From: Patrick Seidensal <pseidensal@suse.com>
Date: Thu, 5 Mar 2020 12:15:50 +0000 (+0100)
Subject: mgr/cephadm: enable custom TLS certificates for grafana
X-Git-Tag: v15.1.1~85^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=e72cb1014e549032439e501108393dc095f70ecb;p=ceph-ci.git

mgr/cephadm: enable custom TLS certificates for grafana

using `ceph config-key`.

E.g.:

    ceph config-key set mgr/cephadm/grafana_crt -i cert.pem
    ceph config-key set mgr/cephadm/grafana_key -i key.pem

Signed-off-by: Patrick Seidensal <pseidensal@suse.com>
---

diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py
index b4c4bda0895..d6106ab8d96 100644
--- a/src/pybind/mgr/cephadm/module.py
+++ b/src/pybind/mgr/cephadm/module.py
@@ -6,7 +6,7 @@ import yaml
 from threading import Event
 from functools import wraps
 
-from mgr_util import create_self_signed_cert
+from mgr_util import create_self_signed_cert, verify_tls, ServerConfigException
 
 import string
 try:
@@ -2507,7 +2507,20 @@ datasources:
         for dd in self.cache.get_daemons_by_service('prometheus'):
             prom_services.append(dd.hostname)
             deps.append(dd.name())
-        cert, pkey = create_self_signed_cert('Ceph', 'cephadm')
+
+        cert = self.get_store('grafana_crt')
+        pkey = self.get_store('grafana_key')
+        if cert and pkey:
+            try:
+                verify_tls(cert, pkey)
+            except ServerConfigException as e:
+                logger.warning('Provided grafana TLS certificates invalid: %s', str(e))
+                cert, pkey = None, None
+        if not (cert and pkey):
+            cert, pkey = create_self_signed_cert('Ceph', 'cephadm')
+            self.set_store('grafana_crt', cert)
+            self.set_store('grafana_key', pkey)
+
         config_file = {
             'files': {
                 "grafana.ini": """# generated by cephadm