From: Daniel Swarbrick <daniel.swarbrick1@ionos.com>
Date: Tue, 12 May 2026 14:15:07 +0000 (+0200)
Subject: Support host's CA bundle on Debian-like distros
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;p=ceph-ansible.git

Support host's CA bundle on Debian-like distros

Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
---

diff --git a/roles/ceph-mon/templates/ceph-mon.service.j2 b/roles/ceph-mon/templates/ceph-mon.service.j2
index 0f29470bc..f7859f4e7 100644
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@@ -33,6 +33,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
+{% elif ansible_facts['os_family'] == 'Debian' -%}
+  -v /etc/ssl/certs/ca-certificates.crt:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro \
 {% endif -%}
 {% if mon_docker_privileged | bool -%}
   --privileged \
diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 38fd96818..7ca49f8f0 100644
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -42,6 +42,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
+{% elif ansible_facts['os_family'] == 'Debian' -%}
+  -v /etc/ssl/certs/ca-certificates.crt:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro \
 {% endif -%}
 {% if radosgw_frontend_ssl_certificate -%}
   -v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }} \