mgr/cephadm: include cluster FSID in root CA Common Name (CN)

author Kushal Deb <Kushal.Deb@ibm.com>

Wed, 7 May 2025 09:51:13 +0000 (15:21 +0530)

committer Kushal Deb <Kushal.Deb@ibm.com>

Mon, 2 Jun 2025 12:37:48 +0000 (18:07 +0530)
author Kushal Deb <Kushal.Deb@ibm.com>
Wed, 7 May 2025 09:51:13 +0000 (15:21 +0530)
committer Kushal Deb <Kushal.Deb@ibm.com>
Mon, 2 Jun 2025 12:37:48 +0000 (18:07 +0530)
diff --git a/src/pybind/mgr/cephadm/ssl_cert_utils.py b/src/pybind/mgr/cephadm/ssl_cert_utils.py

index ee8d88e55f031579ffc68527f5390f2e051feb09..516f043f032efae7f1015eabd985caa9dba24021 100644 (file)
--- a/src/pybind/mgr/cephadm/ssl_cert_utils.py
+++ b/src/pybind/mgr/cephadm/ssl_cert_utils.py
@@ -137,7 +137,7 @@ class SSLCerts:
          root_public_key = self.root_key.public_key()
          root_builder = x509.CertificateBuilder()
          root_ca_name = x509.Name([
-            x509.NameAttribute(NameOID.COMMON_NAME, u'cephadm-root'),
+            x509.NameAttribute(NameOID.COMMON_NAME, f'cephadm-root-{self.cluster_fsid}'),
          ])
          root_builder = root_builder.subject_name(root_ca_name)
          root_builder = root_builder.issuer_name(root_ca_name)
@@ -198,7 +198,7 @@ class SSLCerts:
  
          builder = x509.CertificateBuilder()
          root_ca_name = x509.Name([
-            x509.NameAttribute(NameOID.COMMON_NAME, u'cephadm-root'),
+            x509.NameAttribute(NameOID.COMMON_NAME, f'cephadm-root-{self.cluster_fsid}'),
          ])
          builder = builder.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, addrs[0]), ]))
          builder = builder.issuer_name(root_ca_name)
author	Kushal Deb <Kushal.Deb@ibm.com>
	Wed, 7 May 2025 09:51:13 +0000 (15:21 +0530)
committer	Kushal Deb <Kushal.Deb@ibm.com>
	Mon, 2 Jun 2025 12:37:48 +0000 (18:07 +0530)