git.apps.os.sepia.ceph.com Git

author	Matthew Oliver <matt@oliver.net.au>
	Thu, 23 Jan 2020 00:02:24 +0000 (11:02 +1100)
committer	Matthew Oliver <moliver@suse.com>
	Thu, 16 Apr 2020 02:31:02 +0000 (02:31 +0000)
commit	8204b1d524b155fac56c3937d1aec41a18ab2d52
tree	6213772cb6cf6dc06344eba472fbbb591e18d3a4	tree \| snapshot
parent	38ae96e1c9a4f8ad3095626c71951a122bdc8fe7	commit \| diff

cephadm: add RGW SSL support

This patch adds SSL support to RGW when using cephadm.
If an SSL certificate is provided, inside the json supplied with:

  cpeh orchestrator rgw create -i rgw.json

Then the SSL cert and/or key will be added to pushed into the mon config-key database
using the key `rgw/cert/<rgw_realm>/<rgw_zone>.[crt|key]`.
Which will then be referenced in the config:

  rgw_frontends = beast port=80 ssl_port=443 ssl_certificate=config://rgw/cert/<rgw_realm>/<rgw_zone>.crt

And if an ssl key is also supplied this becomes something like:

  rgw_frontends = beast port=80 ssl_port=443 ssl_certificate=config://rgw/cert/<rgw_realm>/<rgw_zone>.crt ssl_key=config://rgw/cert/<rgw_realm>/<rgw_zone>.key

Of course you could also just upload the cert and key yourself to
config-key location, and ssl will be enabled as well. But this patch
let's you either supply them via `-i` or as a manual upload step.

Co-Authored-By: Michael Fritch <mfritch@suse.com>
Co-Authored-By: Sebastian Wagner <sebastian@spawnhost.de>
Signed-off-by: Matthew Oliver <moliver@suse.com>

src/cephadm/samples/rgw_ssl.json	[new file with mode: 0644]	blob
src/pybind/mgr/cephadm/module.py		diff \| blob \| history
src/pybind/mgr/orchestrator/module.py		diff \| blob \| history
src/python-common/ceph/deployment/service_spec.py		diff \| blob \| history