Open marceloneppel opened 1 month ago
Hey @marceloneppel thanks for this welcome contribution!
I'm wondering about two things regarding parametrization.
One is relatively minor thing, aiui with SSL key material present we'd configure both http/https. Ideally we would have a way to turn off non-SSL service if we configure SSL key material -- maybe the logic could be to configure https if SSL key material is provided, and http if there's no key material. And only configure both if both ports are explicitly provided.
The other is around that key material. In your PR the user has to provide file paths to the key material. However due to snap confinement there's a limited number of places the services can actually read data from, and users would see failing services if the ssl files are not in a suitable place. I'd suggest to check in the CLI part of the code that the file is readable for the snap so users get an early warning, and document the constraints around this. Alternatively, the code could be changed so that the key material itself is used as a parameter (instead of the file names).
It would also be great to have functional tests for this feature.
Thanks again!
Hi, @sabaini! Thanks for the feedback. I'm going to work on those updates.
Description
Some tools, like pgBackRest, can currently only interact with S3-compatible storages if they work with SSL/TLS. This PR adds the possibility of enabling RadosGW with SSL/TLS enabled.
The main idea is to use the PostgreSQL charms with MicroCeph so users can do backups through pgBackRest in bucket without a cloud service subscription.
Type of change
How Has This Been Tested?
To test, I used the following steps:
Contributor's Checklist
Please check that you have: