From: Dimitri Savineau Date: Wed, 18 Mar 2020 14:53:40 +0000 (-0400) Subject: dashboard: allow to set read-only admin user X-Git-Tag: v6.0.0alpha1~4 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fb69f6990ce0bf4c9cd4caf9ce7a29e15ab07cfd;p=ceph-ansible.git dashboard: allow to set read-only admin user This commit allows one to set the role for the admin user as read-only. This can be controlled via the dashboard_admin_user_ro variable but the default value is false for backward compatibility. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1810176 Signed-off-by: Dimitri Savineau --- diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index b0bb29d24..3b31f8f35 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -754,6 +754,7 @@ dummy: #dashboard_protocol: http #dashboard_port: 8443 #dashboard_admin_user: admin +#dashboard_admin_user_ro: false # This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample index ca165af3c..092e93628 100644 --- a/group_vars/rhcs.yml.sample +++ b/group_vars/rhcs.yml.sample @@ -754,6 +754,7 @@ ceph_docker_registry_auth: true #dashboard_protocol: http #dashboard_port: 8443 #dashboard_admin_user: admin +#dashboard_admin_user_ro: false # This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml index b579a7bf1..eff7abd8c 100644 --- a/roles/ceph-dashboard/tasks/configure_dashboard.yml +++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml @@ -84,7 +84,7 @@ if {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}; then {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} else - {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} administrator + {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }} fi retries: 6 delay: 5 diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index 0d9cb3c5a..7e98826d9 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -746,6 +746,7 @@ dashboard_enabled: True dashboard_protocol: http dashboard_port: 8443 dashboard_admin_user: admin +dashboard_admin_user_ro: false # This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections diff --git a/tests/functional/collocation/container/group_vars/all b/tests/functional/collocation/container/group_vars/all index 210071290..cc7c6abd3 100644 --- a/tests/functional/collocation/container/group_vars/all +++ b/tests/functional/collocation/container/group_vars/all @@ -22,4 +22,5 @@ ceph_conf_overrides: handler_health_mon_check_delay: 10 handler_health_osd_check_delay: 10 dashboard_admin_password: $sX!cD$rYU6qR^B! +dashboard_admin_user_ro: true grafana_admin_password: +xFRe+RES@7vg24n \ No newline at end of file diff --git a/tests/functional/collocation/group_vars/all b/tests/functional/collocation/group_vars/all index e940b331a..e7fa594ed 100644 --- a/tests/functional/collocation/group_vars/all +++ b/tests/functional/collocation/group_vars/all @@ -19,4 +19,5 @@ ceph_conf_overrides: handler_health_mon_check_delay: 10 handler_health_osd_check_delay: 10 dashboard_admin_password: $sX!cD$rYU6qR^B! +dashboard_admin_user_ro: true grafana_admin_password: +xFRe+RES@7vg24n \ No newline at end of file