From 364951ce2f176c0171799660891738b7793e0bd1 Mon Sep 17 00:00:00 2001
From: Dimitri Savineau <dsavinea@redhat.com>
Date: Mon, 26 Aug 2019 10:47:05 -0400
Subject: [PATCH] ceph-mon: Bind mount the ca-trust directory

On containerized deployment, the mon container sometimes needs to
access to the radosgw endpoint (via the radosgw-admin command). When
using TLS on the radosgw with self-signed certificates then we need to
access to the CA certification from the mon container.
The CA certificate needs to be added on the host and then the directory
will be bind mount on the container.

Resolves: #4358

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 2b0616ecca1f526dd669d00b7b5f501affebb6ca)
---
 roles/ceph-mon/templates/ceph-mon.service.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/ceph-mon/templates/ceph-mon.service.j2 b/roles/ceph-mon/templates/ceph-mon.service.j2
index 28db4493e..68f7b587d 100644
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@@ -22,6 +22,9 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
   -v /var/run/ceph:/var/run/ceph:z \
   -v /etc/localtime:/etc/localtime:ro \
   -v /var/log/ceph:/var/log/ceph:z \
+{% if ansible_distribution == 'RedHat' -%}
+  -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:z \
+{% endif -%}
 {% if mon_docker_privileged -%}
   --privileged \
 {% endif -%}
-- 
2.39.5