On Fri, Jun 2, 2017 at 2:35 PM, Sage Weil <sweil@xxxxxxxxxx> wrote: > On Fri, 2 Jun 2017, Boris Ranto wrote: >> On Thu, 2017-06-01 at 22:16 +0000, Sage Weil wrote: >> > That part I fixed with NamedTemporaryFile in >> > https://github.com/liewegas/ceph/commit/c169c8fd461bf94459cd9 >> > 8b658d2a2d8bf42bca6 >> > >> > Was there also a python module dependency problem? If not, it seems >> > much more natural for the module to create the crt/key pair the first >> > time it stats if it's not present... >> > >> >> I had something like that before, see commit >> >> https://github.com/ceph/ceph/pull/14457/commits/92fa210aaa87fcc47b2491f >> a44f029f7426cd7b9 >> >> or >> >> https://github.com/ceph/ceph/pull/14457/commits/f59e9bf0bbda870311c6084 >> 74b9aad63f4323c43 >> >> that removed/changed it. I had a couple more implementations that did >> all sorts of things. I later removed all of them and went with as >> simple solution as possible for two reasons: >> >> - the simple straight-forward solution is usually least likely to bite >> us in the future >> - it seemed almost impossible to get an agreement on how a more >> sophisticated solution should actually look like (it felt like I was >> going in the circles) >> >> The one removed in the first linked patch did not require any special >> dependencies (make_ssl_devcert is part of werkzeug). The other linked >> one required pyOpenSSL which was kinda bad as afaik, pyOpenSSL is not >> being properly maintained. > > I like the make_ssl_devcert approach personally... John? I just had a look at the werkzeug code and it seems to be using pyOpenSSL too under the hood, so I guess has same issue as the other approach? If pyOpenSSL is not viable, maybe invoking the openssl CLI from inside the module would still be neater than having the module depend on packaging to do it? John > > sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
