From: Adam King <adking@redhat.com>
Date: Tue, 6 Feb 2024 01:07:15 +0000 (-0500)
Subject: mgr/cephadm: move node-exporter cert/key to cert store
X-Git-Tag: testing/wip-pdonnell-testing-20240703.143006-debug~16^2~4
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=59a7c43f5d3674b8d8a42c2ada66710a08ab0138;p=ceph-ci.git

mgr/cephadm: move node-exporter cert/key to cert store

We weren't storing this before, but we want to
add some cert management stuff later, so it's
good to start doing so

Signed-off-by: Adam King <adking@redhat.com>
---

diff --git a/src/pybind/mgr/cephadm/services/monitoring.py b/src/pybind/mgr/cephadm/services/monitoring.py
index 56778083b8b..5a94c0e6cc6 100644
--- a/src/pybind/mgr/cephadm/services/monitoring.py
+++ b/src/pybind/mgr/cephadm/services/monitoring.py
@@ -628,8 +628,13 @@ class NodeExporterService(CephadmService):
         if self.mgr.secure_monitoring_stack:
             node_ip = self.mgr.inventory.get_addr(daemon_spec.host)
             host_fqdn = self._inventory_get_fqdn(daemon_spec.host)
-            cert, key = self.mgr.http_server.service_discovery.ssl_certs.generate_cert(
-                host_fqdn, node_ip)
+            cert = self.mgr.cert_key_store.get_cert('node_exporter_cert', host=daemon_spec.host)
+            key = self.mgr.cert_key_store.get_key('node_exporter_key', host=daemon_spec.host)
+            if not (cert and key):
+                cert, key = self.mgr.http_server.service_discovery.ssl_certs.generate_cert(
+                    host_fqdn, node_ip)
+                self.mgr.cert_key_store.save_cert('node_exporter_cert', cert, host=daemon_spec.host)
+                self.mgr.cert_key_store.save_key('node_exporter_key', key, host=daemon_spec.host)
             r = {
                 'files': {
                     'web.yml': self.mgr.template.render('services/node-exporter/web.yml.j2', {}),
@@ -644,6 +649,15 @@ class NodeExporterService(CephadmService):
 
         return r, deps
 
+    def pre_remove(self, daemon: DaemonDescription) -> None:
+        """
+        Called before node-exporter daemon is removed.
+        """
+        if daemon.hostname is not None:
+            # delete cert/key entires for this node-exporter daemon
+            self.mgr.cert_key_store.rm_cert('node_exporter_cert', host=daemon.hostname)
+            self.mgr.cert_key_store.rm_key('node_exporter_key', host=daemon.hostname)
+
     def ok_to_stop(self,
                    daemon_ids: List[str],
                    force: bool = False,