From: fpantano <fpantano@redhat.com>
Date: Tue, 26 Feb 2019 18:51:05 +0000 (+0100)
Subject: Added to the ceph-radosgw service template the ca-trust
X-Git-Tag: v4.0.0rc1~73
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=0c1944236bfb397e9dff6ef436569556bc00379d;p=ceph-ansible.git

Added to the ceph-radosgw service template the ca-trust
volume avoiding to expose useless information.
This bug is referred to the following bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1683290

Signed-off-by: fpantano <fpantano@redhat.com>
---

diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 1e05a8cec..4b327aad2 100644
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -17,6 +17,12 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
   -v /etc/ceph:/etc/ceph:z \
   -v /var/run/ceph:/var/run/ceph:z \
   -v /etc/localtime:/etc/localtime:ro \
+  {% if ansible_distribution == 'RedHat' -%}
+  -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro \
+  -v /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro \
+  {% elif ansible_distribution == 'Ubuntu' -%}
+  -v /etc/ssl/certs:/etc/ssl/certs:ro \
+  {% endif -%}
   -e CEPH_DAEMON=RGW \
   -e CLUSTER={{ cluster }} \
   -e RGW_NAME={{ ansible_hostname }}.${INST_NAME} \