]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
projects / ceph-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf9d628)
dashboard: allow to set read-only admin user
authorDimitri Savineau <dsavinea@redhat.com>
Wed, 18 Mar 2020 14:53:40 +0000 (10:53 -0400)
committerDimitri Savineau <savineau.dimitri@gmail.com>
Thu, 19 Mar 2020 17:24:05 +0000 (13:24 -0400)
This commit allows one to set the role for the admin user as read-only.
This can be controlled via the dashboard_admin_user_ro variable but the
default value is false for backward compatibility.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1810176
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit fb69f6990ce0bf4c9cd4caf9ce7a29e15ab07cfd)

group_vars/all.yml.sample patch | blob | history
group_vars/rhcs.yml.sample patch | blob | history
roles/ceph-dashboard/tasks/configure_dashboard.yml patch | blob | history
roles/ceph-defaults/defaults/main.yml patch | blob | history
tests/functional/collocation/container/group_vars/all patch | blob | history
tests/functional/collocation/group_vars/all patch | blob | history

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index a4cc2ddd0440a99241293c8b0bc14c7ea2fe04d9..f42f35c316e8c95a69c418f823b99e03bf2ecae4 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -749,6 +749,7 @@ dummy:
 #dashboard_protocol: http
 #dashboard_port: 8443
 #dashboard_admin_user: admin
+#dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True
 #dashboard_admin_password: p@ssw0rd
 # We only need this for SSL (https) connections
diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index 1c8f0b5e91be4966eef05d9b2f0d69b131dcf1eb..f69151007f620d373e42a419c78e6127c6ece8c7 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -749,6 +749,7 @@ ceph_docker_registry_auth: true
 #dashboard_protocol: http
 #dashboard_port: 8443
 #dashboard_admin_user: admin
+#dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True
 #dashboard_admin_password: p@ssw0rd
 # We only need this for SSL (https) connections
diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml
index b361b40fb538c341af2224f15689aaf9bd4288e5..90dda7668d9c4737afa2495dae08ccf2bbbff5c5 100644 (file)
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -84,7 +84,7 @@
     if {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}; then
       {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }}
     else
-      {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} administrator
+      {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }}
     fi
   retries: 6
   delay: 5
diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index 71023d5304980e3ef5d8ec49f55a6b758e5def92..9f86347601f26146bc8556ea87835ca75d19fb00 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -741,6 +741,7 @@ dashboard_enabled: True
 dashboard_protocol: http
 dashboard_port: 8443
 dashboard_admin_user: admin
+dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True
 #dashboard_admin_password: p@ssw0rd
 # We only need this for SSL (https) connections
diff --git a/tests/functional/collocation/container/group_vars/all b/tests/functional/collocation/container/group_vars/all
index 4bbc40f26f18033d011c1d4db0724490fff8dcbf..347ef3dcb68403353185b97776ce3fac2f68c2a1 100644 (file)
--- a/tests/functional/collocation/container/group_vars/all
+++ b/tests/functional/collocation/container/group_vars/all
@@ -20,4 +20,5 @@ ceph_conf_overrides:
 handler_health_mon_check_delay: 10
 handler_health_osd_check_delay: 10
 dashboard_admin_password: $sX!cD$rYU6qR^B!
+dashboard_admin_user_ro: true
 grafana_admin_password: +xFRe+RES@7vg24n
\ No newline at end of file
diff --git a/tests/functional/collocation/group_vars/all b/tests/functional/collocation/group_vars/all
index 1ab45fba566e2b7493b823a1d32b34b474a67527..b1e30375b278b1267ad002d5484596b9e1fc064d 100644 (file)
--- a/tests/functional/collocation/group_vars/all
+++ b/tests/functional/collocation/group_vars/all
@@ -17,4 +17,5 @@ ceph_conf_overrides:
 handler_health_mon_check_delay: 10
 handler_health_osd_check_delay: 10
 dashboard_admin_password: $sX!cD$rYU6qR^B!
+dashboard_admin_user_ro: true
 grafana_admin_password: +xFRe+RES@7vg24n
\ No newline at end of file
Unnamed repository; edit this file 'description' to name the repository.