Ceph » Orchestrator

The specific case in mind writing this is that if you have an rgw frontend ssl cert specified in your spec, and then you change that cert and re-apply the spec, cephadm will never make use of the new cert(https://docs.ceph.com/en/quincy/cephadm/services/rgw/#setting-up-https). This is because it is part of service level configuration that we currently only do when we deploy new daemons for that service. Since changing the cert in a spec is unlikely to cause new daemons to be deployed (this will only happen if the placement is changed or more hosts are added that match the existing placement) users would have to either manually set the cert or do an odd workaround like removing a daemon to get cephadm to deploy a new one and redo the service level configuration. Instead, we should just formalize when we do the service level configuration. Probably when daemons are added/removed or when the spec is updated.