From: Redouane Kachach Date: Fri, 7 Feb 2025 10:46:45 +0000 (+0100) Subject: mgr/cephadm: adding the SSL cert as a dependency for ingress service X-Git-Tag: v20.0.0~107^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8dbc5f84265035abe9f74aacbbeab2cc887359cc;p=ceph.git mgr/cephadm: adding the SSL cert as a dependency for ingress service This way when the user changes the SSL certificate in the spec and performs an 'orch apply' cephadm will detect the change and reconfigure the ingress service automatically. In addition we are also adding the ssl_key because it was not included in the generated haproxy configuration. Signed-off-by: Redouane Kachach --- diff --git a/src/pybind/mgr/cephadm/services/ingress.py b/src/pybind/mgr/cephadm/services/ingress.py index 60fc586da85c..a3657aad27f2 100644 --- a/src/pybind/mgr/cephadm/services/ingress.py +++ b/src/pybind/mgr/cephadm/services/ingress.py @@ -97,10 +97,18 @@ class IngressService(CephService): # sufficient to detect changes. if not spec: return [] + ingress_spec = cast(IngressSpec, spec) assert ingress_spec.backend_service daemons = mgr.cache.get_daemons_by_service(ingress_spec.backend_service) - return sorted([d.name() for d in daemons]) + deps = [d.name() for d in daemons] + for attr in ['ssl_cert', 'ssl_key']: + ssl_cert_key = getattr(ingress_spec, attr, None) + if ssl_cert_key: + assert isinstance(ssl_cert_key, str) + deps.append(f'ssl-cert-key:{str(utils.md5_hash(ssl_cert_key))}') + + return sorted(deps) def haproxy_generate_config( self, @@ -221,11 +229,12 @@ class IngressService(CephService): "haproxy.cfg": haproxy_conf, } } + if spec.ssl_cert: - ssl_cert = spec.ssl_cert - if isinstance(ssl_cert, list): - ssl_cert = '\n'.join(ssl_cert) - config_files['files']['haproxy.pem'] = ssl_cert + config_files['files']['haproxy.pem'] = spec.ssl_cert + + if spec.ssl_key: + config_files['files']['haproxy.pem.key'] = spec.ssl_key return config_files, self.get_haproxy_dependencies(self.mgr, spec)