diff options
| author | Ali Maredia <amaredia@redhat.com> | 2022-01-21 11:56:45 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-21 11:56:45 -0500 |
| commit | 262286776d38bec591b3e6be9ec3f0ad464607c5 (patch) | |
| tree | 5c506ff6d21cd253a042240b41c87693a5f19198 | |
| parent | 06e1ef35a8bad958bd735bdd2683e732cf733d86 (diff) | |
| parent | 99f0e82a9590ea20804651e0a8422fd895800ae3 (diff) | |
| download | ceph-262286776d38bec591b3e6be9ec3f0ad464607c5.tar.gz | |
Merge pull request #44694 from alimaredia/wip-rgw-kmip-teuthology-test
qa: move certificates for kmip task into /etc/ceph
Reviewed-by: Al Maredia <amaredia@redhat.com>
| -rw-r--r-- | qa/suites/rgw/crypt/2-kms/kmip.yaml | 6 | ||||
| -rw-r--r-- | qa/tasks/rgw.py | 29 |
2 files changed, 32 insertions, 3 deletions
diff --git a/qa/suites/rgw/crypt/2-kms/kmip.yaml b/qa/suites/rgw/crypt/2-kms/kmip.yaml index 4b2a13f4278..0057d954e32 100644 --- a/qa/suites/rgw/crypt/2-kms/kmip.yaml +++ b/qa/suites/rgw/crypt/2-kms/kmip.yaml @@ -3,9 +3,9 @@ overrides: conf: client: rgw crypt s3 kms backend: kmip - rgw crypt kmip ca path: /home/ubuntu/cephtest/ca/kmiproot.crt - rgw crypt kmip client cert: /home/ubuntu/cephtest/ca/kmip-client.crt - rgw crypt kmip client key: /home/ubuntu/cephtest/ca/kmip-client.key + rgw crypt kmip ca path: /etc/ceph/kmiproot.crt + rgw crypt kmip client cert: /etc/ceph/kmip-client.crt + rgw crypt kmip client key: /etc/ceph/kmip-client.key rgw crypt kmip kms key template: pykmip-$keyid rgw: client.0: diff --git a/qa/tasks/rgw.py b/qa/tasks/rgw.py index 693d3d4d6d7..3d2542981b1 100644 --- a/qa/tasks/rgw.py +++ b/qa/tasks/rgw.py @@ -150,6 +150,35 @@ def start_rgw(ctx, config, clients): '--rgw_crypt_kmip_addr', "{}:{}".format(*ctx.pykmip.endpoints[pykmip_role]), ]) + clientcert = ctx.ssl_certificates.get('kmip-client') + servercert = ctx.ssl_certificates.get('kmip-server') + clientca = ctx.ssl_certificates.get('kmiproot') + + clientkey = clientcert.key + clientcert = clientcert.certificate + serverkey = servercert.key + servercert = servercert.certificate + rootkey = clientca.key + rootcert = clientca.certificate + + cert_path = '/etc/ceph/' + ctx.cluster.only(client).run(args=['sudo', 'cp', clientcert, cert_path]) + ctx.cluster.only(client).run(args=['sudo', 'cp', clientkey, cert_path]) + ctx.cluster.only(client).run(args=['sudo', 'cp', servercert, cert_path]) + ctx.cluster.only(client).run(args=['sudo', 'cp', serverkey, cert_path]) + ctx.cluster.only(client).run(args=['sudo', 'cp', rootkey, cert_path]) + ctx.cluster.only(client).run(args=['sudo', 'cp', rootcert, cert_path]) + + clientcert = cert_path + 'kmip-client.crt' + clientkey = cert_path + 'kmip-client.key' + servercert = cert_path + 'kmip-server.crt' + serverkey = cert_path + 'kmip-server.key' + rootkey = cert_path + 'kmiproot.key' + rootcert = cert_path + 'kmiproot.crt' + + ctx.cluster.only(client).run(args=['sudo', 'chmod', '600', clientcert, clientkey, servercert, serverkey, rootkey, rootcert]) + ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', clientcert, clientkey, servercert, serverkey, rootkey, rootcert]) + rgw_cmd.extend([ '--foreground', run.Raw('|'), |