Add ability to use HTTPS port
As long as we have HTTPS enabled by default on master node, it would be nice to use secure channel for nailgun agent. So, this commit switch to HTTPS as default protocol for agent and allow to use plain HTTP as a fallback. We use SSL no_verify for connection cause now certificate for master node nginx generated on container creation and we don't have an ability to easily push it to trusted on bootstrap node. Change-Id: I570890b19eac74db6f3666af966e86f64327740d Closes-Bug: #1480866
This commit is contained in:
parent
1512b9af6b
commit
e01693992d
17
agent
17
agent
|
@ -129,7 +129,8 @@ class NodeAgent
|
||||||
@logger = logger
|
@logger = logger
|
||||||
|
|
||||||
@api_default_address = "localhost"
|
@api_default_address = "localhost"
|
||||||
@api_default_port = "8000"
|
@api_default_port = "8443"
|
||||||
|
@api_legacy_port = "8000"
|
||||||
|
|
||||||
@api_url = url
|
@api_url = url
|
||||||
|
|
||||||
|
@ -145,9 +146,19 @@ class NodeAgent
|
||||||
@logger.info("Can't get API url from /proc/cmdline. Will use localhost.")
|
@logger.info("Can't get API url from /proc/cmdline. Will use localhost.")
|
||||||
@api_ip = "127.0.0.1"
|
@api_ip = "127.0.0.1"
|
||||||
end
|
end
|
||||||
@api_url = "http://#{@api_ip}:#{@api_default_port}/api"
|
begin
|
||||||
|
res = htclient.get("https://#{@api_ip}:#{@api_default_port}/")
|
||||||
|
@scheme = "https"
|
||||||
|
@api_port = @api_default_port
|
||||||
|
rescue Errno::ECONNREFUSED
|
||||||
|
@logger.warn("Connection Refused catched when trying connect to HTTPS port. Use plain HTTP")
|
||||||
|
@scheme = "http"
|
||||||
|
@api_port = @api_legacy_port
|
||||||
|
end
|
||||||
|
@api_url = "#{@scheme}://#{@api_ip}:#{@api_port}/api"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@logger.info("API URL is #{@api_url}")
|
||||||
@os = ohai_system_info
|
@os = ohai_system_info
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -187,6 +198,8 @@ class NodeAgent
|
||||||
|
|
||||||
def htclient
|
def htclient
|
||||||
client = HTTPClient.new
|
client = HTTPClient.new
|
||||||
|
client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||||
|
client.ssl_config.ssl_version = :TLSv1
|
||||||
client.connect_timeout = 10
|
client.connect_timeout = 10
|
||||||
client.send_timeout = 10
|
client.send_timeout = 10
|
||||||
client.receive_timeout = 10 # (mihgen): Nailgun may hang for a while, but 10sec should be enough for him to respond
|
client.receive_timeout = 10 # (mihgen): Nailgun may hang for a while, but 10sec should be enough for him to respond
|
||||||
|
|
Loading…
Reference in New Issue