mgr/cephadm: using 5 years for service-discovery internal certs

Signed-off-by: Redouane Kachach <rkachach@ibm.com>

diff --git a/src/pybind/mgr/cephadm/services/service_discovery.py b/src/pybind/mgr/cephadm/services/service_discovery.py
index 45fddcac6c6c73eb88261a065e86b6b422cb5273..68c193e97de85b38155d967dee98ea0374b6b4e8 100644 (file)
--- a/src/pybind/mgr/cephadm/services/service_discovery.py
+++ b/src/pybind/mgr/cephadm/services/service_discovery.py
@@ -41,6 +41,9 @@ cherrypy.log.access_log.propagate = False
 logger = logging.getLogger(__name__)
 
 
+CEPHADM_SVC_DISCOVERY_CERT_DURATION = (365 * 5)
+
+
 class Route(NamedTuple):
     name: str
     route: str
@@ -93,13 +96,13 @@ class ServiceDiscovery:
     def configure_tls(self, server: Server) -> None:
         addr = self.mgr.get_mgr_ip()
         host = self.mgr.get_hostname()
-        cert, key = self.mgr.cert_mgr.generate_cert(host, addr, duration_in_days = (365 * 5))
+        tls_pair = self.mgr.cert_mgr.generate_cert(host, addr, duration_in_days=CEPHADM_SVC_DISCOVERY_CERT_DURATION)
         self.cert_file = tempfile.NamedTemporaryFile()
-        self.cert_file.write(cert.encode('utf-8'))
+        self.cert_file.write(tls_pair.cert.encode('utf-8'))
         self.cert_file.flush()  # cert_tmp must not be gc'ed
 
         self.key_file = tempfile.NamedTemporaryFile()
-        self.key_file.write(key.encode('utf-8'))
+        self.key_file.write(tls_pair.key.encode('utf-8'))
         self.key_file.flush()  # pkey_tmp must not be gc'ed
 
         verify_tls_files(self.cert_file.name, self.key_file.name)