]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
projects / ceph-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d72c90c)
Support host's CA bundle on Debian-like distros main
authorDaniel Swarbrick <daniel.swarbrick1@ionos.com>
Tue, 12 May 2026 14:15:07 +0000 (16:15 +0200)
committerSeena Fallah <seenafallah@gmail.com>
Tue, 12 May 2026 20:05:37 +0000 (22:05 +0200)
Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
roles/ceph-mon/templates/ceph-mon.service.j2 patch | blob | history
roles/ceph-rgw/templates/ceph-radosgw.service.j2 patch | blob | history

diff --git a/roles/ceph-mon/templates/ceph-mon.service.j2 b/roles/ceph-mon/templates/ceph-mon.service.j2
index 0f29470bc162c105c471317784ab8dc8b2d9f627..f7859f4e7fc961e2d4931066c5a74c4af065b9be 100644 (file)
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@@ -33,6 +33,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
+{% elif ansible_facts['os_family'] == 'Debian' -%}
+  -v /etc/ssl/certs/ca-certificates.crt:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro \
 {% endif -%}
 {% if mon_docker_privileged | bool -%}
   --privileged \
 {% endif -%}
 {% if mon_docker_privileged | bool -%}
   --privileged \
diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 38fd968183c35c3247243dcbc52e1652334064b7..7ca49f8f0aced29a5b0773989fd89ac14f6045a4 100644 (file)
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -42,6 +42,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
+{% elif ansible_facts['os_family'] == 'Debian' -%}
+  -v /etc/ssl/certs/ca-certificates.crt:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro \
 {% endif -%}
 {% if radosgw_frontend_ssl_certificate -%}
   -v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }} \
 {% endif -%}
 {% if radosgw_frontend_ssl_certificate -%}
   -v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }} \
Unnamed repository; edit this file 'description' to name the repository.