]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
mgr/cephadm: move service discovery cert/key to cert store
authorAdam King <adking@redhat.com>
Tue, 23 Jan 2024 14:57:30 +0000 (09:57 -0500)
committerAdam King <adking@redhat.com>
Fri, 12 Jul 2024 13:05:45 +0000 (09:05 -0400)
Trying to move all of the certs/keys cephadm manages
into one place.

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 078b694b99ad5e2362790ba21aeb784cb5e8ccdb)

src/pybind/mgr/cephadm/module.py
src/pybind/mgr/cephadm/service_discovery.py

index 374c58ab2a0c7871c9f2847020a8dba744764561..2070006716167ef54158552f7413c6cf2f6d95b4 100644 (file)
@@ -14,8 +14,6 @@ from tempfile import TemporaryDirectory, NamedTemporaryFile
 from urllib.error import HTTPError
 from threading import Event
 
-from cephadm.service_discovery import ServiceDiscovery
-
 from ceph.deployment.service_spec import PrometheusSpec
 
 import string
@@ -3249,7 +3247,7 @@ Then run the following:
 
     @handle_orch_error
     def service_discovery_dump_cert(self) -> str:
-        root_cert = self.get_store(ServiceDiscovery.KV_STORE_SD_ROOT_CERT)
+        root_cert = self.cert_key_store.get_cert('service_discovery_root_cert')
         if not root_cert:
             raise OrchestratorError('No certificate found for service discovery')
         return root_cert
index 2b82f87493ff3dea7f30b986ce8e41c0bb1f5551..29498675a15aaff21782e00d6340b5f3e0045781 100644 (file)
@@ -45,6 +45,8 @@ class Route(NamedTuple):
 
 class ServiceDiscovery:
 
+    # TODO: these constants should only be needed for migration purposes
+    # after completion of the cert store. Make sure to move them.
     KV_STORE_SD_ROOT_CERT = 'service_discovery/root/cert'
     KV_STORE_SD_ROOT_KEY = 'service_discovery/root/key'
 
@@ -89,14 +91,14 @@ class ServiceDiscovery:
             self.mgr.set_store('service_discovery/root/username', self.username)
 
     def configure_tls(self, server: Server) -> None:
-        old_cert = self.mgr.get_store(self.KV_STORE_SD_ROOT_CERT)
-        old_key = self.mgr.get_store(self.KV_STORE_SD_ROOT_KEY)
+        old_cert = self.mgr.cert_key_store.get_cert('service_discovery_root_cert')
+        old_key = self.mgr.cert_key_store.get_key('service_discovery_key')
         if old_key and old_cert:
             self.ssl_certs.load_root_credentials(old_cert, old_key)
         else:
             self.ssl_certs.generate_root_cert(self.mgr.get_mgr_ip())
-            self.mgr.set_store(self.KV_STORE_SD_ROOT_CERT, self.ssl_certs.get_root_cert())
-            self.mgr.set_store(self.KV_STORE_SD_ROOT_KEY, self.ssl_certs.get_root_key())
+            self.mgr.cert_key_store.save_cert('service_discovery_root_cert', self.ssl_certs.get_root_cert())
+            self.mgr.cert_key_store.save_key('service_discovery_key', self.ssl_certs.get_root_key())
         addr = self.mgr.get_mgr_ip()
         host_fqdn = socket.getfqdn(addr)
         server.ssl_certificate, server.ssl_private_key = self.ssl_certs.generate_cert_files(