Add radosgw_frontend_ssl_certificate parameter

[gfidente]

This is necessary when configuring RGW/civetweb with SSL because
in addition to passing a specific frontend option, we need to
append the 's' character to the binding port.

Signed-off-by: Giulio Fidente gfidente@redhat.com

[dsavineau]

Could you add the Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1721914 statement in the commit body ?
Also I'm wondering if we could do both ssl implementation in the same time instead of civetweb only. wdyt ?

[dsavineau]

The jinja template still fails.
Also for beast you need the ssl key in a different file so there's another option for that.

http://docs.ceph.com/docs/master/radosgw/frontends/#options

[dsavineau]

Nevermind, I didn't read the documentation correctly. So it's fine with only one combined file for both civetweb and beast

[ktdreyer]

Do we need to backport this to stable-4.0 for OSP, @gfidente ?

[dsavineau]

@ktdreyer According to https://bugzilla.redhat.com/show_bug.cgi?id=1722071 yes

[dsavineau]

@gfidente the code looks good but there's some part missing

• The ssl file needs to be available within the radosgw container. So we probably need to add a bind mount around there [1]. Note that we should change ansible_distribution by ansible_os_family.
• The radosgw handler needs to be updated to reflect the protocol [2].

[1] https://github.com/ceph/ceph-ansible/blob/master/roles/ceph-rgw/templates/ceph-radosgw.service.j2#L31-L33
[2] https://github.com/ceph/ceph-ansible/blob/master/roles/ceph-handler/templates/restart_rgw_daemon.sh.j2#L60

[gfidente]

@dsavineau thanks for the review, will do

[dsavineau]

jenkins test pipeline

[dsavineau]

mergify failed to merge, doing it manually