dashboard: support dedicated network for the dashboard

This introduces a new variable `dashboard_network` in order to support
deploying the dashboard on a different subnet.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1927574

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit f4f73b6)

group_vars/all.yml.sample

@@ -743,6 +743,8 @@ dummy:
 # then we will autogenerate a cert and keyfile
 #dashboard_protocol: https
 #dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+#dashboard_network: "{{ public_network }}"
 #dashboard_admin_user: admin
 #dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True

group_vars/rhcs.yml.sample

@@ -743,6 +743,8 @@ ceph_docker_registry_auth: true
 # then we will autogenerate a cert and keyfile
 #dashboard_protocol: https
 #dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+#dashboard_network: "{{ public_network }}"
 #dashboard_admin_user: admin
 #dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True

roles/ceph-dashboard/tasks/configure_dashboard.yml

@@ -10,12 +10,12 @@
 
 - name: get current mgr backend - ipv4
   set_fact:
-    mgr_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(public_network.split(',')) | first }}"
+    dashboard_server_addr: "{{ ansible_facts['all_ipv4_addresses'] | ips_in_ranges(dashboard_network.split(',')) | first }}"
   when: ip_version == 'ipv4'
 
 - name: get current mgr backend - ipv6
   set_fact:
-    mgr_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(public_network.split(',')) | last }}"
+    dashboard_server_addr: "{{ ansible_facts['all_ipv6_addresses'] | ips_in_ranges(dashboard_network.split(',')) | last }}"
   when: ip_version == 'ipv6'
 
 - name: disable SSL for dashboard
@@ -61,7 +61,7 @@
           set_fact:
             subj_alt_names: >
               {% for host in groups[mgr_group_name] | default(groups[mon_group_name]) -%}
-              subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['mgr_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
+              subjectAltName={{ hostvars[host]['ansible_facts']['hostname'] }}/subjectAltName={{ hostvars[host]['dashboard_server_addr'] }}/subjectAltName={{ hostvars[host]['ansible_facts']['fqdn'] }}
               {%- if loop.last %}/{% endif %}
               {%- endfor -%}
           run_once: true
@@ -120,7 +120,7 @@
   failed_when: false # Do not fail if the option does not exist, it only exists post-14.2.0
 
 - name: config the current dashboard backend
-  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['mgr_server_addr'] }}"
+  command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config set mgr mgr/dashboard/{{ hostvars[item]['ansible_facts']['hostname'] }}/server_addr {{ hostvars[item]['dashboard_server_addr'] }}"
   delegate_to: "{{ groups[mon_group_name][0] }}"
   changed_when: false
   run_once: true

roles/ceph-defaults/defaults/main.yml

@@ -735,6 +735,8 @@ dashboard_enabled: True
 # then we will autogenerate a cert and keyfile
 dashboard_protocol: https
 dashboard_port: 8443
+# set this variable to the network you want the dashboard to listen on. (Default to public_network)
+dashboard_network: "{{ public_network }}"
 dashboard_admin_user: admin
 dashboard_admin_user_ro: false
 # This variable must be set with a strong custom password when dashboard_enabled is True