None
)
if matched_gateway:
- self.daemon_name = matched_gateway.get('daemon_name')
self.gateway_addr = matched_gateway.get('service_url')
logger.debug("Gateway address set to: %s", self.gateway_addr)
+ else:
+ raise DashboardException(
+ msg=f"No gateway found matching server address: {server_address}",
+ code='server_address_not_found',
+ component='nvmeof',
+ http_status_code=400
+ )
enable_auth = is_mtls_enabled(service_name)
if enable_auth:
- client_key = NvmeofGatewaysConfig.get_client_key(service_name)
- client_cert = NvmeofGatewaysConfig.get_client_cert(service_name)
- server_cert = NvmeofGatewaysConfig.get_ssl_cert(service_name)
- logger.info('Securely connecting to: %s', self.gateway_addr)
- credentials = grpc.ssl_channel_credentials(
- root_certificates=server_cert,
- private_key=client_key,
- certificate_chain=client_cert,
- )
- self.channel = grpc.secure_channel(self.gateway_addr, credentials)
+ tls_bundle = NvmeofGatewaysConfig.get_nvmeof_tls_bundle(service_name,
+ self.daemon_name)
+ if tls_bundle:
+ logger.info('Securely connecting to: %s', self.gateway_addr)
+ encoded_tls_bundle = encode_tls_bundle(tls_bundle)
+ credentials = grpc.ssl_channel_credentials(
+ root_certificates=encoded_tls_bundle['server_cert'],
+ private_key=encoded_tls_bundle['client_key'],
+ certificate_chain=encoded_tls_bundle['client_cert'],
+ )
+ self.channel = grpc.secure_channel(self.gateway_addr, credentials)
+ else:
+ self.channel = None
+ logger.error("Cannot obtain nvmeof TLS bundle for the service %s (gw: %s)",
+ service_name, self.gateway_addr)
else:
logger.info("Insecurely connecting to: %s", self.gateway_addr)
self.channel = grpc.insecure_channel(self.gateway_addr)
projects / ceph.git / commitdiff