From: Redouane Kachach Date: Thu, 5 Feb 2026 15:22:10 +0000 (+0100) Subject: mgr/dashbard: adapting the code to new the new cephadm's nvmeof API X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5fa95a56dbb99a65d90cb3028c23189d8b367407;p=ceph-ci.git mgr/dashbard: adapting the code to new the new cephadm's nvmeof API https://tracker.ceph.com/issues/74377 Signed-off-by: Redouane Kachach --- diff --git a/src/pybind/mgr/dashboard/services/nvmeof_client.py b/src/pybind/mgr/dashboard/services/nvmeof_client.py index de9f76ed858..b25c733f08d 100644 --- a/src/pybind/mgr/dashboard/services/nvmeof_client.py +++ b/src/pybind/mgr/dashboard/services/nvmeof_client.py @@ -34,6 +34,17 @@ else: pb2 = pb2 def __init__(self, gw_group: Optional[str] = None, server_address: Optional[str] = None): + + def encode_tls_bundle(bundle: Dict[str, str]) -> Dict[str, bytes]: + """Encode TLS bundle string values to bytes for gRPC.""" + encoded: Dict[str, bytes] = {} + for key, value in bundle.items(): + if isinstance(value, str): + encoded[key] = value.encode('utf-8') + else: + encoded[key] = value + return encoded + logger.info("Initiating nvmeof gateway connection...") try: if not gw_group: @@ -66,20 +77,26 @@ else: logger.debug("Gateway address set to: %s", self.gateway_addr) enable_auth = is_mtls_enabled(service_name) if enable_auth: - client_key = NvmeofGatewaysConfig.get_client_key(service_name) - client_cert = NvmeofGatewaysConfig.get_client_cert(service_name) - server_cert = NvmeofGatewaysConfig.get_ssl_cert(service_name) - logger.info('Securely connecting to: %s', self.gateway_addr) - credentials = grpc.ssl_channel_credentials( - root_certificates=server_cert, - private_key=client_key, - certificate_chain=client_cert, - ) - self.channel = grpc.secure_channel(self.gateway_addr, credentials) + tls_bundle = NvmeofGatewaysConfig.get_nvmeof_tls_bundle(service_name) + if tls_bundle: + logger.info('Securely connecting to: %s', self.gateway_addr) + encoded_tls_bundle = encode_tls_bundle(tls_bundle) + credentials = grpc.ssl_channel_credentials( + root_certificates=encoded_tls_bundle['server_cert'], + private_key=encoded_tls_bundle['client_key'], + certificate_chain=encoded_tls_bundle['client_cert'], + ) + self.channel = grpc.secure_channel(self.gateway_addr, credentials) + else: + self.channel = None + logger.error("Cannot obtain nvmeof TLS bundle for the service %s (gw: %s)", + service_name, self.gateway_addr) else: logger.info("Insecurely connecting to: %s", self.gateway_addr) self.channel = grpc.insecure_channel(self.gateway_addr) - self.stub = pb2_grpc.GatewayStub(self.channel) + + if self.channel is not None: + self.stub = pb2_grpc.GatewayStub(self.channel) Model = Dict[str, Any] Collection = List[Model] diff --git a/src/pybind/mgr/dashboard/services/nvmeof_conf.py b/src/pybind/mgr/dashboard/services/nvmeof_conf.py index 0a80bc26deb..317015fee13 100644 --- a/src/pybind/mgr/dashboard/services/nvmeof_conf.py +++ b/src/pybind/mgr/dashboard/services/nvmeof_conf.py @@ -120,35 +120,11 @@ class NvmeofGatewaysConfig(object): ) @classmethod - def get_client_cert(cls, service_name: str): - client_cert = cls.from_cert_store('nvmeof_client_cert', service_name) - return client_cert.encode() if client_cert else None - - @classmethod - def get_client_key(cls, service_name: str): - client_key = cls.from_cert_store('nvmeof_client_key', service_name, key=True) - return client_key.encode() if client_key else None - - @classmethod - def get_root_ca_cert(cls, service_name: str): - root_ca_cert = cls.from_cert_store('nvmeof_root_ca_cert', service_name) - return root_ca_cert.encode() if root_ca_cert else None - - @classmethod - def get_ssl_cert(cls, service_name: str): - server_cert = cls.from_cert_store('nvmeof_ssl_cert', service_name) - return server_cert.encode() if server_cert else None - - @classmethod - def from_cert_store(cls, entity: str, service_name: str, key=False): + def get_nvmeof_tls_bundle(cls, service_name: str): try: orch = OrchClient.instance() if orch.available(): - if key: - return orch.cert_store.get_key(entity, service_name, - ignore_missing_exception=True) - return orch.cert_store.get_cert(entity, service_name, - ignore_missing_exception=True) + return orch.cert_store.get_nvmeof_tls_bundle(service_name) return None except OrchestratorError: # just return None if any orchestrator error is raised diff --git a/src/pybind/mgr/dashboard/services/orchestrator.py b/src/pybind/mgr/dashboard/services/orchestrator.py index 6adcfa571bd..fb40c9a9949 100644 --- a/src/pybind/mgr/dashboard/services/orchestrator.py +++ b/src/pybind/mgr/dashboard/services/orchestrator.py @@ -207,6 +207,10 @@ class HardwareManager(ResourceManager): class CertStoreManager(ResourceManager): + @wait_api_result + def get_nvmeof_tls_bundle(self, service_name: str) -> Dict[str, str]: + return self.api.get_nvmeof_tls_bundle(service_name) + @wait_api_result def get_cert(self, entity: str, service_name: Optional[str] = None, hostname: Optional[str] = None,