mgr/cephadm: optionally add kmip block to ganesha conf

If all the kmip fields were set

Signed-off-by: Adam King <[email protected]>
(cherry picked from commit ab33d16)

Conflicts:
	src/pybind/mgr/cephadm/services/nfs.py

Resolves: rhbz#2373703

Author: adk3798

src/pybind/mgr/cephadm/services/nfs.py

@@ -121,6 +121,8 @@ def generate_config(self, daemon_spec: CephadmDaemonDeploySpec) -> Tuple[Dict[st
         if monitoring_ip:
             daemon_spec.port_ips.update({str(monitoring_port): monitoring_ip})
 
+        add_kmip_block = (spec.kmip_cert and spec.kmip_key and spec.kmip_ca_cert and spec.kmip_host_list)
+
         # generate the ganesha config
         def get_ganesha_conf() -> str:
             context: Dict[str, Any] = {
@@ -140,6 +142,7 @@ def get_ganesha_conf() -> str:
                 "enable_nlm": str(spec.enable_nlm).lower(),
                 "cluster_id": self.mgr._cluster_fsid,
                 "enable_virtual_server": str(spec.enable_virtual_server).lower(),
+                "kmip_addrs": spec.kmip_host_list if add_kmip_block else None,
                 "use_old_nodeid": False if nodeid.isdigit() else True
             }
             if spec.enable_haproxy_protocol:

src/pybind/mgr/cephadm/templates/services/nfs/ganesha.conf.j2

@@ -53,4 +53,17 @@ Ceph {
 }
 {% endif %}
 
+{% if kmip_addrs %}
+KMIP {
+            HOST {
+{% for kmip_addr in kmip_addrs %}
+                     addr = {{ kmip_addr }};
+{% endfor %}
+            }
+            cert = /etc/ganesha/kmip/kmip_cert.pem;
+            key = /etc/ganesha/kmip/kmip_key.pem;
+            ca = /etc/ganesha/kmip/kmip_ca_cert.pem;
+}
+{% endif %}
+
 %url    {{ url }}