From 094f897df1dce839162851ac7dc52ab2b8430c1b Mon Sep 17 00:00:00 2001
From: Redouane Kachach <rkachach@ibm.com>
Date: Tue, 10 Jun 2025 11:02:05 +0200
Subject: [PATCH] mgr/prometheus: removing call the verify_tls_files

Removing the call to verify_tls_files as in this case case certs files
are generated by cephadm internally and we can trust them. In the
worst case (bad files) the prometheus module will fail to start.

Fixes: https://tracker.ceph.com/issues/71599

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
(cherry picked from commit bda2ad59aa925ab9463e748d075e96f14d070492)
---
 src/pybind/mgr/prometheus/module.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/pybind/mgr/prometheus/module.py b/src/pybind/mgr/prometheus/module.py
index d3a7058e054..91fc6fa29e0 100644
--- a/src/pybind/mgr/prometheus/module.py
+++ b/src/pybind/mgr/prometheus/module.py
@@ -1790,7 +1790,6 @@ class Module(MgrModule, OrchestratorClientMixin):
                      port=server_port, path='/'))
 
     def setup_tls_using_cephadm(self, server_addr: str, server_port: int) -> None:
-        from mgr_util import verify_tls_files
         cmd = {'prefix': 'orch certmgr generate-certificates',
                'module_name': 'prometheus',
                'format': 'json'}
@@ -1810,7 +1809,6 @@ class Module(MgrModule, OrchestratorClientMixin):
         self.key_file.write(cert_key['key'].encode('utf-8'))
         self.key_file.flush()  # pkey_tmp must not be gc'ed
 
-        verify_tls_files(self.cert_file.name, self.key_file.name)
         cert_file_path, key_file_path = self.cert_file.name, self.key_file.name
 
         cherrypy.config.update({
-- 
2.39.5