From: Dimitri Savineau <dsavinea@redhat.com>
Date: Mon, 26 Aug 2019 14:47:05 +0000 (-0400)
Subject: ceph-mon: Bind mount the ca-trust directory
X-Git-Tag: v4.0.0rc14~8
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=364951ce2f176c0171799660891738b7793e0bd1;p=ceph-ansible.git

ceph-mon: Bind mount the ca-trust directory

On containerized deployment, the mon container sometimes needs to
access to the radosgw endpoint (via the radosgw-admin command). When
using TLS on the radosgw with self-signed certificates then we need to
access to the CA certification from the mon container.
The CA certificate needs to be added on the host and then the directory
will be bind mount on the container.

Resolves: #4358

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 2b0616ecca1f526dd669d00b7b5f501affebb6ca)
---

diff --git a/roles/ceph-mon/templates/ceph-mon.service.j2 b/roles/ceph-mon/templates/ceph-mon.service.j2
index 28db4493e..68f7b587d 100644
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@@ -22,6 +22,9 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
   -v /var/run/ceph:/var/run/ceph:z \
   -v /etc/localtime:/etc/localtime:ro \
   -v /var/log/ceph:/var/log/ceph:z \
+{% if ansible_distribution == 'RedHat' -%}
+  -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:z \
+{% endif -%}
 {% if mon_docker_privileged -%}
   --privileged \
 {% endif -%}