mirror of https://github.com/ceph/ceph-ansible.git
Add radosgw_frontend_ssl_certificate parameter
This is necessary when configuring RGW with SSL because in addition to passing specific frontend options, civetweb appends the 's' character to the binding port and beast uses ssl_endpoint instead of endpoint. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1722071 Signed-off-by: Giulio Fidente <gfidente@redhat.com>pull/3946/head
parent
3f92323f28
commit
d526803c6c
|
@ -404,11 +404,13 @@ dummy:
|
||||||
#radosgw_civetweb_port: 8080
|
#radosgw_civetweb_port: 8080
|
||||||
#radosgw_civetweb_num_threads: 512
|
#radosgw_civetweb_num_threads: 512
|
||||||
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
||||||
# For additional civetweb configuration options available such as SSL, logging,
|
# For additional civetweb configuration options available such as logging,
|
||||||
# keepalive, and timeout settings, please see the civetweb docs at
|
# keepalive, and timeout settings, please see the civetweb docs at
|
||||||
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
||||||
|
|
||||||
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
||||||
|
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
|
||||||
|
#radosgw_frontend_ssl_certificate: ""
|
||||||
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
||||||
#radosgw_thread_pool_size: 512
|
#radosgw_thread_pool_size: 512
|
||||||
|
|
||||||
|
|
|
@ -404,11 +404,13 @@ ceph_rhcs_version: 4
|
||||||
#radosgw_civetweb_port: 8080
|
#radosgw_civetweb_port: 8080
|
||||||
#radosgw_civetweb_num_threads: 512
|
#radosgw_civetweb_num_threads: 512
|
||||||
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
#radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
||||||
# For additional civetweb configuration options available such as SSL, logging,
|
# For additional civetweb configuration options available such as logging,
|
||||||
# keepalive, and timeout settings, please see the civetweb docs at
|
# keepalive, and timeout settings, please see the civetweb docs at
|
||||||
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
||||||
|
|
||||||
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
#radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
||||||
|
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
|
||||||
|
#radosgw_frontend_ssl_certificate: ""
|
||||||
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
#radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
||||||
#radosgw_thread_pool_size: 512
|
#radosgw_thread_pool_size: 512
|
||||||
|
|
||||||
|
|
|
@ -117,7 +117,15 @@ osd memory target = {{ _osd_memory_target | default(osd_memory_target) }}
|
||||||
host = {{ _rgw_hostname }}
|
host = {{ _rgw_hostname }}
|
||||||
keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ _rgw_hostname + '.' + instance['instance_name'] }}/keyring
|
keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ _rgw_hostname + '.' + instance['instance_name'] }}/keyring
|
||||||
log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] + '.' + instance['instance_name'] }}.log
|
log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] + '.' + instance['instance_name'] }}.log
|
||||||
rgw frontends = {{ radosgw_frontend_type }} {{ 'port' if radosgw_frontend_type == 'civetweb' else 'endpoint' }}={{ instance['radosgw_address'] }}:{{ instance['radosgw_frontend_port'] }} {{ radosgw_frontend_options }}
|
{% set _rgw_binding_socket = instance['radosgw_address']|string + ':' + instance['radosgw_frontend_port']|string %}
|
||||||
|
{%- macro frontend_line(frontend_type) -%}
|
||||||
|
{%- if frontend_type == 'civetweb' -%}
|
||||||
|
{{ radosgw_frontend_type }} port={{ _rgw_binding_socket }}{{ 's ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}
|
||||||
|
{%- elif frontend_type == 'beast' -%}
|
||||||
|
{{ radosgw_frontend_type }} {{ 'ssl_' if radosgw_frontend_ssl_certificate else '' }}endpoint={{ _rgw_binding_socket }}{{ ' ssl_certificate='+radosgw_frontend_ssl_certificate if radosgw_frontend_ssl_certificate else '' }}
|
||||||
|
{%- endif -%}
|
||||||
|
{%- endmacro -%}
|
||||||
|
rgw frontends = {{ frontend_line(radosgw_frontend_type) }} {{ radosgw_frontend_options }}
|
||||||
{% if 'num_threads' not in radosgw_frontend_options %}
|
{% if 'num_threads' not in radosgw_frontend_options %}
|
||||||
rgw thread pool size = {{ radosgw_thread_pool_size }}
|
rgw thread pool size = {{ radosgw_thread_pool_size }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -396,11 +396,13 @@ radosgw_frontend_type: beast # For additionnal frontends see: http://docs.ceph.c
|
||||||
radosgw_civetweb_port: 8080
|
radosgw_civetweb_port: 8080
|
||||||
radosgw_civetweb_num_threads: 512
|
radosgw_civetweb_num_threads: 512
|
||||||
radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
radosgw_civetweb_options: "num_threads={{ radosgw_civetweb_num_threads }}"
|
||||||
# For additional civetweb configuration options available such as SSL, logging,
|
# For additional civetweb configuration options available such as logging,
|
||||||
# keepalive, and timeout settings, please see the civetweb docs at
|
# keepalive, and timeout settings, please see the civetweb docs at
|
||||||
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
# https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md
|
||||||
|
|
||||||
radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
radosgw_frontend_port: "{{ radosgw_civetweb_port if radosgw_frontend_type == 'civetweb' else '8080' }}"
|
||||||
|
# The server private key, public certificate and any other CA or intermediate certificates should be in one file, in PEM format.
|
||||||
|
radosgw_frontend_ssl_certificate: ""
|
||||||
radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
radosgw_frontend_options: "{{ radosgw_civetweb_options if radosgw_frontend_type == 'civetweb' else '' }}"
|
||||||
radosgw_thread_pool_size: 512
|
radosgw_thread_pool_size: 512
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,12 @@ DELAY="{{ handler_health_rgw_check_delay }}"
|
||||||
HOST_NAME="{{ ansible_hostname }}"
|
HOST_NAME="{{ ansible_hostname }}"
|
||||||
RGW_NUMS={{ radosgw_num_instances }}
|
RGW_NUMS={{ radosgw_num_instances }}
|
||||||
RGW_BASE_PORT={{ radosgw_frontend_port }}
|
RGW_BASE_PORT={{ radosgw_frontend_port }}
|
||||||
|
RGW_FRONTEND_SSL_CERT={{ radosgw_frontend_ssl_certificate }}
|
||||||
|
if [ -n "$RGW_FRONTEND_SSL_CERT" ]; then
|
||||||
|
RGW_PROTOCOL=https
|
||||||
|
else
|
||||||
|
RGW_PROTOCOL=http
|
||||||
|
fi
|
||||||
declare -a DOCKER_EXECS
|
declare -a DOCKER_EXECS
|
||||||
for ((i=0; i<${RGW_NUMS}; i++)); do
|
for ((i=0; i<${RGW_NUMS}; i++)); do
|
||||||
DOCKER_EXECS[i]=""
|
DOCKER_EXECS[i]=""
|
||||||
|
@ -57,13 +63,13 @@ check_rest() {
|
||||||
check_for_curl_or_wget ${i}
|
check_for_curl_or_wget ${i}
|
||||||
local succ=0
|
local succ=0
|
||||||
while [ $RETRIES -ne 0 ]; do
|
while [ $RETRIES -ne 0 ]; do
|
||||||
test "$rgw_test_command http://$RGW_IP:$((RGW_BASE_PORT+i))" && succ=$((succ+1)) && break
|
test "$rgw_test_command $RGW_PROTOCOL://$RGW_IP:$((RGW_BASE_PORT+i))" && succ=$((succ+1)) && break
|
||||||
sleep $DELAY
|
sleep $DELAY
|
||||||
let RETRIES=RETRIES-1
|
let RETRIES=RETRIES-1
|
||||||
done
|
done
|
||||||
if [ $succ -ne 1 ]; then
|
if [ $succ -ne 1 ]; then
|
||||||
# If we reach this point, it means there is a problem with the connection to rgw
|
# If we reach this point, it means there is a problem with the connection to rgw
|
||||||
echo "Error connecting locally to Rados Gateway service: http://$rgw_listen"
|
echo "Error connecting locally to Rados Gateway service: $RGW_PROTOCOL://$rgw_listen"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,6 +32,9 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
|
||||||
{% if ansible_distribution == 'RedHat' -%}
|
{% if ansible_distribution == 'RedHat' -%}
|
||||||
-v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:z \
|
-v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:z \
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
{% if radosgw_frontend_ssl_certificate -%}
|
||||||
|
-v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }}:ro \
|
||||||
|
{% endif -%}
|
||||||
-e CEPH_DAEMON=RGW \
|
-e CEPH_DAEMON=RGW \
|
||||||
-e CLUSTER={{ cluster }} \
|
-e CLUSTER={{ cluster }} \
|
||||||
-e RGW_NAME={{ ansible_hostname }}.${INST_NAME} \
|
-e RGW_NAME={{ ansible_hostname }}.${INST_NAME} \
|
||||||
|
|
Loading…
Reference in New Issue