ceph-dashboard: Improve https configuration

This patch moves the https dashboard configuration into a dedicated block to avoid the multiple occurence of the dashboard_protocol condition. It also fixes the dashboard certificate and key variables handling in the condition introduced by ab54fe2. Those variables aren't boolean but strings so we can test them via the length filter. Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 249764047b)
2019-10-02 15:24:38 -04:00 · 2019-10-02 15:24:38 -04:00 · a210efe361
parent 37fd0b179b
commit a210efe361
1 changed files with 37 additions and 43 deletions
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@ -10,11 +10,13 @@
  run_once: true
  when: dashboard_protocol == "http"

+- name: with SSL for dashboard
+  when: dashboard_protocol == "https"
+  block:
    - name: enable SSL for dashboard
      command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/ssl true"
      delegate_to: "{{ groups[mon_group_name][0] }}"
      run_once: true
-  when: dashboard_protocol == "https"

    - name: copy dashboard SSL certificate file
      copy:
@ -23,9 +25,7 @@
        owner: root
        group: root
        mode: 0440
-  when:
-    - dashboard_crt | bool
-    - dashboard_protocol == "https"
+      when: dashboard_crt | length > 0

    - name: copy dashboard SSL certificate key
      copy:
@ -34,31 +34,25 @@
        owner: root
        group: root
        mode: 0440
-  when:
-    - dashboard_key | bool
-    - dashboard_protocol == "https"
+      when: dashboard_key | length > 0

    - name: generate a Self Signed OpenSSL certificate for dashboard
      shell: |
        test -f /etc/ceph/ceph-dashboard.key -a -f /etc/ceph/ceph-dashboard.crt || \
        openssl req -new -nodes -x509 -subj '/O=IT/CN=ceph-dashboard' -days 3650 -keyout /etc/ceph/ceph-dashboard.key -out /etc/ceph/ceph-dashboard.crt -extensions v3_ca
-  when:
-    - dashboard_protocol == "https"
-    - not dashboard_key | bool or not dashboard_crt | bool
+      when: dashboard_key | length == 0 or dashboard_crt | length == 0

    - name: import dashboard certificate file
      command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/crt -i /etc/ceph/ceph-dashboard.crt"
      changed_when: false
      delegate_to: "{{ groups[mon_group_name][0] }}"
      run_once: true
-  when: dashboard_protocol == "https"

    - name: import dashboard certificate key
      command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key set mgr/dashboard/key -i /etc/ceph/ceph-dashboard.key"
      changed_when: false
      delegate_to: "{{ groups[mon_group_name][0] }}"
      run_once: true
-  when: dashboard_protocol == "https"

 - name: "set the dashboard port ({{ dashboard_port }})"
  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/server_port {{ dashboard_port }}"