adopt: import rgw ssl certificate into kv store

Without this, when rgw is managed by cephadm, it fails to start because the ssl certificate isn't present in the kv store. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987010 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
ceph · Jul 28, 2021 · b7a764f · b7a764f
1 parent d7653dc
commit b7a764f
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/infrastructure-playbooks/cephadm-adopt.yml b/infrastructure-playbooks/cephadm-adopt.yml
@@ -755,16 +755,33 @@
           environment:
             CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
 
+        - name: import rgw ssl certificate into kv store
+          when: radosgw_frontend_ssl_certificate | length > 0
+          block:
+            - name: slurp rgw ssl certificate
+              slurp:
+                src: "{{ radosgw_frontend_ssl_certificate }}"
+              register: rgw_ssl_cert
+              run_once: true
+
+            - name: store ssl certificate in kv store
+              command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} config-key set rgw/cert/rgw.{{ rgw_realm | default('default') }}.{{ rgw_zone | default('default') }}.{{ radosgw_frontend_port }} {{ rgw_ssl_cert.content | b64decode }}"
+              run_once: true
+              changed_when: false
+              delegate_to: "{{ groups[mon_group_name][0] }}"
+              environment:
+                CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
+
         - name: update the placement of radosgw hosts
-          command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} orch apply rgw {{ cluster }} {{ rgw_realm | default('default') }} {{ rgw_zone | default('default') }} --placement='count-per-host:{{ radosgw_num_instances }} label:{{ rgw_group_name }}' --port={{ radosgw_frontend_port }} {{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}"
+          command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} orch apply rgw {{ rgw_realm | default('default') }}.{{ rgw_zone | default('default') }}.{{ radosgw_frontend_port }} {{ rgw_realm | default('default') }} {{ rgw_zone | default('default') }} --placement='count-per-host:{{ radosgw_num_instances }} label:{{ rgw_group_name }}' --port={{ radosgw_frontend_port }} {{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}"
           run_once: true
           changed_when: false
           delegate_to: "{{ groups[mon_group_name][0] }}"
           environment:
             CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
 
     - name: update the placement of radosgw multisite hosts
-      command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} orch apply rgw {{ item.host }}.{{ item.rgw_realm }}.{{ item.rgw_zone }}.{{ item.radosgw_frontend_port }} --realm={{ item.rgw_realm }} --zone={{ item.rgw_zone }} --port={{ item.radosgw_frontend_port }} --placement={{ item.host }}"
+      command: "{{ cephadm_cmd }} shell --fsid {{ fsid }} -- ceph --cluster {{ cluster }} orch apply rgw {{ item.host }}.{{ item.rgw_realm }}.{{ item.rgw_zone }}.{{ item.radosgw_frontend_port }} --realm={{ item.rgw_realm }} --zone={{ item.rgw_zone }} --port={{ item.radosgw_frontend_port }} --placement={{ item.host }} {{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}"
       changed_when: false
       with_items: "{{ rgw_instances_all }}"
       when: rgw_multisite | bool