grafana_cert = self.mgr.get_store(grafana_cert_path)
grafana_key = self.mgr.get_store(grafana_key_path)
if grafana_cert:
- (org, cn) = get_cert_issuer_info(grafana_cert)
- if org == 'Ceph':
- logger.info(f'Migrating {grafana_daemon.name()}/{hostname} cert/key to cert store (as cephadm-signed certs)')
- self.mgr.cert_mgr.register_self_signed_cert_key_pair('grafana')
- self.mgr.cert_mgr.save_self_signed_cert_key_pair('grafana', CertKeyPair(grafana_cert, grafana_key), host=hostname)
- else:
+ org, _ = get_cert_issuer_info(grafana_cert)
+ if org != 'Ceph':
logger.info(f'Migrating {grafana_daemon.name()}/{hostname} cert/key to cert store (as custom-certs)')
grafana_cephadm_signed_certs = False
- self.mgr.cert_mgr.save_cert('grafana_ssl_cert', grafana_cert, host=hostname)
- self.mgr.cert_mgr.save_key('grafana_ssl_key', grafana_key, host=hostname)
+ self.mgr.cert_mgr.save_cert('grafana_ssl_cert', grafana_cert, host=hostname, user_made=True, editable=True)
+ self.mgr.cert_mgr.save_key('grafana_ssl_key', grafana_key, host=hostname, user_made=True, editable=True)
if not grafana_cephadm_signed_certs:
# Update the spec to specify the right certificate source
RGWSpec,
IngressSpec,
IscsiServiceSpec,
- GrafanaSpec
+ GrafanaSpec,
+ CertificateSource
)
from ceph.utils import datetime_to_str, datetime_now
from cephadm import CephadmOrchestrator
assert 'rgw.foo' not in cephadm_module.spec_store.all_specs
-@mock.patch('cephadm.migrations.get_cert_issuer_info')
-def test_migrate_grafana_cephadm_signed(mock_get_cert_issuer_info, cephadm_module: CephadmOrchestrator):
- mock_get_cert_issuer_info.return_value = ('Ceph', 'MockCephCN')
-
- cephadm_module.set_store('host1/grafana_crt', 'grafana_cert1')
- cephadm_module.set_store('host1/grafana_key', 'grafana_key1')
- cephadm_module.set_store('host2/grafana_crt', 'grafana_cert2')
- cephadm_module.set_store('host2/grafana_key', 'grafana_key2')
- cephadm_module.cache.daemons = {'host1': {'grafana.host1': DaemonDescription('grafana', 'host1', 'host1')},
- 'host2': {'grafana.host2': DaemonDescription('grafana', 'host2', 'host2')}}
-
- cephadm_module.migration.migrate_6_7()
-
- assert cephadm_module.cert_mgr.get_cert('cephadm-signed_grafana_cert', host='host1')
- assert cephadm_module.cert_mgr.get_cert('cephadm-signed_grafana_cert', host='host2')
- assert cephadm_module.cert_mgr.get_key('cephadm-signed_grafana_key', host='host1')
- assert cephadm_module.cert_mgr.get_key('cephadm-signed_grafana_key', host='host2')
-
-
@mock.patch('cephadm.migrations.get_cert_issuer_info')
def test_migrate_grafana_custom_certs(mock_get_cert_issuer_info, cephadm_module: CephadmOrchestrator):
from datetime import datetime, timezone
assert cephadm_module.cert_mgr.get_cert('grafana_ssl_cert', host='host2')
assert cephadm_module.cert_mgr.get_key('grafana_ssl_key', host='host1')
assert cephadm_module.cert_mgr.get_key('grafana_ssl_key', host='host2')
+ assert cephadm_module.spec_store._specs['grafana'].certificate_source == CertificateSource.REFERENCE.value
def test_migrate_cert_store(cephadm_module: CephadmOrchestrator):
projects / ceph.git / commitdiff