From 2ebaca7d149454a4d349e454d01c2c6b5a8fc5f1 Mon Sep 17 00:00:00 2001
From: John Fulton <fulton@redhat.com>
Date: Tue, 27 Aug 2024 18:29:06 -0400
Subject: [PATCH] Verify RGW VIP is properly configured in keystone

We had an issue related to the rgw_vip configuration. This patch removes
the cidr usage from the facts and passes it to the rgw ingress template.
In addition, ipaddr filter is used to properly get the ipaddress and
fail if malformed (or is just not what we expect).
---
 playbooks/ceph.yml                             | 2 +-
 roles/cifmw_cephadm/tasks/configure_object.yml | 4 ++--
 roles/cifmw_cephadm/tasks/post.yml             | 8 +++++++-
 roles/cifmw_cephadm/tasks/rgw.yml              | 4 ++--
 roles/cifmw_cephadm/templates/ceph_rgw.yml.j2  | 2 +-
 5 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml
index 333691f73f..21cd8fdf32 100644
--- a/playbooks/ceph.yml
+++ b/playbooks/ceph.yml
@@ -424,7 +424,7 @@
         tasks_from: rgw
       vars:
         # cifmw_cephadm_vip is computed or passed as an override via -e @extra.yml
-        cifmw_cephadm_rgw_vip: "{{ cifmw_cephadm_vip }}/{{ cidr }}"
+        cifmw_cephadm_rgw_vip: "{{ cifmw_cephadm_vip }}"
 
     - name: Configure Monitoring Stack
       when: cifmw_ceph_daemons_layout.dashboard_enabled  | default(false) | bool
diff --git a/roles/cifmw_cephadm/tasks/configure_object.yml b/roles/cifmw_cephadm/tasks/configure_object.yml
index 2540fb1717..649e3ea7c1 100644
--- a/roles/cifmw_cephadm/tasks/configure_object.yml
+++ b/roles/cifmw_cephadm/tasks/configure_object.yml
@@ -92,8 +92,8 @@
     script: |-
       oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack role add --user {{ all_uuids.results.0.stdout }} --project {{ project_service_uuid.stdout }} {{ all_uuids.results.2.stdout }}
       oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack role add --user {{ all_uuids.results.0.stdout }} --project {{ project_service_uuid.stdout }} {{ all_uuids.results.3.stdout }}
-      oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack endpoint create --region regionOne {{ all_uuids.results.1.stdout }} public {{ cifmw_cephadm_urischeme }}://{{ cifmw_external_dns_vip_ext.values() | first if cifmw_external_dns_vip_ext is defined else cifmw_cephadm_vip }}:8080/swift/v1/AUTH_%\(tenant_id\)s
-      oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack endpoint create --region regionOne {{ all_uuids.results.1.stdout }} internal {{ cifmw_cephadm_urischeme }}://{{ cifmw_external_dns_vip_int.values() | first if cifmw_external_dns_vip_int is defined else cifmw_cephadm_vip }}:8080/swift/v1/AUTH_%\(tenant_id\)s
+      oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack endpoint create --region regionOne {{ all_uuids.results.1.stdout }} public {{ cifmw_cephadm_urischeme }}://{{ cifmw_external_dns_vip_ext.values() | first if cifmw_external_dns_vip_ext is defined else cifmw_cephadm_rgw_vip | ansible.utils.ipaddr('address') }}:8080/swift/v1/AUTH_%\(tenant_id\)s
+      oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack endpoint create --region regionOne {{ all_uuids.results.1.stdout }} internal {{ cifmw_cephadm_urischeme }}://{{ cifmw_external_dns_vip_int.values() | first if cifmw_external_dns_vip_int is defined else cifmw_cephadm_rgw_vip | ansible.utils.ipaddr('address') }}:8080/swift/v1/AUTH_%\(tenant_id\)s
       oc -n {{ cifmw_cephadm_ns }} rsh openstackclient openstack role add --project {{ all_uuids.results.4.stdout }} --user {{ all_uuids.results.5.stdout }} {{ all_uuids.results.6.stdout }}
   delegate_to: localhost
   when:
diff --git a/roles/cifmw_cephadm/tasks/post.yml b/roles/cifmw_cephadm/tasks/post.yml
index a23ee2e932..d6ec394ed2 100644
--- a/roles/cifmw_cephadm/tasks/post.yml
+++ b/roles/cifmw_cephadm/tasks/post.yml
@@ -46,8 +46,14 @@
       loop: "{{ cifmw_cephadm_log_commands }}"
 
 - name: Configure ceph object store to use external ceph object gateway
+  when:
+    - cifmw_cephadm_vip is defined
+    - cifmw_cephadm_vip | default("") | length > 0
+    - cifmw_ceph_daemons_layout.rgw_enabled | default(true) | bool
   ansible.builtin.include_tasks: configure_object.yml
-  when: cifmw_ceph_daemons_layout.rgw_enabled | default(true) | bool
+  vars:
+    cifmw_cephadm_rgw_vip: "{{ cifmw_cephadm_vip }}"
+
 
 - name: Dashboard service validation
   ansible.builtin.include_tasks: dashboard/validation.yml
diff --git a/roles/cifmw_cephadm/tasks/rgw.yml b/roles/cifmw_cephadm/tasks/rgw.yml
index 4a600c1867..2135d76eed 100644
--- a/roles/cifmw_cephadm/tasks/rgw.yml
+++ b/roles/cifmw_cephadm/tasks/rgw.yml
@@ -27,12 +27,12 @@
     - name: Define cifmw_external_dns_vip_ext
       ansible.builtin.set_fact:
         cifmw_external_dns_vip_ext: "{{ cifmw_external_dns_vip_ext | default({}) |
-          combine({ (cifmw_cephadm_vip): 'rgw-external.ceph.local' }) }}"
+          combine({ (cifmw_cephadm_rgw_vip | ansible.utils.ipaddr('address')): 'rgw-external.ceph.local' }) }}"
 
     - name: Define cifmw_external_dns_vip_int
       ansible.builtin.set_fact:
         cifmw_external_dns_vip_int: "{{ cifmw_external_dns_vip_ext | default({}) |
-          combine({ (cifmw_cephadm_vip): 'rgw-internal.ceph.local' }) }}"
+          combine({ (cifmw_cephadm_rgw_vip | ansible.utils.ipaddr('address')): 'rgw-internal.ceph.local' }) }}"
 
     - name: Create DNS domain and certificate
       ansible.builtin.include_role:
diff --git a/roles/cifmw_cephadm/templates/ceph_rgw.yml.j2 b/roles/cifmw_cephadm/templates/ceph_rgw.yml.j2
index dbf42ae222..0c0b2f52c4 100644
--- a/roles/cifmw_cephadm/templates/ceph_rgw.yml.j2
+++ b/roles/cifmw_cephadm/templates/ceph_rgw.yml.j2
@@ -31,7 +31,7 @@ spec:
     monitor_port: 8999
     virtual_interface_networks:
     - {{ cifmw_cephadm_rgw_network }}
-    virtual_ip: {{ cifmw_cephadm_vip }}
+    virtual_ip: {{ cifmw_cephadm_rgw_vip }}/{{ cidr }}
 {% if rgw_frontend_cert is defined %}
     ssl_cert: |
       {{ rgw_frontend_cert | indent( width=6 ) }}