from ceph.utils import str_to_datetime, datetime_to_str, datetime_now
from orchestrator import OrchestratorError, HostSpec, OrchestratorEvent, service_to_daemon_types
from cephadm.services.cephadmservice import CephadmDaemonDeploySpec
+from mgr_util import parse_combined_pem_file
from .utils import resolve_ip, SpecialHostLabels
-from .migrations import queue_migrate_nfs_spec, queue_migrate_rgw_spec
+from .migrations import queue_migrate_nfs_spec, queue_migrate_rgw_spec, queue_migrate_rgw_ssl_spec
if TYPE_CHECKING:
from .module import CephadmOrchestrator
):
queue_migrate_rgw_spec(self.mgr, j)
+ if (
+ (self.mgr.migration_current or 0) < 8
+ and j['spec'].get('service_type') == 'rgw'
+ ):
+ queue_migrate_rgw_ssl_spec(self.mgr, j)
+
spec = ServiceSpec.from_json(j['spec'])
created = str_to_datetime(cast(str, j['created']))
self._specs[service_name] = spec
if update_create:
self.spec_created[name] = datetime_now()
self._save(name)
- self._save_certs_and_keys(spec)
def save_rank_map(self,
name: str,
else:
cert_str = rgw_cert
assert isinstance(cert_str, str)
- self.mgr.cert_mgr.save_cert(
- 'rgw_frontend_ssl_cert',
- cert_str,
- service_name=rgw_spec.service_name(),
- user_made=True)
+ cert, key = parse_combined_pem_file(cert_str)
+ if cert and key:
+ self.mgr.cert_mgr.save_cert(
+ 'rgw_ssl_cert',
+ cert,
+ service_name=rgw_spec.service_name(),
+ user_made=True)
+ self.mgr.cert_mgr.save_key(
+ 'rgw_ssl_key',
+ key,
+ service_name=rgw_spec.service_name(),
+ user_made=True)
+ else:
+ logger.error(f'Cannot parse the rgw certificate {cert_str}.')
elif spec.service_type == 'iscsi':
iscsi_spec = cast(IscsiServiceSpec, spec)
if iscsi_spec.ssl_cert:
# type: (str) -> bool
found = service_name in self._specs
if found:
- self._rm_certs_and_keys(self._specs[service_name])
del self._specs[service_name]
if service_name in self._rank_maps:
del self._rank_maps[service_name]
projects / ceph.git / commitdiff