neutron-ha-tool: Add ssl options

Allow specifying a CA Certificate bundle to use for server verification via the OS_CACERT environment variable and a argument "--insecure" to disable server certificate completely. Change-Id: I5a0356faead4dbe2a543c607cf3e442252fc820b
2014-04-04 12:39:13 +02:00 · 2014-04-04 12:39:13 +02:00 · 553937edd6
parent 3472363c75
commit 553937edd6
1 changed files with 14 additions and 1 deletions
--- a/files/default/neutron-ha-tool.py
+++ b/files/default/neutron-ha-tool.py
@ -59,6 +59,12 @@ def parse_args():
                    default=False, help='Replicate DHCP configuration to all agents')
    ap.add_argument('--now', action='store_true',
                    default=False, help='Migrate Routers immediately without a delay.')
+    ap.add_argument('--insecure', action='store_true',
+                     default=False, help='Explicitly allow neutron-ha-tool to perform '
+                                         '"insecure" SSL (https) requests. The server\'s '
+                                         'certificate will not be verified against any '
+                                         'certificate authorities. This option should be used '
+                                         'with caution.')
    return ap.parse_args()


@ -76,12 +82,19 @@ def setup_logging(args):


 def run(args):
+    try:
+        ca = os.environ['OS_CACERT']
+    except KeyError:
+        ca = None
+
    # instantiate client
    qclient = client.Client('2.0', auth_url=os.environ['OS_AUTH_URL'],
                            username=os.environ['OS_USERNAME'],
                            tenant_name=os.environ['OS_TENANT_NAME'],
                            password=os.environ['OS_PASSWORD'],
-                            endpoint_type='internalURL')
+                            endpoint_type='internalURL',
+                            insecure=args.insecure,
+                            ca_cert=ca)

    # set json return type
    qclient.format = 'json'