From: Adam King Date: Tue, 23 Jan 2024 22:35:44 +0000 (-0500) Subject: mgr/cephadm: move agent endpoint root cert/key to cert store X-Git-Tag: v20.0.0~1612^2~9 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2e583e47c5e69d104476f9350db3020d7ffae0e6;p=ceph.git mgr/cephadm: move agent endpoint root cert/key to cert store Trying to move all certs/keys cephadm manages to a central location Signed-off-by: Adam King --- diff --git a/src/pybind/mgr/cephadm/agent.py b/src/pybind/mgr/cephadm/agent.py index e38122ddc4b1..9fb61dafd223 100644 --- a/src/pybind/mgr/cephadm/agent.py +++ b/src/pybind/mgr/cephadm/agent.py @@ -44,6 +44,7 @@ cherrypy.log.access_log.propagate = False class AgentEndpoint: + # TODO: move these constants to migrations KV_STORE_AGENT_ROOT_CERT = 'cephadm_agent/root/cert' KV_STORE_AGENT_ROOT_KEY = 'cephadm_agent/root/key' @@ -60,14 +61,15 @@ class AgentEndpoint: cherrypy.tree.mount(self.node_proxy_endpoint, '/node-proxy', config=conf) def configure_tls(self, server: Server) -> None: - old_cert = self.mgr.get_store(self.KV_STORE_AGENT_ROOT_CERT) - old_key = self.mgr.get_store(self.KV_STORE_AGENT_ROOT_KEY) + old_cert = self.mgr.cert_key_store.get_cert('agent_endpoint_root_cert') + old_key = self.mgr.cert_key_store.get_key('agent_endpoint_key') + if old_cert and old_key: self.ssl_certs.load_root_credentials(old_cert, old_key) else: self.ssl_certs.generate_root_cert(self.mgr.get_mgr_ip()) - self.mgr.set_store(self.KV_STORE_AGENT_ROOT_CERT, self.ssl_certs.get_root_cert()) - self.mgr.set_store(self.KV_STORE_AGENT_ROOT_KEY, self.ssl_certs.get_root_key()) + self.mgr.cert_key_store.save_cert('agent_endpoint_root_cert', self.ssl_certs.get_root_cert()) + self.mgr.cert_key_store.save_key('agent_endpoint_key', self.ssl_certs.get_root_key()) host = self.mgr.get_hostname() addr = self.mgr.get_mgr_ip()