dashboard: allow remote TLS cert/key copy

When using TLS on the ceph dashboard or grafana services, we can provide
the TLS certificate and key.
Those files should be present on the ansible controller and they will be
copyied to the right node(s).
In some situation, the TLS certificate and key could be already present
on the target node and not on the ansible controller.
For this scenario, we just need to copy the files locally (on each remote
host).

This patch adds the dashboard_tls_external variable (with default to
false) to allow users to achieve this scenario when configuring this
variable to true.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1860815
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 0d0f1e71df33484d6619aeaa97eb21d7dfc0ea48)

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index 8346974a56e895fc9dd34c837ceafba7cd986a9e..4cf5f16df41bf4a25cade2c089722fdb683d1233 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -749,6 +749,7 @@ dummy:
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_tls_external: false
 #dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''

diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index 5c847705de575d4a8870ad8d5bb30c5215df016f..f2a8f254213a35ff55bd68d6cb4ed8a08c5667a3 100644 (file)
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -749,6 +749,7 @@ ceph_docker_registry_auth: true
 # We only need this for SSL (https) connections
 #dashboard_crt: ''
 #dashboard_key: ''
+#dashboard_tls_external: false
 #dashboard_grafana_api_no_ssl_verify: False
 #dashboard_rgw_api_user_id: ceph-dashboard
 #dashboard_rgw_api_admin_resource: ''

diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml
index 2405ad69e0e1867f58a4a68633a1df801cef5366..461d893d0efbbce105b6f031c1e0cdfe02993b8f 100644 (file)
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -25,6 +25,7 @@
         owner: root
         group: root
         mode: 0440
+        remote_src: "{{ dashboard_tls_external | bool }}"
       delegate_to: "{{ groups[mon_group_name][0] }}"
       when: dashboard_crt | length > 0
 
@@ -35,6 +36,7 @@
         owner: root
         group: root
         mode: 0440
+        remote_src: "{{ dashboard_tls_external | bool }}"
       delegate_to: "{{ groups[mon_group_name][0] }}"
       when: dashboard_key | length > 0
 

diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index 2561737436b88ead3d1efa9d005a429a1f638784..99e81f69d4e391cee152bdd4fe54622daafe0ff2 100644 (file)
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -741,6 +741,7 @@ dashboard_admin_user_ro: false
 # We only need this for SSL (https) connections
 dashboard_crt: ''
 dashboard_key: ''
+dashboard_tls_external: false
 dashboard_grafana_api_no_ssl_verify: False
 dashboard_rgw_api_user_id: ceph-dashboard
 dashboard_rgw_api_admin_resource: ''

diff --git a/roles/ceph-grafana/tasks/configure_grafana.yml b/roles/ceph-grafana/tasks/configure_grafana.yml
index f38eb1c1cd0972df1fe41cd13fff7c6df9c7ce39..5275b89f9ce0dfa23fbcd8d514088283bd04e20b 100644 (file)
--- a/roles/ceph-grafana/tasks/configure_grafana.yml
+++ b/roles/ceph-grafana/tasks/configure_grafana.yml
@@ -75,6 +75,7 @@
     owner: "{{ grafana_uid }}"
     group: "{{ grafana_uid }}"
     mode: 0640
+    remote_src: "{{ dashboard_tls_external | bool }}"
   when:
     - grafana_crt | length > 0
     - dashboard_protocol == "https"
@@ -86,6 +87,7 @@
     owner: "{{ grafana_uid }}"
     group: "{{ grafana_uid }}"
     mode: 0440
+    remote_src: "{{ dashboard_tls_external | bool }}"
   when:
     - grafana_key | length > 0
     - dashboard_protocol == "https"