From 3cd8e6dc20ad3f8024a8eb0af2f460515ee432fe Mon Sep 17 00:00:00 2001 From: Erickson Silva de Oliveira Date: Tue, 23 Sep 2025 18:03:45 -0300 Subject: [PATCH] Add new config key to get the restful certificate The ceph mgr restful module certificate is set with the key 'mgr/restful//crt'. However, when rook-ceph is configured, a race condition can occur between the creation of the mgr and the execution of the 'ceph-mgr-provision' job, causing restful to not running. To avoid this, instead of using a specific mgr key, the global key 'mgr/restful/crt' will be used, so there is no risk of having the mgr without a certificate. Therefore, it was necessary to make the adjustment in cephclient to check if the key 'mgr/restful/crt' exists. If it does, the certificate saved in it will be obtained. Otherwise, the same key as before, which is 'mgr/restful//crt', will be used. Test Plan: - PASS: AIO-SX with rook-ceph backend - PASS: AIO-DX with rook-ceph backend - PASS: AIO-SX with ceph backend - PASS: AIO-DX with ceph backend Partial-Bug: 2125605 Change-Id: I5a5ec4a77a359a1f6d72d2e714127f3b93e00cb2 Signed-off-by: Erickson Silva de Oliveira --- .../python-cephclient/cephclient/client.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/ceph/python-cephclient/python-cephclient/cephclient/client.py b/ceph/python-cephclient/python-cephclient/cephclient/client.py index 2ac022b3..86b6319e 100644 --- a/ceph/python-cephclient/python-cephclient/cephclient/client.py +++ b/ceph/python-cephclient/python-cephclient/cephclient/client.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2019-2021,2024 Wind River Systems, Inc. +# Copyright (c) 2019-2021,2024-2025 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -16,7 +16,6 @@ import time import requests import six -from six.moves.urllib.parse import urlparse from cephclient import exception @@ -132,16 +131,23 @@ class CephClient(object): def _get_certificate(self): self._cleanup_certificate() - active_mgr = self._get_service_active_mgr() try: + key = 'mgr/restful/crt' + result = subprocess.run('ceph config-key exists {}'.format(key).split(), + timeout=CEPH_CLI_TIMEOUT_SEC, + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL,) + if result.returncode != 0: + active_mgr = self._get_service_active_mgr() + key = 'mgr/restful/{}/crt'.format(active_mgr) + LOG.info("Getting the certificate from '{}'.".format(key)) certificate = subprocess.check_output( - ('ceph config-key get ' - 'mgr/restful/{}/crt').format( - active_mgr), + 'ceph config-key get {}'.format(key), timeout=CEPH_CLI_TIMEOUT_SEC, shell=True) except (subprocess.CalledProcessError, subprocess.TimeoutExpired): return + with tempfile.NamedTemporaryFile(delete=False) as self.cert_file: self.cert_file.write(certificate)