ceph: add LE certificates
With a hook to restart RGW services on renewal, if there are any. Live
certificates are linked to the same path under /etc/ceph on each host,
so that the orch service spec is node-independent.
Use with something like this (port 80 must be kept free for standalone
certbot renewal):
service_type: rgw
spec:
rgw_frontend_port: 8080
rgw_frontend_extra_args:
- ssl_port=443
- ssl_private_key=/etc/ceph/privkey.pem
- ssl_certificate=/etc/ceph/fullchain.pem
extra_container_args:
- "--volume"
- "/etc/ceph:/etc/ceph:ro"
- "--volume"
- "/etc/letsencrypt:/etc/letsencrypt:ro"
This commit is contained in:
parent
6e5de53937
commit
46a9ff6fc0
4 changed files with 41 additions and 0 deletions
3
roles/ceph/files/restart-ceph-rgw.sh
Normal file
3
roles/ceph/files/restart-ceph-rgw.sh
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
systemctl restart "ceph-*@rgw.*.$(hostname -s).*.service"
|
||||
Loading…
Add table
Add a link
Reference in a new issue