From 107fb32bfb1fad9e73c40a764021430ea20a9238 Mon Sep 17 00:00:00 2001
From: aza547 <alexander-12345@hotmail.co.uk>
Date: Sun, 26 Jan 2025 18:10:59 +0000
Subject: [PATCH] Allow passing ssl_certificate as an rgw_frontend_extra_arg.

Fixes: https://tracker.ceph.com/issues/69567
Signed-off-by: Alexander Hussein-Kershaw <alexhus@microsoft.com>
(cherry picked from commit 154307e817a0646e7171906d34353c6af0e82dee)

Conflicts:
	src/pybind/mgr/cephadm/services/cephadmservice.py
---
 src/pybind/mgr/cephadm/services/cephadmservice.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py
index 1792cd28fcca1..8b191f3607e05 100644
--- a/src/pybind/mgr/cephadm/services/cephadmservice.py
+++ b/src/pybind/mgr/cephadm/services/cephadmservice.py
@@ -1008,6 +1008,14 @@ class RgwService(CephService):
         # configure frontend
         args = []
         ftype = spec.rgw_frontend_type or "beast"
+
+        # if an ssl_certificate arg was passed as part of rgw_frontend_extra_args
+        # then we shouldn't add it automatically else the rgw won't start
+        extra_ssl_cert_provided = any(
+            arg.startswith("ssl_certificate=")
+            for arg in (spec.rgw_frontend_extra_args or [])
+        )
+
         if ftype == 'beast':
             if spec.ssl:
                 if daemon_spec.ip:
@@ -1015,7 +1023,8 @@ class RgwService(CephService):
                         f"ssl_endpoint={build_url(host=daemon_spec.ip, port=port).lstrip('/')}")
                 else:
                     args.append(f"ssl_port={port}")
-                args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}")
+                if not extra_ssl_cert_provided:
+                    args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}")
             else:
                 if daemon_spec.ip:
                     args.append(f"endpoint={build_url(host=daemon_spec.ip, port=port).lstrip('/')}")
@@ -1028,7 +1037,8 @@ class RgwService(CephService):
                     args.append(f"port={build_url(host=daemon_spec.ip, port=port).lstrip('/')}s")
                 else:
                     args.append(f"port={port}s")  # note the 's' suffix on port
-                args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}")
+                if not extra_ssl_cert_provided:
+                    args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}")
             else:
                 if daemon_spec.ip:
                     args.append(f"port={build_url(host=daemon_spec.ip, port=port).lstrip('/')}")
-- 
2.39.5