]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd049ed)
mgr/cephadm: adding the SSL cert as a dependency for ingress service
authorRedouane Kachach <rkachach@ibm.com>
Fri, 7 Feb 2025 10:46:45 +0000 (11:46 +0100)
committerRedouane Kachach <rkachach@ibm.com>
Fri, 7 Feb 2025 12:23:33 +0000 (13:23 +0100)
This way when the user changes the SSL certificate in the spec and
performs an 'orch apply' cephadm will detect the change and
reconfigure the ingress service automatically. In addition we are also
adding the ssl_key because it was not included in the generated
haproxy configuration.

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
src/pybind/mgr/cephadm/services/ingress.py patch | blob | history

diff --git a/src/pybind/mgr/cephadm/services/ingress.py b/src/pybind/mgr/cephadm/services/ingress.py
index 60fc586da85c65582b3330e7f9c3f49492ee4805..a3657aad27f26766ea27dc3580aaa3bbff47b6fe 100644 (file)
--- a/src/pybind/mgr/cephadm/services/ingress.py
+++ b/src/pybind/mgr/cephadm/services/ingress.py
@@ -97,10 +97,18 @@ class IngressService(CephService):
         # sufficient to detect changes.
         if not spec:
             return []
+
         ingress_spec = cast(IngressSpec, spec)
         assert ingress_spec.backend_service
         daemons = mgr.cache.get_daemons_by_service(ingress_spec.backend_service)
-        return sorted([d.name() for d in daemons])
+        deps = [d.name() for d in daemons]
+        for attr in ['ssl_cert', 'ssl_key']:
+            ssl_cert_key = getattr(ingress_spec, attr, None)
+            if ssl_cert_key:
+                assert isinstance(ssl_cert_key, str)
+                deps.append(f'ssl-cert-key:{str(utils.md5_hash(ssl_cert_key))}')
+
+        return sorted(deps)
 
     def haproxy_generate_config(
             self,
@@ -221,11 +229,12 @@ class IngressService(CephService):
                 "haproxy.cfg": haproxy_conf,
             }
         }
+
         if spec.ssl_cert:
-            ssl_cert = spec.ssl_cert
-            if isinstance(ssl_cert, list):
-                ssl_cert = '\n'.join(ssl_cert)
-            config_files['files']['haproxy.pem'] = ssl_cert
+            config_files['files']['haproxy.pem'] = spec.ssl_cert
+
+        if spec.ssl_key:
+            config_files['files']['haproxy.pem.key'] = spec.ssl_key
 
         return config_files, self.get_haproxy_dependencies(self.mgr, spec)
 
Unnamed repository; edit this file 'description' to name the repository.