dashboard: allow remote TLS cert/key copy

When using TLS on the ceph dashboard or grafana services, we can provide
the TLS certificate and key.
Those files should be present on the ansible controller and they will be
copyied to the right node(s).
In some situation, the TLS certificate and key could be already present
on the target node and not on the ansible controller.
For this scenario, we just need to copy the files locally (on each remote
host).

This patch adds the dashboard_tls_external variable (with default to
false) to allow users to achieve this scenario when configuring this
variable to true.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1860815
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 0d0f1e71df33484d6619aeaa97eb21d7dfc0ea48)

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index 421ceb783f94006bb62aae273b2632d1047a9c94..39e75e239b927781ef41b86755bbbf322774c4b9 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -747,6 +747,7 @@ dummy:
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_tls_external: false
 #dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''

diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index a92e03e84b99cdff43d5ab22ec23472c1da0d6cf..c6231cab9ffc2ac8749d2a17175c74fc8be534be 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -747,6 +747,7 @@ ceph_docker_registry_auth: true
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_tls_external: false
 #dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''

diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml
index 985d76c0c8c0b35f339f25c927571cf484956bc6..0881cd588927f4f29f6e882bd059931a207b3a53 100644 (file)
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -25,6 +25,7 @@
         owner: root
         group: root
         mode: 0440
+        remote_src: "{{ dashboard_tls_external | bool }}"
       delegate_to: "{{ groups[mon_group_name][0] }}"
       when: dashboard_crt | length > 0
 
@@ -35,6 +36,7 @@
         owner: root
         group: root
         mode: 0440
+        remote_src: "{{ dashboard_tls_external | bool }}"
       delegate_to: "{{ groups[mon_group_name][0] }}"
       when: dashboard_key | length > 0
 

diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index 81fdaeac06275130af1df7878d910a8e69c5c2d9..680ccc7a9bb0260147eb028a0b4e0f6f9ee0b506 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -739,6 +739,7 @@ dashboard_admin_user_ro: false
 # We only need this for SSL (https) connections
 dashboard_crt: ''
 dashboard_key: ''
+dashboard_tls_external: false
 dashboard_grafana_api_no_ssl_verify: False
 dashboard_rgw_api_user_id: ceph-dashboard
 dashboard_rgw_api_admin_resource: ''

diff --git a/roles/ceph-grafana/tasks/configure_grafana.yml b/roles/ceph-grafana/tasks/configure_grafana.yml
index f38eb1c1cd0972df1fe41cd13fff7c6df9c7ce39..5275b89f9ce0dfa23fbcd8d514088283bd04e20b 100644 (file)
--- a/roles/ceph-grafana/tasks/configure_grafana.yml
+++ b/roles/ceph-grafana/tasks/configure_grafana.yml
@@ -75,6 +75,7 @@
     owner: "{{ grafana_uid }}"
     group: "{{ grafana_uid }}"
     mode: 0640
+    remote_src: "{{ dashboard_tls_external | bool }}"
   when:
     - grafana_crt | length > 0
     - dashboard_protocol == "https"
@@ -86,6 +87,7 @@
     owner: "{{ grafana_uid }}"
     group: "{{ grafana_uid }}"
     mode: 0440
+    remote_src: "{{ dashboard_tls_external | bool }}"
   when:
     - grafana_key | length > 0
     - dashboard_protocol == "https"