From 0c1944236bfb397e9dff6ef436569556bc00379d Mon Sep 17 00:00:00 2001
From: fpantano <fpantano@redhat.com>
Date: Tue, 26 Feb 2019 19:51:05 +0100
Subject: [PATCH] Added to the ceph-radosgw service template the ca-trust
 volume avoiding to expose useless information. This bug is referred to the
 following bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1683290

Signed-off-by: fpantano <fpantano@redhat.com>
---
 roles/ceph-rgw/templates/ceph-radosgw.service.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 1e05a8cec..4b327aad2 100644
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -17,6 +17,12 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
   -v /etc/ceph:/etc/ceph:z \
   -v /var/run/ceph:/var/run/ceph:z \
   -v /etc/localtime:/etc/localtime:ro \
+  {% if ansible_distribution == 'RedHat' -%}
+  -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro \
+  -v /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro \
+  {% elif ansible_distribution == 'Ubuntu' -%}
+  -v /etc/ssl/certs:/etc/ssl/certs:ro \
+  {% endif -%}
   -e CEPH_DAEMON=RGW \
   -e CLUSTER={{ cluster }} \
   -e RGW_NAME={{ ansible_hostname }}.${INST_NAME} \
-- 
2.39.5