW_BASE_PORT+i))" && succ=$((succ+1)) && break
sleep $DELAY
let RETRIES=RETRIES-1
done
if [ $succ -ne 1 ]; then
# If we reach this point, it means there is a problem with the connection to rgw
echo "Error connecting locally to Rados Gateway service: http://$rgw_listen"
echo "Error connecting locally to Rados Gateway service: $RGW_PROTOCOL://$rgw_listen"
exit 1
fi
}

View File

@ -32,6 +32,9 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
{% if ansible_distribution == 'RedHat' -%}
-v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:z \
{% endif -%}
{% if radosgw_frontend_ssl_certificate -%}
-v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }}:ro \
{% endif -%}
-e CEPH_DAEMON=RGW \
-e CLUSTER={{ cluster }} \
-e RGW_NAME={{ ansible_hostname }}.${INST_NAME} \