pybind/mgr/restful: do not start if no certificate is configured

This removes the default filename, by the way.  We also work around a
problem with make_server where it sets up the socket to listen before
checking for the cert, thereby making it problematic to rebind to the
port shortly thereafter when we do have a socket.  (SO_REUSEADDR would
be appropriate but there doesn't seem to be an easy way to make
make_server use it.)

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/pybind/mgr/restful/module.py b/src/pybind/mgr/restful/module.py
index 12b48ab289d9c20b91cc6553b4006658fe229e94..ee0761fabf81bbc86d8118dd8fcee07e823398bf 100644 (file)
--- a/src/pybind/mgr/restful/module.py
+++ b/src/pybind/mgr/restful/module.py
@@ -296,6 +296,13 @@ class Module(MgrModule):
         else:
             pkey_fname = self.get_localized_config('key_file') or '/etc/ceph/ceph-mgr-restful.key'
 
+        if not cert_fname or not pkey_fname:
+            raise RuntimeError('no certificate configured')
+        if not os.path.isfile(cert_fname):
+            raise RuntimeError('certificate %s does not exist' % cert_fname)
+        if not os.path.isfile(pkey_fname):
+            raise RuntimeError('private key %s does not exist' % pkey_fname)
+
         # Create the HTTPS werkzeug server serving pecan app
         self.server = make_server(
             host=server_addr,