From: Redouane Kachach <rkachach@ibm.com>
Date: Mon, 13 Apr 2026 13:00:41 +0000 (+0200)
Subject: mgr/dashboard: adding daemon_name as an arg to nvmeof get bundle API
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F66908%2Fhead;p=ceph.git

mgr/dashboard: adding daemon_name as an arg to nvmeof get bundle API

When cephadm-signed are in use, we know to know exacly which nvmeof daemon is
being used so we get the correct certificates for this daemon in
particular

Fixes: https://tracker.ceph.com/issues/74377
Signed-off-by: Redouane Kachach <rkachach@ibm.com>
---

diff --git a/src/pybind/mgr/cephadm/services/nvmeof.py b/src/pybind/mgr/cephadm/services/nvmeof.py
index 8ea15bec9d56..72cb4cbea004 100644
--- a/src/pybind/mgr/cephadm/services/nvmeof.py
+++ b/src/pybind/mgr/cephadm/services/nvmeof.py
@@ -381,7 +381,7 @@ class NvmeofService(CephService):
 
         for dd in dds:
             # dd.hostname is the short host name used for HOST-scoped certmgr objects
-            if dd.name == daemon_name:
+            if dd.name() == daemon_name:
                 return dd.hostname
 
         return None
diff --git a/src/pybind/mgr/dashboard/services/nvmeof_client.py b/src/pybind/mgr/dashboard/services/nvmeof_client.py
index d48980decf92..c3ce16e8b691 100644
--- a/src/pybind/mgr/dashboard/services/nvmeof_client.py
+++ b/src/pybind/mgr/dashboard/services/nvmeof_client.py
@@ -54,13 +54,12 @@ else:
                     res = NvmeofGatewaysConfig.get_service_info(gw_group)
                 if res is None:
                     raise DashboardException("Gateway group does not exist")
-                service_name, self.gateway_addr = res
+                service_name, self.gateway_addr, self.daemon_name = res
             except TypeError as e:
                 raise DashboardException(
                     f'Unable to retrieve the gateway info: {e}'
                 )
 
-            self.daemon_name = ''
             # While creating listener need to direct request to the gateway
             # address where listener is supposed to be added.
             if server_address:
@@ -75,12 +74,12 @@ else:
                     None
                 )
                 if matched_gateway:
-                    self.daemon_name = matched_gateway.get('daemon_name')
                     self.gateway_addr = matched_gateway.get('service_url')
                     logger.debug("Gateway address set to: %s", self.gateway_addr)
             enable_auth = is_mtls_enabled(service_name)
             if enable_auth:
-                tls_bundle = NvmeofGatewaysConfig.get_nvmeof_tls_bundle(service_name)
+                tls_bundle = NvmeofGatewaysConfig.get_nvmeof_tls_bundle(service_name,
+                                                                        self.daemon_name)
                 if tls_bundle:
                     logger.info('Securely connecting to: %s', self.gateway_addr)
                     encoded_tls_bundle = encode_tls_bundle(tls_bundle)
@@ -101,7 +100,6 @@ else:
             if self.channel is not None:
                 self.stub = pb2_grpc.GatewayStub(self.channel)
 
-
     Model = Dict[str, Any]
     Collection = List[Model]
 
diff --git a/src/pybind/mgr/dashboard/services/nvmeof_conf.py b/src/pybind/mgr/dashboard/services/nvmeof_conf.py
index c4105b6e897b..cc9227556e1b 100644
--- a/src/pybind/mgr/dashboard/services/nvmeof_conf.py
+++ b/src/pybind/mgr/dashboard/services/nvmeof_conf.py
@@ -120,11 +120,11 @@ class NvmeofGatewaysConfig(object):
             )
 
     @classmethod
-    def get_nvmeof_tls_bundle(cls, service_name: str):
+    def get_nvmeof_tls_bundle(cls, service_name: str, daemon_name: str):
         try:
             orch = OrchClient.instance()
             if orch.available():
-                return orch.cert_store.get_nvmeof_tls_bundle(service_name)
+                return orch.cert_store.get_nvmeof_tls_bundle(service_name, daemon_name)
             return None
         except OrchestratorError:
             # just return None if any orchestrator error is raised
@@ -144,7 +144,7 @@ def _get_name_url_for_group(gateways, group):
                 config = _get_running_daemon_svc_config(svc_config, running_daemons)
 
                 if config:
-                    return service_name, config['service_url']
+                    return service_name, config['service_url'], config['daemon_name']
         return None
 
     except OrchestratorError:
@@ -182,7 +182,8 @@ def _get_default_service(gateways):
                 component="nvmeof"
             )
         service_name = gateway_keys[0]
-        return service_name, gateways[service_name][0]['service_url']
+        return service_name, gateways[service_name][0]['service_url'], \
+            gateways[service_name][0]['daemon_name']
     return None
 
 
diff --git a/src/pybind/mgr/dashboard/services/orchestrator.py b/src/pybind/mgr/dashboard/services/orchestrator.py
index ddaa96580cb6..199171a37592 100644
--- a/src/pybind/mgr/dashboard/services/orchestrator.py
+++ b/src/pybind/mgr/dashboard/services/orchestrator.py
@@ -208,8 +208,8 @@ class HardwareManager(ResourceManager):
 class CertStoreManager(ResourceManager):
 
     @wait_api_result
-    def get_nvmeof_tls_bundle(self, service_name: str) -> Dict[str, str]:
-        return self.api.get_nvmeof_tls_bundle(service_name)
+    def get_nvmeof_tls_bundle(self, service_name: str, daemon_name: str) -> Dict[str, str]:
+        return self.api.get_nvmeof_tls_bundle(service_name, daemon_name)
 
     @wait_api_result
     def get_cert(self, entity: str, service_name: Optional[str] = None,