From 2128ffa619c9a4a800fb6394503b8ecc5b16fa96 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 25 Apr 2025 11:06:41 -0400 Subject: [PATCH] mgr/cephadm: always use the internal cryptocaller The cephadm modules needs to use python cryptography module for ssh (via asyncssh) and thus there's no need to use the remote crypto caller in cephadm. Configure cephadm to always use the internal cryptocaller. Signed-off-by: John Mulligan --- src/pybind/mgr/cephadm/module.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py index 1d3f7e96a694a..2248d449579df 100644 --- a/src/pybind/mgr/cephadm/module.py +++ b/src/pybind/mgr/cephadm/module.py @@ -45,6 +45,7 @@ from ceph.deployment.service_spec import ( ) from ceph.deployment.drive_group import DeviceSelection from ceph.utils import str_to_datetime, datetime_to_str, datetime_now +from ceph.cryptotools.select import choose_crypto_caller from cephadm.serve import CephadmServe, REQUIRES_POST_ACTIONS from cephadm.services.cephadmservice import CephadmDaemonDeploySpec from cephadm.http_server import CephadmHttpServer @@ -496,6 +497,10 @@ class CephadmOrchestrator(orchestrator.Orchestrator, MgrModule, super(CephadmOrchestrator, self).__init__(*args, **kwargs) self._cluster_fsid: str = self.get('mon_map')['fsid'] self.last_monmap: Optional[datetime.datetime] = None + # cephadm module always needs access to the real cryptography module + # for asyncssh. It is always permitted to use the internal + # cryptocaller. + choose_crypto_caller('internal') # for serve() self.run = True -- 2.39.5