pybind/mgr/restful: localize key/crt keys

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/pybind/mgr/restful/module.py b/src/pybind/mgr/restful/module.py
index c9a516aefbc470552a78152cd2e6eb5fe7c91f5a..adfefd098a99ac0e3bbc842e5695b6fd54d8c7d6 100644 (file)
--- a/src/pybind/mgr/restful/module.py
+++ b/src/pybind/mgr/restful/module.py
@@ -234,6 +234,11 @@ class Module(MgrModule):
         except:
             self.log.error(str(traceback.format_exc()))
 
+    def get_localized_config(self, key):
+        r = self.get_config(self.get_mgr_id() + '/' + key)
+        if r is None:
+            r = self.get_config(key)
+        return r
 
     def _serve(self):
         # Load stored authentication keys
@@ -245,28 +250,28 @@ class Module(MgrModule):
             separators=(',', ': '),
         )
 
-        server_addr = self.get_config('server_addr') or '127.0.0.1'
-        server_port = int(self.get_config('server_port') or '8003')
+        server_addr = self.get_localized_config('server_addr') or '127.0.0.1'
+        server_port = int(self.get_localized_config('server_port') or '8003')
         self.log.info('server_addr: %s server_port: %d',
                       server_addr, server_port)
 
-        cert = self.get_config("cert")
+        cert = self.get_localized_config("crt")
         if cert is not None:
             cert_tmp = tempfile.NamedTemporaryFile()
             cert_tmp.write(cert)
             cert_tmp.flush()
             cert_fname = cert_tmp.name
         else:
-            cert_fname = self.get_config('cert_file') or '/etc/ceph/ceph-mgr-restful.crt'
+            cert_fname = self.get_localized_config('crt_file') or '/etc/ceph/ceph-mgr-restful.crt'
 
-        pkey = self.get_config("pkey")
+        pkey = self.get_localized_config("key")
         if pkey is not None:
             pkey_tmp = tempfile.NamedTemporaryFile()
             pkey_tmp.write(pkey)
             pkey_tmp.flush()
             pkey_fname = pkey_tmp.name
         else:
-            pkey_fname = self.get_config('pkey_file') or '/etc/ceph/ceph-mgr-restful.key'
+            pkey_fname = self.get_localized_config('key_file') or '/etc/ceph/ceph-mgr-restful.key'
 
         # Create the HTTPS werkzeug server serving pecan app
         self.server = make_server(

diff --git a/src/vstart.sh b/src/vstart.sh
index 214558b7bf5c7dd4935de66d1de1b6391bc8ec7d..f48fdfbea9790abe14c94f20126ad3a222e3b032 100755 (executable)
--- a/src/vstart.sh
+++ b/src/vstart.sh
@@ -629,8 +629,8 @@ start_mgr() {
         host = $HOSTNAME
 EOF
 
-       ceph_adm config-key put mgr/$name/dashboard/server_addr $IP
-       ceph_adm config-key put mgr/$name/dashboard/server_port $MGR_PORT
+       ceph_adm config-key put mgr/dashboard/$name/server_addr $IP
+       ceph_adm config-key put mgr/dashboard/$name/server_port $MGR_PORT
        DASH_URLS+="http://$IP:$MGR_PORT/"
        MGR_PORT=$(($MGR_PORT + 1000))
 
@@ -639,10 +639,10 @@ EOF
        openssl req -new -nodes -x509 \
                -subj "/O=IT/CN=ceph-mgr-restful" \
                -days 3650 -keyout "$PKEY" -out "$CERT" -extensions v3_ca
-       ceph_adm config-key put mgr/$name/restful/server_addr $IP
-       ceph_adm config-key put mgr/$name/restful/server_port $MGR_PORT
-       ceph_adm config-key put mgr/$name/restful/cert -i $CERT
-       ceph_adm config-key put mgr/$name/restful/pkey -i $PKEY
+       ceph_adm config-key put mgr/restful/$name/server_addr $IP
+       ceph_adm config-key put mgr/restful/$name/server_port $MGR_PORT
+       ceph_adm config-key put mgr/restful/$name/crt -i $CERT
+       ceph_adm config-key put mgr/restful/$name/key -i $PKEY
        rm $CERT $PKEY
 
        RESTFUL_URLS+="https://$IP:$MGR_PORT"