From 9b843c24f96d981e1c14466ae0c1c60969589a2e Mon Sep 17 00:00:00 2001
From: fpantano <fpantano@redhat.com>
Date: Tue, 26 Feb 2019 19:51:05 +0100
Subject: [PATCH] Added to the ceph-radosgw service template the ca-trust
 volume avoiding to expose useless information. This bug is referred to the
 following bugzilla:

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1683290

Signed-off-by: fpantano <fpantano@redhat.com>
(cherry picked from commit 0c1944236bfb397e9dff6ef436569556bc00379d)
---
 roles/ceph-rgw/templates/ceph-radosgw.service.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 98b6344d3..ae04f0fcf 100644
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -23,6 +23,12 @@ ExecStart=/usr/bin/docker run --rm --net=host \
   -e KV_PORT={{ kv_port }} \
   {% endif -%}
   -v /etc/localtime:/etc/localtime:ro \
+  {% if ansible_distribution == 'RedHat' -%}
+  -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro \
+  -v /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro \
+  {% elif ansible_distribution == 'Ubuntu' -%}
+  -v /etc/ssl/certs:/etc/ssl/certs:ro \
+  {% endif -%}
   -e CEPH_DAEMON=RGW \
   -e CLUSTER={{ cluster }} \
   --name=ceph-rgw-{{ ansible_hostname }} \
-- 
2.47.3