From: Sage Weil <sage@redhat.com>
Date: Wed, 21 Jun 2017 16:29:45 +0000 (-0400)
Subject: pybind/mgr/restful: do not start if no certificate is configured
X-Git-Tag: v12.1.0~13^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4e4d81cd704c03f0e0461fc79f1fbc0aadbcb451;p=ceph.git

pybind/mgr/restful: do not start if no certificate is configured

This removes the default filename, by the way.  We also work around a
problem with make_server where it sets up the socket to listen before
checking for the cert, thereby making it problematic to rebind to the
port shortly thereafter when we do have a socket.  (SO_REUSEADDR would
be appropriate but there doesn't seem to be an easy way to make
make_server use it.)

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/pybind/mgr/restful/module.py b/src/pybind/mgr/restful/module.py
index 12b48ab289d9c..ee0761fabf81b 100644
--- a/src/pybind/mgr/restful/module.py
+++ b/src/pybind/mgr/restful/module.py
@@ -296,6 +296,13 @@ class Module(MgrModule):
         else:
             pkey_fname = self.get_localized_config('key_file') or '/etc/ceph/ceph-mgr-restful.key'
 
+        if not cert_fname or not pkey_fname:
+            raise RuntimeError('no certificate configured')
+        if not os.path.isfile(cert_fname):
+            raise RuntimeError('certificate %s does not exist' % cert_fname)
+        if not os.path.isfile(pkey_fname):
+            raise RuntimeError('private key %s does not exist' % pkey_fname)
+
         # Create the HTTPS werkzeug server serving pecan app
         self.server = make_server(
             host=server_addr,