rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity
servers/roles/ceph
History
Timotej Lazar 46a9ff6fc0 ceph: add LE certificates 
With a hook to restart RGW services on renewal, if there are any. Live
certificates are linked to the same path under /etc/ceph on each host,
so that the orch service spec is node-independent.

Use with something like this (port 80 must be kept free for standalone
certbot renewal):

    service_type: rgw
    spec:
      rgw_frontend_port: 8080
      rgw_frontend_extra_args:
        - ssl_port=443
        - ssl_private_key=/etc/ceph/privkey.pem
        - ssl_certificate=/etc/ceph/fullchain.pem
    extra_container_args:
      - "--volume"
      - "/etc/ceph:/etc/ceph:ro"
      - "--volume"
      - "/etc/letsencrypt:/etc/letsencrypt:ro"
2024-11-08 16:38:15 +01:00
..
files ceph: add LE certificates 2024-11-08 16:38:15 +01:00
handlers ceph: set NTP servers 2024-06-19 15:07:59 +02:00
tasks ceph: add LE certificates 2024-11-08 16:38:15 +01:00
templates ceph: add LE certificates 2024-11-08 16:38:15 +01:00