rgw/dashboard: use rgw_frontend_ssl_port in SSL scenario

smithfarm commented 3 years ago

When RGW is deployed with SSL according to the SES6 documentation [1], we are ensured that rgw_init will be set to the string "default-ssl".

[1] https://documentation.suse.com/ses/6/single-html/ses-admin/#ogw-ssl-simple

Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1178355 Signed-off-by: Nathan Cutler ncutler@suse.com

smithfarm commented 3 years ago

@susebot run teuthology

smithfarm commented 3 years ago

Testing with sesdev PRs:

https://github.com/SUSE/sesdev/pull/557 (adds ability to deploy RGW with SSL enabled)
https://github.com/SUSE/sesdev/pull/558 (fixes broken deepsea install from source)

Step 1

Deploy a cluster using the command:

sesdev create ses6 --non-interactive --single-node --rgw-ssl \
--deepsea-repo https://github.com/smithfarm/DeepSea --deepsea-branch wip-bsc1178355

Step 2

Apply reproducer Step 3 from https://bugzilla.suse.com/show_bug.cgi?id=1178355#c8

Result

    master: Starting orchestration: ceph.stage.4
    master: Parsing orchestration ceph.stage.4 steps...
    master: fail
    master:
    master: An error occurred when rendering one of the following states:
    master:     - ceph.rgw.dashboard (/srv/salt/ceph/rgw/dashboard)
    master:
    master: Error description:
    master:   - Rendering SLS 'base:ceph.rgw.dashboard' failed: Jinja syntax error: expected token ':',
 got '}'; line 13
    master:
    master:     ---
    master:     [...]
    master:         - name: "ceph dashboard set-rgw-api-secret-key $(radosgw-admin user info --uid=admi
n | jq -r .keys[0].secret_key)"
    master:         - fire_event: True
    master:
    master:     configure dashboard rgw port:
    master:       cmd.run:
    master:     {% if {{ salt['pillar.get']('rgw_init', 'default') }} == "default-ssl" %}    <======================
    master:         - name: "ceph dashboard set-rgw-api-port {{ pillar.get('rgw_frontend_ssl_port', 443) }}"
    master:     {% else %}
    master:         - name: "ceph dashboard set-rgw-api-port {{ pillar.get('rgw_frontend_port', 80) }}"
    master:     {% endif %}
    master:         - fire_event: True
    master:     [...]
    master:     ---
    master: +++ err_report 759

smithfarm commented 3 years ago

The syntax error happens even when I run Stage 4 using salt-run:

[ERROR ] {'out': 'highstate', 'ret': {'master.ses6-mini.test': ['Rendering SLS \'base:ceph.rgw.dashbo ard\' failed: Jinja syntax error: expected token \':\', got \'}\'; line 13\n\n---\n[...]\n - name: " ceph dashboard set-rgw-api-secret-key $(radosgw-admin user info --uid=admin | jq -r .keys[0].secret_key )"\n - fire_event: True\n\nconfigure dashboard rgw port:\n cmd.run:\n{% if {{ pillar.get(\'rgw_init \', \'default\') }} == "default-ssl" -%} <======================\n - name: "ceph dashboard set-rg w-api-port {{ pillar.get(\'rgw_frontend_ssl_port\', 443) }}"\n{% else -%}\n - name: "ceph dashboard set-rgw-api-port {{ pillar.get(\'rgw_frontend_port\', 80) }}"\n{% endif -%}\n - fire_event: True\n[...]\n---']}}

smithfarm commented 3 years ago

OK, so that syntax error was a bona fide Jinja error: nested {{ ... }} is not allowed - not even {% ... {{ ... }} ... %}.

But even after I overcame that issue, it stubbornly returned:

master:~ # deepsea stage run --simple-output ceph.stage.4
Starting orchestration: ceph.stage.4
Parsing orchestration ceph.stage.4 steps... fail

An error occurred when rendering one of the following states:
    - ceph.rgw.dashboard (/srv/salt/ceph/rgw/dashboard)

Error description:
  - Rendering SLS 'base:ceph.rgw.dashboard' failed: while parsing a block mapping
      in "<unicode string>", line 1, column 1
    did not find expected key
      in "<unicode string>", line 15, column 1

until I rewrote the conditional. Now it works.

smithfarm commented 3 years ago

Testing with sesdev PRs:

https://github.com/SUSE/sesdev/pull/557 (adds ability to deploy RGW with SSL enabled)
https://github.com/SUSE/sesdev/pull/558 (fixes broken deepsea install from source)

Step 1

Deploy a cluster using the command:

sesdev create ses6 --non-interactive --single-node --rgw-ssl \
--deepsea-repo https://github.com/smithfarm/DeepSea --deepsea-branch wip-bsc1178355

Step 2

Apply reproducer Step 3 from https://bugzilla.suse.com/show_bug.cgi?id=1178355#c8

Result

master:~ # ceph dashboard get-rgw-api-port
443

susebot commented 3 years ago

Commit 3fc2642ab0b16cfb67f6cd7b1ceab95e47de131b is NOT OK for suite deepsea:tier2. Check tests results in the Jenkins job: https://storage-ci.suse.de/job/pr-deepsea/489/

smithfarm commented 3 years ago

@susebot run teuthology

susebot commented 3 years ago

Commit e5be363899076c6f1b382903dc3f53bb58895a7f is OK for suite deepsea:tier2. Check tests results in the Jenkins job: https://storage-ci.suse.de/job/pr-deepsea/490/

smithfarm commented 3 years ago

This has passed my tests, the bug reporter's tests, and the CI tests. If there are no objections, I will merge it soon.

SUSE / DeepSea

rgw/dashboard: use rgw_frontend_ssl_port in SSL scenario #1861