mgr/cephadm: removing call to previous method to storing all certs

rkachach · rkachach · commit ade502d0632b · 2025-09-06T23:39:47.000+02:00
Signed-off-by: Redouane Kachach &lt;rkachach@ibm.com&gt;
diff --git a/src/pybind/mgr/cephadm/inventory.py b/src/pybind/mgr/cephadm/inventory.py
@@ -24,9 +24,10 @@
 from ceph.utils import str_to_datetime, datetime_to_str, datetime_now
 from orchestrator import OrchestratorError, HostSpec, OrchestratorEvent, service_to_daemon_types
 from cephadm.services.cephadmservice import CephadmDaemonDeploySpec
+from mgr_util import parse_combined_pem_file
 
 from .utils import resolve_ip, SpecialHostLabels
-from .migrations import queue_migrate_nfs_spec, queue_migrate_rgw_spec
+from .migrations import queue_migrate_nfs_spec, queue_migrate_rgw_spec, queue_migrate_rgw_ssl_spec
 
 if TYPE_CHECKING:
     from .module import CephadmOrchestrator
@@ -308,6 +309,12 @@ def load(self):
                 ):
                     queue_migrate_rgw_spec(self.mgr, j)
 
+                if (
+                        (self.mgr.migration_current or 0) < 8
+                        and j['spec'].get('service_type') == 'rgw'
+                ):
+                    queue_migrate_rgw_ssl_spec(self.mgr, j)
+
                 spec = ServiceSpec.from_json(j['spec'])
                 created = str_to_datetime(cast(str, j['created']))
                 self._specs[service_name] = spec
@@ -361,7 +368,6 @@ def save(
         if update_create:
             self.spec_created[name] = datetime_now()
         self._save(name)
-        self._save_certs_and_keys(spec)
 
     def save_rank_map(self,
                       name: str,
@@ -400,11 +406,20 @@ def _save_certs_and_keys(self, spec: ServiceSpec) -> None:
                 else:
                     cert_str = rgw_cert
                 assert isinstance(cert_str, str)
-                self.mgr.cert_mgr.save_cert(
-                    'rgw_frontend_ssl_cert',
-                    cert_str,
-                    service_name=rgw_spec.service_name(),
-                    user_made=True)
+                cert, key = parse_combined_pem_file(cert_str)
+                if cert and key:
+                    self.mgr.cert_mgr.save_cert(
+                        'rgw_ssl_cert',
+                        cert,
+                        service_name=rgw_spec.service_name(),
+                        user_made=True)
+                    self.mgr.cert_mgr.save_key(
+                        'rgw_ssl_key',
+                        key,
+                        service_name=rgw_spec.service_name(),
+                        user_made=True)
+                else:
+                    logger.error(f'Cannot parse the rgw certificate {cert_str}.')
         elif spec.service_type == 'iscsi':
             iscsi_spec = cast(IscsiServiceSpec, spec)
             if iscsi_spec.ssl_cert:
@@ -476,7 +491,6 @@ def finally_rm(self, service_name):
         # type: (str) -> bool
         found = service_name in self._specs
         if found:
-            self._rm_certs_and_keys(self._specs[service_name])
             del self._specs[service_name]
             if service_name in self._rank_maps:
                 del self._rank_maps[service_name]
