Project

General

Profile

Bug #54974

Applying rgwspec with new certificate does not apply

Added by Hans van den Bogert 8 months ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
orchestrator
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

At one point I had this spec:

service_type: rgw
service_id: default
spec:
rgw_frontend_port: 443
rgw_frontend_ssl_certificate: |
certs
ssl: true
placement:
hosts:
- ws-ceph-rgw1
- ws-ceph-rgw2

This worked fine, I was under the impression that if I'd change the certificate(s), and reappply, it would change the certificates in the key-config store, however I do not see this behaviour.

Am I wrong to expect ceph orch/adm to apply the new certificate(s)?


Related issues

Duplicates Orchestrator - Feature #51947: cephadm: Redeploy services, on property update (was: Ingress for RGW does not appear to support chain certificates) New

History

#1 Updated by Hans van den Bogert 8 months ago

The spec should've been pre-formatted:

service_type: rgw
service_id: default
spec:
  rgw_frontend_port: 443
  rgw_frontend_ssl_certificate: |
    certs
  ssl: true
placement:
  hosts:
  - ws-ceph-rgw1
  - ws-ceph-rgw2

#2 Updated by Sebastian Wagner 8 months ago

  • Duplicates Feature #51947: cephadm: Redeploy services, on property update (was: Ingress for RGW does not appear to support chain certificates) added

#4 Updated by Hans van den Bogert 8 months ago

Sebastian Wagner wrote:

See https://tracker.ceph.com/issues/51947#note-4

I see, though I'm not sure this follows the principle of least surprise, expecting the applying of a yaml to be idempotent seems like the logical thing here. Also, `orch apply` actually deploys, but iiuc successive calls don't?

#5 Updated by Sebastian Wagner 8 months ago

I see, though I'm not sure this follows the principle of least surprise, expecting the applying of a yaml to be idempotent seems like the logical thing here.

+1

Also available in: Atom PDF