From: John Mulligan <jmulligan@redhat.com>
Date: Fri, 18 Jul 2025 16:20:29 +0000 (-0400)
Subject: mgr/cephadm: enable setting up SSL/TLS files for keybridge sidecar
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fb4ded8271c2da9463fa92e87be43be901279735;p=ceph.git

mgr/cephadm: enable setting up SSL/TLS files for keybridge sidecar

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/src/pybind/mgr/cephadm/services/smb.py b/src/pybind/mgr/cephadm/services/smb.py
index ef945d9b1f43..975c30a1e31d 100644
--- a/src/pybind/mgr/cephadm/services/smb.py
+++ b/src/pybind/mgr/cephadm/services/smb.py
@@ -183,6 +183,23 @@ class SMBService(CephService):
                 'remote_control.ca.crt',
                 self._cert_or_uri(smb_spec.remote_control_ca_cert),
             )
+        if 'keybridge' in smb_spec.features:
+            files = config_blobs.setdefault('files', {})
+            _add_cfg(
+                files,
+                'keybridge.ssl.crt',
+                self._cert_or_uri(smb_spec.keybridge_kmip_ssl_cert),
+            )
+            _add_cfg(
+                files,
+                'keybridge.ssl.key',
+                self._cert_or_uri(smb_spec.keybridge_kmip_ssl_key),
+            )
+            _add_cfg(
+                files,
+                'keybridge.ca.crt',
+                self._cert_or_uri(smb_spec.keybridge_kmip_ca_cert),
+            )
         for ext_cluster in smb_spec.ceph_cluster_configs or []:
             files = config_blobs.setdefault('files', {})
             c_name = f'{ext_cluster.alias}.ceph.conf'