Add ability to use HTTPS port

As long as we have HTTPS enabled by default on master node,
it would be nice to use secure channel for nailgun agent. So,
this commit switch to HTTPS as default protocol for agent and
allow to use plain HTTP as a fallback.
We use SSL no_verify for connection cause now certificate for
master node nginx generated on container creation and we don't
have an ability to easily push it to trusted on bootstrap node.

Change-Id: I570890b19eac74db6f3666af966e86f64327740d
Closes-Bug: #1480866
This commit is contained in:
Stanislaw Bogatkin 2015-08-04 19:28:25 +03:00
parent 1512b9af6b
commit e01693992d
1 changed files with 15 additions and 2 deletions

17
agent
View File

@ -129,7 +129,8 @@ class NodeAgent
@logger = logger
@api_default_address = "localhost"
@api_default_port = "8000"
@api_default_port = "8443"
@api_legacy_port = "8000"
@api_url = url
@ -145,9 +146,19 @@ class NodeAgent
@logger.info("Can't get API url from /proc/cmdline. Will use localhost.")
@api_ip = "127.0.0.1"
end
@api_url = "http://#{@api_ip}:#{@api_default_port}/api"
begin
res = htclient.get("https://#{@api_ip}:#{@api_default_port}/")
@scheme = "https"
@api_port = @api_default_port
rescue Errno::ECONNREFUSED
@logger.warn("Connection Refused catched when trying connect to HTTPS port. Use plain HTTP")
@scheme = "http"
@api_port = @api_legacy_port
end
@api_url = "#{@scheme}://#{@api_ip}:#{@api_port}/api"
end
@logger.info("API URL is #{@api_url}")
@os = ohai_system_info
end
@ -187,6 +198,8 @@ class NodeAgent
def htclient
client = HTTPClient.new
client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
client.ssl_config.ssl_version = :TLSv1
client.connect_timeout = 10
client.send_timeout = 10
client.receive_timeout = 10 # (mihgen): Nailgun may hang for a while, but 10sec should be enough for him to respond