From 72bbc8285e74e325b8e5f716747e2d4ae3c72227 Mon Sep 17 00:00:00 2001
From: Guillaume Abrioux <gabrioux@redhat.com>
Date: Mon, 5 Jul 2021 17:49:26 +0200
Subject: [PATCH] dashboard: support dedicated network for the dashboard

This introduces a new variable `dashboard_network` in order to support
deploying the dashboard on a different subnet.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f4f73b61972f416db9fe6ec305de282094581e07)
---
 group_vars/all.yml.sample                          | 2 ++
 group_vars/rhcs.yml.sample                         | 2 ++
 roles/ceph-dashboard/tasks/configure_dashboard.yml | 8 ++++----
 roles/ceph-defaults/defaults/main.yml              | 2 ++
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index e52bae535..7a6ff86d5 100644
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -743,6 +743,8 @@ dummy:
 # then we will autogenerate a cert and keyfile
 #dashboard_protocol: https
 #dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+#dashboard_network: "{{ public_network }}"
 #dashboard_admin_user: admin
 #dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True
diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample
index 5e8a5af5b..43e90ae52 100644
--- a/group_vars/rhcs.yml.sample
+++ b/group_vars/rhcs.yml.sample
@@ -743,6 +743,8 @@ ceph_docker_registry_auth: true
 # then we will autogenerate a cert and keyfile
 #dashboard_protocol: https
 #dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+#dashboard_network: "{{ public_network }}"
 #dashboard_admin_user: admin
 #dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True
diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml
index 4473f3b69..6de90b2b4 100644
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -10,12 +10,12 @@
 
 - name: get current mgr backend - ipv4
   set_fact:
-    mgr_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}"
+    dashboard_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(dashboard_network.split(',')) | first }}"
   when: ip_version == 'ipv4'
 
 - name: get current mgr backend - ipv6
   set_fact:
-    mgr_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last }}"
+    dashboard_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(dashboard_network.split(',')) | last }}"
   when: ip_version == 'ipv6'
 
 - name: disable SSL for dashboard
@@ -61,7 +61,7 @@
           set_fact:
             subj_alt_names: >
               {% for host in groups[mgr_group_name] | default(groups[mon_group_name]) -%}
-              subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['mgr_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
+              subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['dashboard_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
               {%- if loop.last %}/{% endif %}
               {%- endfor -%}
           run_once: true
@@ -120,7 +120,7 @@
   failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0
 
 - name: config the current dashboard backend
-  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['mgr_server_addr'] }}"
+  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['dashboard_server_addr'] }}"
   delegate_to: "{{ groups[mon_group_name][0] }}"
   changed_when: false
   run_once: true
diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index d26d6cfd4..fe4408ae9 100644
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -735,6 +735,8 @@ dashboard_enabled: True
 # then we will autogenerate a cert and keyfile
 dashboard_protocol: https
 dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+dashboard_network: "{{ public_network }}"
 dashboard_admin_user: admin
 dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True
-- 
2.39.5