Fix ceph 9 RGW deployment

[fmount]

rgw_frontend_ssl_certificate has been deprecated in ceph8 and in ceph9 doesn't work properly anymore. There's a new way of setting both cert and key when ssl is used and is fully documented in [1].
This patch preserves the old way of deploying rgw through a new var used to execute the old code. When rgw_ssl_backward_compatibility is set, the old facts are created, resulting in populating the old variables, otherwise the new method based on ssl_cert and ssl_key fields is applied.

[1] https://docs.ceph.com/en/latest/cephadm/services/rgw/

Jira: https://issues.redhat.com/browse/OSPRH-21250

[fmount]

Early testing looks promising:

======
Totals
======
Ran: 142 tests in 132.5648 sec.
 - Passed: 130
 - Skipped: 12
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0

[danpawlik]

@fmount should it be DNM (PR has such label)?

[fmount]

@fmount should it be DNM (PR has such label)?

If the current / in progress uni03gamma regression testing works as expected, I will remove the do-not-merge label.
In any case feel free to review if you have additional comments.

[fmount]

both unigamma (which deploys ceph 7) and unidelta (where we have ceph 8 and we're going to move to 9) are working properly with this patch. By default we keep backward compatibility, so no changes are required for the existing jobs, while for unidelta we're going to have a ci-framework-jobs patch where we explicitly pass cifmw_rgw_ssl_backward_compatibility: false to build the RGW spec with the new fields.

[fmount]

rebased.

[katarimanojk]

/lgtm

[fmount]

Note from myself: we need to cherry-pick this patch to FR4 as a prereq for the transition to Ceph 9.

[fultonj]

Ah the charming little differences that keep life interesting....

"deprecated in ceph8 and in ceph9 doesn't work properly anymore. There's a new way of setting both cert and key when ssl is used and is fully documented in [1]."

https://docs.ceph.com/en/latest/cephadm/services/rgw/

[fultonj]

/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: fultonj

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fmount]

/retest

[tosky]

The change makes sense and the default behavior is unchanged.

[katarimanojk]

/lgtm

[fmount]

/cherry-pick 18.0-fr4

[openshift-cherrypick-robot]

@fmount: cannot checkout 18.0-fr4: error checking out "18.0-fr4": exit status 1 error: pathspec '18.0-fr4' did not match any file(s) known to git

Details

In response to this:

/cherry-pick 18.0-fr4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.