Bug #54974
openApplying rgwspec with new certificate does not apply
0%
Description
At one point I had this spec:
service_type: rgw
service_id: default
spec:
rgw_frontend_port: 443
rgw_frontend_ssl_certificate: |
certs
ssl: true
placement:
hosts:
- ws-ceph-rgw1
- ws-ceph-rgw2
This worked fine, I was under the impression that if I'd change the certificate(s), and reappply, it would change the certificates in the key-config store, however I do not see this behaviour.
Am I wrong to expect ceph orch/adm to apply the new certificate(s)?
Updated by Hans van den Bogert about 2 years ago
The spec should've been pre-formatted:
service_type: rgw
service_id: default
spec:
rgw_frontend_port: 443
rgw_frontend_ssl_certificate: |
certs
ssl: true
placement:
hosts:
- ws-ceph-rgw1
- ws-ceph-rgw2
Updated by Sebastian Wagner about 2 years ago
- Is duplicate of Feature #51947: cephadm: Redeploy services, on property update (was: Ingress for RGW does not appear to support chain certificates) added
Updated by Sebastian Wagner about 2 years ago
Updated by Hans van den Bogert about 2 years ago
Sebastian Wagner wrote:
I see, though I'm not sure this follows the principle of least surprise, expecting the applying of a yaml to be idempotent seems like the logical thing here. Also, `orch apply` actually deploys, but iiuc successive calls don't?
Updated by Sebastian Wagner about 2 years ago
I see, though I'm not sure this follows the principle of least surprise, expecting the applying of a yaml to be idempotent seems like the logical thing here.
+1