From: Redouane Kachach <rkachach@ibm.com>
Date: Tue, 10 Jun 2025 09:02:05 +0000 (+0200)
Subject: mgr/prometheus: removing call the verify_tls_files
X-Git-Tag: v21.0.0~256^2~335^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bda2ad59aa925ab9463e748d075e96f14d070492;p=ceph.git

mgr/prometheus: removing call the verify_tls_files

Removing the call to verify_tls_files as in this case case certs files
are generated by cephadm internally and we can trust them. In the
worst case (bad files) the prometheus module will fail to start.

Fixes: https://tracker.ceph.com/issues/71599

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
---

diff --git a/src/pybind/mgr/prometheus/module.py b/src/pybind/mgr/prometheus/module.py
index d3a7058e0547..91fc6fa29e07 100644
--- a/src/pybind/mgr/prometheus/module.py
+++ b/src/pybind/mgr/prometheus/module.py
@@ -1790,7 +1790,6 @@ class Module(MgrModule, OrchestratorClientMixin):
                      port=server_port, path='/'))
 
     def setup_tls_using_cephadm(self, server_addr: str, server_port: int) -> None:
-        from mgr_util import verify_tls_files
         cmd = {'prefix': 'orch certmgr generate-certificates',
                'module_name': 'prometheus',
                'format': 'json'}
@@ -1810,7 +1809,6 @@ class Module(MgrModule, OrchestratorClientMixin):
         self.key_file.write(cert_key['key'].encode('utf-8'))
         self.key_file.flush()  # pkey_tmp must not be gc'ed
 
-        verify_tls_files(self.cert_file.name, self.key_file.name)
         cert_file_path, key_file_path = self.cert_file.name, self.key_file.name
 
         cherrypy.config.update({