From: Redouane Kachach <rkachach@ibm.com>
Date: Wed, 20 Aug 2025 13:55:24 +0000 (+0200)
Subject: mgr/cephadm: using 5 years for service-discovery internal certs
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f34cc110df6a7557e4d99f6acc5d4b285765e55d;p=ceph.git

mgr/cephadm: using 5 years for service-discovery internal certs

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
---

diff --git a/src/pybind/mgr/cephadm/services/service_discovery.py b/src/pybind/mgr/cephadm/services/service_discovery.py
index 45fddcac6c6c..68c193e97de8 100644
--- a/src/pybind/mgr/cephadm/services/service_discovery.py
+++ b/src/pybind/mgr/cephadm/services/service_discovery.py
@@ -41,6 +41,9 @@ cherrypy.log.access_log.propagate = False
 logger = logging.getLogger(__name__)
 
 
+CEPHADM_SVC_DISCOVERY_CERT_DURATION = (365 * 5)
+
+
 class Route(NamedTuple):
     name: str
     route: str
@@ -93,13 +96,13 @@ class ServiceDiscovery:
     def configure_tls(self, server: Server) -> None:
         addr = self.mgr.get_mgr_ip()
         host = self.mgr.get_hostname()
-        cert, key = self.mgr.cert_mgr.generate_cert(host, addr, duration_in_days = (365 * 5))
+        tls_pair = self.mgr.cert_mgr.generate_cert(host, addr, duration_in_days=CEPHADM_SVC_DISCOVERY_CERT_DURATION)
         self.cert_file = tempfile.NamedTemporaryFile()
-        self.cert_file.write(cert.encode('utf-8'))
+        self.cert_file.write(tls_pair.cert.encode('utf-8'))
         self.cert_file.flush()  # cert_tmp must not be gc'ed
 
         self.key_file = tempfile.NamedTemporaryFile()
-        self.key_file.write(key.encode('utf-8'))
+        self.key_file.write(tls_pair.key.encode('utf-8'))
         self.key_file.flush()  # pkey_tmp must not be gc'ed
 
         verify_tls_files(self.cert_file.name, self.key_file.name)