From: Kefu Chai <kchai@redhat.com>
Date: Wed, 8 Apr 2020 11:22:06 +0000 (+0800)
Subject: qa/tasks/openssl_keys.py: sort cert configs before creating certs
X-Git-Tag: v14.2.10~17^2~43
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c22cd5e8a20b021e7faf8043b8cf4032c3b7f98b;p=ceph.git

qa/tasks/openssl_keys.py: sort cert configs before creating certs

we cannot rely on the order in which items are arranged in a dict, the
order varies from version to another. in Python2, it happens to work,
and we can always have the self-signed cert added first. but in Python3,
it does not. and an exception is thrown
```
teuthology.exceptions.ConfigError: ssl: ca root not found for
certificate rgw.client.0
```

in this change, before creating certs, the settings are reordered so
that the self-signed ones are created first.

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit f28a5fef3b8ddb97962f91cc78174fd6e1431fed)
---

diff --git a/qa/tasks/openssl_keys.py b/qa/tasks/openssl_keys.py
index 657aa7d55782..3cc4ed8a5ec6 100644
--- a/qa/tasks/openssl_keys.py
+++ b/qa/tasks/openssl_keys.py
@@ -64,8 +64,9 @@ class OpenSSLKeys(Task):
 
         # use testdir/ca as a working directory
         self.cadir = '/'.join((misc.get_testdir(self.ctx), 'ca'))
-
-        for name, config in self.config.items():
+        # make sure self-signed certs get added first, they don't have 'ca' field
+        configs = sorted(self.config.items(), key=lambda x: 'ca' in x[1])
+        for name, config in configs:
             # names must be unique to avoid clobbering each others files
             if name in self.ctx.ssl_certificates:
                 raise ConfigError('ssl: duplicate certificate name {}'.format(name))