ceph: mgr restful plugin set certificate to match host name
python-cephclient certificate validation fails when connecting to ceph-mgr restful plugin because server URL doesn't match CommonName (CN) or SubjectAltName (SAN). Setting CN to match server hostname fixes this issue but raises a warning caused by missing SAN. Using CN=ceph-restful and SAN=<hostname> fixes the issue and clears the warning. Change-Id: I6e8ca93c7b51546d134a6eb221c282961ba50afa Closes-bug: 1828470 Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
This commit is contained in:
parent
e80813bb81
commit
fcaa49ecaf
|
@ -792,12 +792,27 @@ class ServiceMonitor(object):
|
||||||
path = tempfile.mkdtemp()
|
path = tempfile.mkdtemp()
|
||||||
try:
|
try:
|
||||||
try:
|
try:
|
||||||
subprocess.check_call([
|
with tempfile.NamedTemporaryFile() as restful_cnf:
|
||||||
'/usr/bin/openssl', 'req', '-new', '-nodes', '-x509',
|
restful_cnf.write((
|
||||||
'-subj', '/O=IT/CN=ceph-restful', '-days', '3650',
|
'[req]\n'
|
||||||
'-out', os.path.join(path, 'crt'),
|
'req_extensions = v3_ca\n'
|
||||||
'-keyout', os.path.join(path, 'key'),
|
'distinguished_name = req_distinguished_name\n'
|
||||||
'-extensions', 'v3_ca'])
|
'[v3_ca]\n'
|
||||||
|
'subjectAltName=DNS:{}\n'
|
||||||
|
'basicConstraints = CA:true\n'
|
||||||
|
'[ req_distinguished_name ]\n'
|
||||||
|
'0.organizationName = IT\n'
|
||||||
|
'commonName = ceph-restful\n').format(
|
||||||
|
CONFIG.ceph_mgr_identity))
|
||||||
|
restful_cnf.flush()
|
||||||
|
subprocess.check_call([
|
||||||
|
'/usr/bin/openssl', 'req', '-new', '-nodes', '-x509',
|
||||||
|
'-subj', '/O=IT/CN=' + CONFIG.ceph_mgr_identity,
|
||||||
|
'-days', '3650',
|
||||||
|
'-config', restful_cnf.name,
|
||||||
|
'-out', os.path.join(path, 'crt'),
|
||||||
|
'-keyout', os.path.join(path, 'key'),
|
||||||
|
'-extensions', 'v3_ca'])
|
||||||
except subprocess.CalledProcessError as err:
|
except subprocess.CalledProcessError as err:
|
||||||
raise CommandFailed(
|
raise CommandFailed(
|
||||||
command=' '.join(err.cmd),
|
command=' '.join(err.cmd),
|
||||||
|
|
Loading…
Reference in New Issue