From eb7dc7257481ce6ef8852bd8ec4849549bfbde7a Mon Sep 17 00:00:00 2001 From: Redouane Kachach Date: Tue, 13 Jan 2026 17:15:07 +0100 Subject: [PATCH] mgr/cephadm: fix nvmeof server/client cert/key fields setting Do not populate server/client certificates or keys from the spec when the certificate_source is cephadm-signed or reference. In those cases, the spec does not include those fields. Fixes: https://tracker.ceph.com/issues/74377 Signed-off-by: Redouane Kachach --- .../ceph/deployment/service_spec.py | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py index 5029573252ad..69cd85b27fac 100644 --- a/src/python-common/ceph/deployment/service_spec.py +++ b/src/python-common/ceph/deployment/service_spec.py @@ -2014,18 +2014,19 @@ class NvmeofServiceSpec(ServiceSpec): data = super().to_json() spec = data.setdefault('spec', {}) - if self.ssl: - if self.server_cert and self.server_key: - spec['server_cert'] = self.server_cert - spec['server_key'] = self.server_key - else: - spec['ssl_cert'] = self.ssl_cert - spec['ssl_key'] = self.ssl_key + if self.certificate_source == CertificateSource.INLINE.value: + if self.ssl: + if self.server_cert and self.server_key: + spec['server_cert'] = self.server_cert + spec['server_key'] = self.server_key + else: + spec['ssl_cert'] = self.ssl_cert + spec['ssl_key'] = self.ssl_key - if self.enable_auth: - spec['client_cert'] = self.client_cert - spec['client_key'] = self.client_key - spec['root_ca_cert'] = self.root_ca_cert + if self.enable_auth: + spec['client_cert'] = self.client_cert + spec['client_key'] = self.client_key + spec['root_ca_cert'] = self.root_ca_cert return data -- 2.47.3