Add dashboard_tls_external ceph-ansible parameter

This change adds the dashboard_tls_external parameter to the ceph-ansible group_vars when tls-everywhere is enabled. By doing this ceph-ansible looks for cert/keys on the overcloud nodes (where certmonger generates them) instead of assuming they're present in the undercloud. Change-Id: Ia8f537d847c1854893df0646fb59edfb2536de89
openstack-archive · Sep 16, 2020 · 53d892a · 53d892a
1 parent 003effe
commit 53d892a
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/deployment/ceph-ansible/ceph-base.yaml b/deployment/ceph-ansible/ceph-base.yaml
@@ -326,6 +326,9 @@ parameters:
     type: string
     constraints:
     - allowed_values: ['swift', 'file', 'rbd', 's3']
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 parameter_groups:
 - label: deprecated
@@ -374,6 +377,7 @@ conditions:
     equals:
       - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
       - 6
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
   ContainerImageUrlParts:
@@ -615,6 +619,12 @@ outputs:
                   if:
                   - dashboard_is_enabled
                   - map_merge:
+                    - if:
+                      - internal_tls_enabled
+                      -
+                        dashboard_tls_external: true
+                        dashboard_grafana_api_no_ssl_verify: true
+                      - {}
                     - {get_attr: [CephBaseAnsibleVars, value, vars]}
                     - dashboard_admin_password: {get_param: CephDashboardAdminPassword}
                     - grafana_admin_password: {get_param: CephGrafanaAdminPassword}