From 4e4d81cd704c03f0e0461fc79f1fbc0aadbcb451 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Wed, 21 Jun 2017 12:29:45 -0400
Subject: [PATCH] pybind/mgr/restful: do not start if no certificate is
 configured

This removes the default filename, by the way.  We also work around a
problem with make_server where it sets up the socket to listen before
checking for the cert, thereby making it problematic to rebind to the
port shortly thereafter when we do have a socket.  (SO_REUSEADDR would
be appropriate but there doesn't seem to be an easy way to make
make_server use it.)

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/pybind/mgr/restful/module.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/pybind/mgr/restful/module.py b/src/pybind/mgr/restful/module.py
index 12b48ab289d..ee0761fabf8 100644
--- a/src/pybind/mgr/restful/module.py
+++ b/src/pybind/mgr/restful/module.py
@@ -296,6 +296,13 @@ class Module(MgrModule):
         else:
             pkey_fname = self.get_localized_config('key_file') or '/etc/ceph/ceph-mgr-restful.key'
 
+        if not cert_fname or not pkey_fname:
+            raise RuntimeError('no certificate configured')
+        if not os.path.isfile(cert_fname):
+            raise RuntimeError('certificate %s does not exist' % cert_fname)
+        if not os.path.isfile(pkey_fname):
+            raise RuntimeError('private key %s does not exist' % pkey_fname)
+
         # Create the HTTPS werkzeug server serving pecan app
         self.server = make_server(
             host=server_addr,
-- 
2.39.5