Skip to content

Commit 892aaba

Browse files
adk3798adk3798
authored
Merge pull request ceph#61530 from aza547/ssl_cert
cephadm: rgw: allow specifying the ssl_certificate by filepath Reviewed-by: Adam King <[email protected]>
2 parents cffbbb1 + 154307e commit 892aaba

File tree

1 file changed

+13
-2
lines changed

1 file changed

+13
-2
lines changed

src/pybind/mgr/cephadm/services/cephadmservice.py

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1085,6 +1085,17 @@ def prepare_create(self, daemon_spec: CephadmDaemonDeploySpec) -> CephadmDaemonD
10851085
# configure frontend
10861086
args = []
10871087
ftype = spec.rgw_frontend_type or "beast"
1088+
1089+
# if an ssl_certificate arg was passed as part of rgw_frontend_extra_args
1090+
# then we shouldn't add it automatically else the rgw won't start
1091+
extra_ssl_cert_provided = any(
1092+
arg.startswith("ssl_certificate=")
1093+
for arg in (spec.rgw_frontend_extra_args or [])
1094+
)
1095+
1096+
if extra_ssl_cert_provided and spec.generate_cert:
1097+
raise OrchestratorError("Cannot provide ssl_certificate in combination with generate_cert")
1098+
10881099
if ftype == 'beast':
10891100
if spec.ssl:
10901101
if daemon_spec.ip:
@@ -1094,7 +1105,7 @@ def prepare_create(self, daemon_spec: CephadmDaemonDeploySpec) -> CephadmDaemonD
10941105
args.append(f"ssl_port={port}")
10951106
if spec.generate_cert:
10961107
args.append(f"ssl_certificate=config://rgw/cert/{daemon_spec.name()}")
1097-
else:
1108+
elif not extra_ssl_cert_provided:
10981109
args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}")
10991110
else:
11001111
if daemon_spec.ip:
@@ -1110,7 +1121,7 @@ def prepare_create(self, daemon_spec: CephadmDaemonDeploySpec) -> CephadmDaemonD
11101121
args.append(f"port={port}s") # note the 's' suffix on port
11111122
if spec.generate_cert:
11121123
args.append(f"ssl_certificate=config://rgw/cert/{daemon_spec.name()}")
1113-
else:
1124+
elif not extra_ssl_cert_provided:
11141125
args.append(f"ssl_certificate=config://rgw/cert/{spec.service_name()}")
11151126
else:
11161127
if daemon_spec.ip:

0 commit comments

Comments
 (0)