dashboard: support dedicated network for the dashboard

author Guillaume Abrioux <gabrioux@redhat.com>

Mon, 5 Jul 2021 15:49:26 +0000 (17:49 +0200)

committer Dimitri Savineau <savineau.dimitri@gmail.com>

Mon, 26 Jul 2021 17:19:03 +0000 (13:19 -0400)
author Guillaume Abrioux <gabrioux@redhat.com>
Mon, 5 Jul 2021 15:49:26 +0000 (17:49 +0200)
committer Dimitri Savineau <savineau.dimitri@gmail.com>
Mon, 26 Jul 2021 17:19:03 +0000 (13:19 -0400)
diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample

index e52bae535590063d794af37315c4d958eea889f8..7a6ff86d529f6d4d6aee409c959231028a1c8301 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -743,6 +743,8 @@ dummy:
  # then we will autogenerate a cert and keyfile
  #dashboard_protocol: https
  #dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+#dashboard_network: "{{ public_network }}"
  #dashboard_admin_user: admin
  #dashboard_admin_user_ro: false
  # This variable must be set with a strong custom password when dashboard_enabled is True
diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample

index 5e8a5af5b7d4d7dfd829800f479d49efc4589bf5..43e90ae52a2a46a6e4e39db7177940f22943fb85 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -743,6 +743,8 @@ ceph_docker_registry_auth: true
  # then we will autogenerate a cert and keyfile
  #dashboard_protocol: https
  #dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+#dashboard_network: "{{ public_network }}"
  #dashboard_admin_user: admin
  #dashboard_admin_user_ro: false
  # This variable must be set with a strong custom password when dashboard_enabled is True
diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml

index 4473f3b69a38dc6e2c1657127b9131d21e61f2eb..6de90b2b4aab0a5263965b1f3184bab3a43e1aef 100644 (file)
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -10,12 +10,12 @@
  
  - name: get current mgr backend - ipv4
    set_fact:
-    mgr_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}"
+    dashboard_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(dashboard_network.split(',')) | first }}"
    when: ip_version == 'ipv4'
  
  - name: get current mgr backend - ipv6
    set_fact:
-    mgr_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last }}"
+    dashboard_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(dashboard_network.split(',')) | last }}"
    when: ip_version == 'ipv6'
  
  - name: disable SSL for dashboard
@@ -61,7 +61,7 @@
            set_fact:
              subj_alt_names: >
                {% for host in groups[mgr_group_name] | default(groups[mon_group_name]) -%}
-              subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['mgr_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
+              subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['dashboard_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
                {%- if loop.last %}/{% endif %}
                {%- endfor -%}
            run_once: true
@@ -120,7 +120,7 @@
    failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0
  
  - name: config the current dashboard backend
-  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['mgr_server_addr'] }}"
+  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['dashboard_server_addr'] }}"
    delegate_to: "{{ groups[mon_group_name][0] }}"
    changed_when: false
    run_once: true
diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml

index d26d6cfd4f5ea1312bc10983a2f4259882a0db2f..fe4408ae9dbefbab45ea15f3c838489c14bb92c9 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -735,6 +735,8 @@ dashboard_enabled: True
  # then we will autogenerate a cert and keyfile
  dashboard_protocol: https
  dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+dashboard_network: "{{ public_network }}"
  dashboard_admin_user: admin
  dashboard_admin_user_ro: false
  # This variable must be set with a strong custom password when dashboard_enabled is True
author	Guillaume Abrioux <gabrioux@redhat.com>
	Mon, 5 Jul 2021 15:49:26 +0000 (17:49 +0200)
committer	Dimitri Savineau <savineau.dimitri@gmail.com>
	Mon, 26 Jul 2021 17:19:03 +0000 (13:19 -0400)
group_vars/all.yml.sample		patch \| blob \| history
group_vars/rhcs.yml.sample		patch \| blob \| history
roles/ceph-dashboard/tasks/configure_dashboard.yml		patch \| blob \| history
roles/ceph-defaults/defaults/main.yml		patch \| blob \| history