From 2f4098d4b4032d6d3dec2cecd7ccf54f33baad4c Mon Sep 17 00:00:00 2001 From: Adam King Date: Tue, 23 Jan 2024 17:35:44 -0500 Subject: [PATCH] mgr/cephadm: move agent endpoint root cert/key to cert store Trying to move all certs/keys cephadm manages to a central location Signed-off-by: Adam King (cherry picked from commit 2e583e47c5e69d104476f9350db3020d7ffae0e6) --- src/pybind/mgr/cephadm/agent.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/pybind/mgr/cephadm/agent.py b/src/pybind/mgr/cephadm/agent.py index 12c03901de8d0..751e9624bfe81 100644 --- a/src/pybind/mgr/cephadm/agent.py +++ b/src/pybind/mgr/cephadm/agent.py @@ -44,6 +44,7 @@ cherrypy.log.access_log.propagate = False class AgentEndpoint: + # TODO: move these constants to migrations KV_STORE_AGENT_ROOT_CERT = 'cephadm_agent/root/cert' KV_STORE_AGENT_ROOT_KEY = 'cephadm_agent/root/key' @@ -60,14 +61,15 @@ class AgentEndpoint: cherrypy.tree.mount(self.node_proxy_endpoint, '/node-proxy', config=conf) def configure_tls(self, server: Server) -> None: - old_cert = self.mgr.get_store(self.KV_STORE_AGENT_ROOT_CERT) - old_key = self.mgr.get_store(self.KV_STORE_AGENT_ROOT_KEY) + old_cert = self.mgr.cert_key_store.get_cert('agent_endpoint_root_cert') + old_key = self.mgr.cert_key_store.get_key('agent_endpoint_key') + if old_cert and old_key: self.ssl_certs.load_root_credentials(old_cert, old_key) else: self.ssl_certs.generate_root_cert(self.mgr.get_mgr_ip()) - self.mgr.set_store(self.KV_STORE_AGENT_ROOT_CERT, self.ssl_certs.get_root_cert()) - self.mgr.set_store(self.KV_STORE_AGENT_ROOT_KEY, self.ssl_certs.get_root_key()) + self.mgr.cert_key_store.save_cert('agent_endpoint_root_cert', self.ssl_certs.get_root_cert()) + self.mgr.cert_key_store.save_key('agent_endpoint_key', self.ssl_certs.get_root_key()) host = self.mgr.get_hostname() addr = self.mgr.get_mgr_ip() -- 2.39.5