From: Redouane Kachach <rkachach@redhat.com>
Date: Thu, 14 Jul 2022 11:36:32 +0000 (+0200)
Subject: mgr/cephadm: Adding logic to store grafana cert/key per node
X-Git-Tag: v16.2.11~314^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e9c7e4715fc5fe357660920c0b285a9895cf16e4;p=ceph.git

mgr/cephadm: Adding logic to store grafana cert/key per node
Fixes: https://tracker.ceph.com/issues/56508

Signed-off-by: Redouane Kachach <rkachach@redhat.com>
(cherry picked from commit 3c990f974e3beac0fc03f58c4c47f26f9d5afe56)

Conflicts:
	src/pybind/mgr/cephadm/tests/test_services.py
---

diff --git a/src/pybind/mgr/cephadm/services/monitoring.py b/src/pybind/mgr/cephadm/services/monitoring.py
index 9c2a08b6d70e..40bed6a18035 100644
--- a/src/pybind/mgr/cephadm/services/monitoring.py
+++ b/src/pybind/mgr/cephadm/services/monitoring.py
@@ -41,8 +41,10 @@ class GrafanaService(CephadmService):
         grafana_data_sources = self.mgr.template.render(
             'services/grafana/ceph-dashboard.yml.j2', {'hosts': prom_services})
 
-        cert = self.mgr.get_store('grafana_crt')
-        pkey = self.mgr.get_store('grafana_key')
+        cert_path = f'{daemon_spec.host}/grafana_crt'
+        key_path = f'{daemon_spec.host}/grafana_key'
+        cert = self.mgr.get_store(cert_path)
+        pkey = self.mgr.get_store(key_path)
         if cert and pkey:
             try:
                 verify_tls(cert, pkey)
@@ -50,9 +52,9 @@ class GrafanaService(CephadmService):
                 logger.warning('Provided grafana TLS certificates invalid: %s', str(e))
                 cert, pkey = None, None
         if not (cert and pkey):
-            cert, pkey = create_self_signed_cert('Ceph', 'cephadm')
-            self.mgr.set_store('grafana_crt', cert)
-            self.mgr.set_store('grafana_key', pkey)
+            cert, pkey = create_self_signed_cert('Ceph', daemon_spec.host)
+            self.mgr.set_store(cert_path, cert)
+            self.mgr.set_store(key_path, pkey)
             if 'dashboard' in self.mgr.get('mgr_map')['modules']:
                 self.mgr.check_mon_command({
                     'prefix': 'dashboard set-grafana-api-ssl-verify',
@@ -103,6 +105,17 @@ class GrafanaService(CephadmService):
             service_url
         )
 
+    def pre_remove(self, daemon: DaemonDescription) -> None:
+        """
+        Called before grafana daemon is removed.
+        """
+        if daemon.hostname is not None:
+            # delete cert/key entires for this grafana daemon
+            cert_path = f'{daemon.hostname}/grafana_crt'
+            key_path = f'{daemon.hostname}/grafana_key'
+            self.mgr.set_store(cert_path, None)
+            self.mgr.set_store(key_path, None)
+
     def ok_to_stop(self,
                    daemon_ids: List[str],
                    force: bool = False,
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py
index d1945d37227b..081656188f3e 100644
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -435,8 +435,8 @@ class TestMonitoring:
         _run_cephadm.return_value = ('{}', '', 0)
 
         with with_host(cephadm_module, 'test'):
-            cephadm_module.set_store('grafana_crt', 'c')
-            cephadm_module.set_store('grafana_key', 'k')
+            cephadm_module.set_store('test/grafana_crt', 'c')
+            cephadm_module.set_store('test/grafana_key', 'k')
             with with_service(cephadm_module, MonitoringSpec('prometheus')) as _, \
                     with_service(cephadm_module, GrafanaSpec('grafana')) as _:
                 files = {