From f34cc110df6a7557e4d99f6acc5d4b285765e55d Mon Sep 17 00:00:00 2001 From: Redouane Kachach Date: Wed, 20 Aug 2025 15:55:24 +0200 Subject: [PATCH] mgr/cephadm: using 5 years for service-discovery internal certs Signed-off-by: Redouane Kachach --- src/pybind/mgr/cephadm/services/service_discovery.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/pybind/mgr/cephadm/services/service_discovery.py b/src/pybind/mgr/cephadm/services/service_discovery.py index 45fddcac6c6..68c193e97de 100644 --- a/src/pybind/mgr/cephadm/services/service_discovery.py +++ b/src/pybind/mgr/cephadm/services/service_discovery.py @@ -41,6 +41,9 @@ cherrypy.log.access_log.propagate = False logger = logging.getLogger(__name__) +CEPHADM_SVC_DISCOVERY_CERT_DURATION = (365 * 5) + + class Route(NamedTuple): name: str route: str @@ -93,13 +96,13 @@ class ServiceDiscovery: def configure_tls(self, server: Server) -> None: addr = self.mgr.get_mgr_ip() host = self.mgr.get_hostname() - cert, key = self.mgr.cert_mgr.generate_cert(host, addr, duration_in_days = (365 * 5)) + tls_pair = self.mgr.cert_mgr.generate_cert(host, addr, duration_in_days=CEPHADM_SVC_DISCOVERY_CERT_DURATION) self.cert_file = tempfile.NamedTemporaryFile() - self.cert_file.write(cert.encode('utf-8')) + self.cert_file.write(tls_pair.cert.encode('utf-8')) self.cert_file.flush() # cert_tmp must not be gc'ed self.key_file = tempfile.NamedTemporaryFile() - self.key_file.write(key.encode('utf-8')) + self.key_file.write(tls_pair.key.encode('utf-8')) self.key_file.flush() # pkey_tmp must not be gc'ed verify_tls_files(self.cert_file.name, self.key_file.name) -- 2.47.3