From 8dbc5f84265035abe9f74aacbbeab2cc887359cc Mon Sep 17 00:00:00 2001 From: Redouane Kachach Date: Fri, 7 Feb 2025 11:46:45 +0100 Subject: [PATCH] mgr/cephadm: adding the SSL cert as a dependency for ingress service This way when the user changes the SSL certificate in the spec and performs an 'orch apply' cephadm will detect the change and reconfigure the ingress service automatically. In addition we are also adding the ssl_key because it was not included in the generated haproxy configuration. Signed-off-by: Redouane Kachach --- src/pybind/mgr/cephadm/services/ingress.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/pybind/mgr/cephadm/services/ingress.py b/src/pybind/mgr/cephadm/services/ingress.py index 60fc586da85..a3657aad27f 100644 --- a/src/pybind/mgr/cephadm/services/ingress.py +++ b/src/pybind/mgr/cephadm/services/ingress.py @@ -97,10 +97,18 @@ class IngressService(CephService): # sufficient to detect changes. if not spec: return [] + ingress_spec = cast(IngressSpec, spec) assert ingress_spec.backend_service daemons = mgr.cache.get_daemons_by_service(ingress_spec.backend_service) - return sorted([d.name() for d in daemons]) + deps = [d.name() for d in daemons] + for attr in ['ssl_cert', 'ssl_key']: + ssl_cert_key = getattr(ingress_spec, attr, None) + if ssl_cert_key: + assert isinstance(ssl_cert_key, str) + deps.append(f'ssl-cert-key:{str(utils.md5_hash(ssl_cert_key))}') + + return sorted(deps) def haproxy_generate_config( self, @@ -221,11 +229,12 @@ class IngressService(CephService): "haproxy.cfg": haproxy_conf, } } + if spec.ssl_cert: - ssl_cert = spec.ssl_cert - if isinstance(ssl_cert, list): - ssl_cert = '\n'.join(ssl_cert) - config_files['files']['haproxy.pem'] = ssl_cert + config_files['files']['haproxy.pem'] = spec.ssl_cert + + if spec.ssl_key: + config_files['files']['haproxy.pem.key'] = spec.ssl_key return config_files, self.get_haproxy_dependencies(self.mgr, spec) -- 2.47.3