From 2dec0954304e1688b3694eb0f93a64d20c50f4ac Mon Sep 17 00:00:00 2001
From: Daniel Swarbrick <daniel.swarbrick1@ionos.com>
Date: Tue, 12 May 2026 16:15:07 +0200
Subject: [PATCH] Support host's CA bundle on Debian-like distros

Signed-off-by: Daniel Swarbrick <daniel.swarbrick@gmail.com>
---
 roles/ceph-mon/templates/ceph-mon.service.j2     | 2 ++
 roles/ceph-rgw/templates/ceph-radosgw.service.j2 | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/roles/ceph-mon/templates/ceph-mon.service.j2 b/roles/ceph-mon/templates/ceph-mon.service.j2
index 0f29470bc..f7859f4e7 100644
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@@ -33,6 +33,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
+{% elif ansible_facts['os_family'] == 'Debian' -%}
+  -v /etc/ssl/certs/ca-certificates.crt:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro \
 {% endif -%}
 {% if mon_docker_privileged | bool -%}
   --privileged \
diff --git a/roles/ceph-rgw/templates/ceph-radosgw.service.j2 b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
index 38fd96818..7ca49f8f0 100644
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@@ -42,6 +42,8 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% endfor %}
 {% if ansible_facts['os_family'] == 'RedHat' -%}
   -v /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted \
+{% elif ansible_facts['os_family'] == 'Debian' -%}
+  -v /etc/ssl/certs/ca-certificates.crt:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro \
 {% endif -%}
 {% if radosgw_frontend_ssl_certificate -%}
   -v {{ radosgw_frontend_ssl_certificate }}:{{ radosgw_frontend_ssl_certificate }} \
-- 
2.47.3