From: aza547 Date: Sun, 26 Jan 2025 18:10:59 +0000 (+0000) Subject: Allow passing ssl_certificate as an rgw_frontend_extra_arg. X-Git-Tag: v20.0.0~297^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=154307e817a0646e7171906d34353c6af0e82dee;p=ceph.git Allow passing ssl_certificate as an rgw_frontend_extra_arg. Fixes: https://tracker.ceph.com/issues/69567 Signed-off-by: Alexander Hussein-Kershaw fix markup --- diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py index 4f83d7bb0fb52..9cefe72f8581f 100644 --- a/src/pybind/mgr/cephadm/services/cephadmservice.py +++ b/src/pybind/mgr/cephadm/services/cephadmservice.py @@ -1078,6 +1078,17 @@ class RgwService(CephService): # configure frontend args = [] ftype = spec.rgw_frontend_type or "beast" + + # if an ssl_certificate arg was passed as part of rgw_frontend_extra_args + # then we shouldn't add it automatically else the rgw won't start + extra_ssl_cert_provided = any( + arg.startswith("ssl_certificate=") + for arg in (spec.rgw_frontend_extra_args or []) + ) + + if extra_ssl_cert_provided and spec.generate_cert: + raise OrchestratorError("Cannot provide ssl_certificate in combination with generate_cert") + if ftype == 'beast': if spec.ssl: if daemon_spec.ip: @@ -1087,7 +1098,7 @@ class RgwService(CephService): args.append(f"ssl_port={port}") if spec.generate_cert: args.append(f"ssl_certificate=config://rgw/cert/{daemon_spec.name()}") - else: + elif not extra_ssl_cert_provided: args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}") else: if daemon_spec.ip: @@ -1103,7 +1114,7 @@ class RgwService(CephService): args.append(f"port={port}s") # note the 's' suffix on port if spec.generate_cert: args.append(f"ssl_certificate=config://rgw/cert/{daemon_spec.name()}") - else: + elif not extra_ssl_cert_provided: args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}") else: if daemon_spec.ip: