mirror of https://github.com/ceph/ceph-ansible.git
Add radosgw_frontend_ssl_certificate parameter
This is necessary when configuring RGW with SSL because
in addition to passing specific frontend options, civetweb
appends the 's' character to the binding port and beast uses
ssl_endpoint instead of endpoint.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1722071
Signed-off-by: Giulio Fidente <gfidente@redhat.com>
(cherry picked from commit d526803c6c
)
pull/4185/head
parent
2295a4cf0a
commit
72e0ac1f44
|
@ -404,11 +404,13 @@ dummy:
|
|||
#radosgw_civetweb_port: 8080
|
||||
#radosgw_civetweb_num_threads: 512
|
||||
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
||||
# For additional civetweb configuration options available such as SSL, logging,
|
||||
# For additional civetweb configuration options available such as logging,
|
||||
# keepalive, and timeout settings, please see the civetweb docs at
|
||||
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
||||
|
||||
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
||||
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
|
||||
#radosgw_frontend_ssl_certificate: ""
|
||||
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
||||
#radosgw_thread_pool_size: 512
|
||||
|
||||
|
|
|
@ -404,11 +404,13 @@ ceph_rhcs_version: 4
|
|||
#radosgw_civetweb_port: 8080
|
||||
#radosgw_civetweb_num_threads: 512
|
||||
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
||||
# For additional civetweb configuration options available such as SSL, logging,
|
||||
# For additional civetweb configuration options available such as logging,
|
||||
# keepalive, and timeout settings, please see the civetweb docs at
|
||||
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
||||
|
||||
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
||||
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
|
||||
#radosgw_frontend_ssl_certificate: ""
|
||||
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
||||
#radosgw_thread_pool_size: 512
|
||||
|
||||
|
|
|
@ -117,7 +117,15 @@ osd memory target = {{ _osd_memory_target | default(osd_memory_target) }}
|
|||
host = {{ _rgw_hostname }}
|
||||
keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ _rgw_hostname + '.' + instance['instance_name'] }}/keyring
|
||||
log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] + '.' + instance['instance_name'] }}.log
|
||||
rgw frontends = {{ radosgw_frontend_type }} {{ 'port' if radosgw_frontend_type == 'civetweb' else 'endpoint' }}={{ instance['radosgw_address'] }}:{{ instance['radosgw_frontend_port'] }} {{ radosgw_frontend_options }}
|
||||
{% set _rgw_binding_socket = instance['radosgw_address']|string + ':' + instance['radosgw_frontend_port']|string %}
|
||||
{%- macro frontend_line(frontend_type) -%}
|
||||
{%- if frontend_type == 'civetweb' -%}
|
||||
{{ radosgw_frontend_type }} port={{ _rgw_binding_socket }}{{ 's ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}
|
||||
{%- elif frontend_type == 'beast' -%}
|
||||
{{ radosgw_frontend_type }} {{ 'ssl_' if radosgw_frontend_ssl_certificate else '' }}endpoint={{ _rgw_binding_socket }}{{ ' ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}
|
||||
{%- endif -%}
|
||||
{%- endmacro -%}
|
||||
rgw frontends = {{ frontend_line(radosgw_frontend_type) }} {{ radosgw_frontend_options }}
|
||||
{% if 'num_threads' not in radosgw_frontend_options %}
|
||||
rgw thread pool size = {{ radosgw_thread_pool_size }}
|
||||
{% endif %}
|
||||
|
|
|
@ -396,11 +396,13 @@ radosgw_frontend_type: beast # For additionnal frontends see: http://docs.ceph.c
|
|||
radosgw_civetweb_port: 8080
|
||||
radosgw_civetweb_num_threads: 512
|
||||
radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
||||
# For additional civetweb configuration options available such as SSL, logging,
|
||||
# For additional civetweb configuration options available such as logging,
|
||||
# keepalive, and timeout settings, please see the civetweb docs at
|
||||
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
||||
|
||||
radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
||||
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
|
||||
radosgw_frontend_ssl_certificate: ""
|
||||
radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
||||
radosgw_thread_pool_size: 512
|
||||
|
||||
|
|
|
@ -5,6 +5,12 @@ DELAY="{{ handler_health_rgw_check_delay }}"
|
|||
HOST_NAME="{{ ansible_hostname }}"
|
||||
RGW_NUMS={{ radosgw_num_instances }}
|
||||
RGW_BASE_PORT={{ radosgw_frontend_port }}
|
||||
RGW_FRONTEND_SSL_CERT={{ radosgw_frontend_ssl_certificate }}
|
||||
if [ -n "$RGW_FRONTEND_SSL_CERT" ]; then
|
||||
RGW_PROTOCOL=https
|
||||
else
|
||||
RGW_PROTOCOL=http
|
||||
fi
|
||||
declare -a DOCKER_EXECS
|
||||
for ((i=0; i<${RGW_NUMS}; i++)); do
|
||||
DOCKER_EXECS[i]=""
|
||||
|
@ -57,13 +63,13 @@ check_rest() {
|
|||
check_for_curl_or_wget ${i}
|
||||
local succ=0
|
||||
while [ $RETRIES -ne 0 ]; do
|
||||
test "$rgw_test_command http://$RGW_IP:$((RGW_BASE_PORT+i))" && succ=$((succ+1)) && break
|
||||
test "$rgw_test_command $RGW_PROTOCOL://$RGW_IP:$((RGW_BASE_PORT+i))" && succ=$((succ+1)) && break
|
||||
sleep $DELAY
|
||||
let RETRIES=RETRIES-1
|
||||
done
|
||||
if [ $succ -ne 1 ]; then
|
||||
# If we reach this point, it means there is a problem with the connection to rgw
|
||||
echo "Error connecting locally to Rados Gateway service: http://$rgw_listen"
|
||||
echo "Error connecting locally to Rados Gateway service: $RGW_PROTOCOL://$rgw_listen"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
|
|
@ -32,6 +32,9 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
|
|||
{% if ansible_distribution == 'RedHat' -%}
|
||||
-v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:z \
|
||||
{% endif -%}
|
||||
{% if radosgw_frontend_ssl_certificate -%}
|
||||
-v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }}:ro \
|
||||
{% endif -%}
|
||||
-e CEPH_DAEMON=RGW \
|
||||
-e CLUSTER={{ cluster }} \
|
||||
-e RGW_NAME={{ ansible_hostname }}.${INST_NAME} \
|
||||
|
|
Loading…
Reference in New Issue