From: Boris Ranto <branto@redhat.com>
Date: Fri, 14 Sep 2018 10:03:23 +0000 (+0200)
Subject: mgr/dashboard: Do not require cert for http
X-Git-Tag: v13.2.3~81^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=48d46c0088bfcd124e1b016a4768627e37194985;p=ceph.git

mgr/dashboard: Do not require cert for http

The ceph dashboard currently requires a SSL certificate even if it is
not running in the SSL mode since it is always querying for the
certificate file/key pair.

This patch fixes the behaviour by querying for the certificate file/key
only if it is running in the SSL mode.

Fixes: http://tracker.ceph.com/issues/36069

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit 20ed0de477966d4b64283ac82d3132b3688f9e2d)
---

diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py
index 9081561e83d..d1d37dbb576 100644
--- a/src/pybind/mgr/dashboard/module.py
+++ b/src/pybind/mgr/dashboard/module.py
@@ -132,32 +132,6 @@ class SSLCherryPyConfig(object):
         cherrypy.tools.session_expire_at_browser_close = SessionExpireAtBrowserCloseTool()
         cherrypy.tools.request_logging = RequestLoggingTool()
 
-        # SSL initialization
-        cert = self.get_store("crt")
-        if cert is not None:
-            self.cert_tmp = tempfile.NamedTemporaryFile()
-            self.cert_tmp.write(cert.encode('utf-8'))
-            self.cert_tmp.flush()  # cert_tmp must not be gc'ed
-            cert_fname = self.cert_tmp.name
-        else:
-            cert_fname = self.get_localized_config('crt_file')
-
-        pkey = self.get_store("key")
-        if pkey is not None:
-            self.pkey_tmp = tempfile.NamedTemporaryFile()
-            self.pkey_tmp.write(pkey.encode('utf-8'))
-            self.pkey_tmp.flush()  # pkey_tmp must not be gc'ed
-            pkey_fname = self.pkey_tmp.name
-        else:
-            pkey_fname = self.get_localized_config('key_file')
-
-        if not cert_fname or not pkey_fname:
-            raise ServerConfigException('no certificate configured')
-        if not os.path.isfile(cert_fname):
-            raise ServerConfigException('certificate %s does not exist' % cert_fname)
-        if not os.path.isfile(pkey_fname):
-            raise ServerConfigException('private key %s does not exist' % pkey_fname)
-
         # Apply the 'global' CherryPy configuration.
         config = {
             'engine.autoreload.on': False,
@@ -168,6 +142,32 @@ class SSLCherryPyConfig(object):
         }
 
         if ssl:
+            # SSL initialization
+            cert = self.get_store("crt")
+            if cert is not None:
+                self.cert_tmp = tempfile.NamedTemporaryFile()
+                self.cert_tmp.write(cert.encode('utf-8'))
+                self.cert_tmp.flush()  # cert_tmp must not be gc'ed
+                cert_fname = self.cert_tmp.name
+            else:
+                cert_fname = self.get_localized_config('crt_file')
+
+            pkey = self.get_store("key")
+            if pkey is not None:
+                self.pkey_tmp = tempfile.NamedTemporaryFile()
+                self.pkey_tmp.write(pkey.encode('utf-8'))
+                self.pkey_tmp.flush()  # pkey_tmp must not be gc'ed
+                pkey_fname = self.pkey_tmp.name
+            else:
+                pkey_fname = self.get_localized_config('key_file')
+
+            if not cert_fname or not pkey_fname:
+                raise ServerConfigException('no certificate configured')
+            if not os.path.isfile(cert_fname):
+                raise ServerConfigException('certificate %s does not exist' % cert_fname)
+            if not os.path.isfile(pkey_fname):
+                raise ServerConfigException('private key %s does not exist' % pkey_fname)
+
             config['server.ssl_module'] = 'builtin'
             config['server.ssl_certificate'] = cert_fname
             config['server.ssl_private_key'] = pkey_fname