Vendor own option for tls cert file and key file
... instead of using oslo.service. Current usage of oslo.service is too limited to add the dependency, because - oslo.service registers multiple options but only two of these are used - the wrap implementation from oslo.service is not actually used Change-Id: I4e8f18951d73e329a54cf6546344c5704fe4aa90 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
@@ -131,12 +131,8 @@ class Application(object):
|
||||
def start(self, tls_cert_file=None, tls_key_file=None):
|
||||
"""Start the API service in the background."""
|
||||
|
||||
ssl_group = getattr(self._conf, 'ssl', {})
|
||||
|
||||
self.tls_cert_file = tls_cert_file or getattr(
|
||||
ssl_group, 'cert_file', None)
|
||||
self.tls_key_file = tls_key_file or getattr(
|
||||
ssl_group, 'key_file', None)
|
||||
self.tls_cert_file = tls_cert_file or self._conf.tls_cert_file
|
||||
self.tls_key_file = tls_key_file or self._conf.tls_key_file
|
||||
|
||||
bind_addr = (self.agent.listen_address.hostname,
|
||||
self.agent.listen_address.port)
|
||||
|
@@ -16,7 +16,6 @@ import sys
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
from oslo_service import sslutils
|
||||
from oslo_utils import strutils
|
||||
|
||||
from ironic_python_agent import agent
|
||||
@@ -40,8 +39,6 @@ def run():
|
||||
ipa_debug = strutils.bool_from_string(ipa_debug)
|
||||
CONF.set_override('debug', ipa_debug)
|
||||
log.setup(CONF, 'ironic-python-agent')
|
||||
# Used for TLS configuration
|
||||
sslutils.register_opts(CONF)
|
||||
|
||||
logger = log.getLogger(__name__)
|
||||
logger.debug("Configuration:")
|
||||
|
@@ -60,16 +60,26 @@ cli_opts = [
|
||||
'Can be supplied as "ipa-listen-port" kernel parameter.'),
|
||||
|
||||
# This is intentionally not settable via kernel command line, as it
|
||||
# requires configuration parameters from oslo_service which are not
|
||||
# configurable over the command line and require files-on-disk.
|
||||
# requires configuration parameters which are not configurable over
|
||||
# the command line and require files-on-disk.
|
||||
# Operators who want to use this support should configure it statically
|
||||
# as part of a ramdisk build.
|
||||
cfg.BoolOpt('listen_tls',
|
||||
default=False,
|
||||
help='When true, IPA will host API behind TLS. You will also '
|
||||
'need to configure [ssl] group options for cert_file, '
|
||||
'key_file, and, if desired, ca_file to validate client '
|
||||
'certificates.'),
|
||||
'need to configure tls_cert_file option and tls_key_file '
|
||||
'option.'),
|
||||
|
||||
cfg.StrOpt('tls_cert_file',
|
||||
help="Certificate file to use when starting "
|
||||
"the server securely.",
|
||||
deprecated_group='ssl',
|
||||
deprecated_name='cert_file'),
|
||||
cfg.StrOpt('tls_key_file',
|
||||
help="Private key file to use when starting "
|
||||
"the server securely.",
|
||||
deprecated_group='ssl',
|
||||
deprecated_name='key_file'),
|
||||
|
||||
cfg.BoolOpt('enable_auto_tls',
|
||||
default=True,
|
||||
|
@@ -21,7 +21,6 @@ from oslo_concurrency import processutils
|
||||
from oslo_config import cfg
|
||||
from oslo_config import fixture as config_fixture
|
||||
from oslo_log import log
|
||||
from oslo_service import sslutils
|
||||
from oslotest import base as test_base
|
||||
|
||||
from ironic_python_agent import config
|
||||
@@ -70,7 +69,6 @@ class IronicAgentTest(test_base.BaseTestCase):
|
||||
self.cfg_fixture = self.useFixture(config_fixture.Config(CONF))
|
||||
# Register options from libraries that are explicitly used in the code
|
||||
log.register_options(CONF)
|
||||
sslutils.register_opts(CONF)
|
||||
|
||||
def config(self, **kw):
|
||||
"""Override config options for a test."""
|
||||
|
6
releasenotes/notes/tls-opts-50d09bddd5f70ef2.yaml
Normal file
6
releasenotes/notes/tls-opts-50d09bddd5f70ef2.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
The ``[ssl] key_file`` option and the ``[ssl] cert_file`` option are
|
||||
deprecated. Use the ``[DEFAULT] tls_key_file`` option and
|
||||
the ``[DEFAULT] tls_cert_file`` option instead.
|
@@ -2,7 +2,6 @@ pbr>=6.0.0 # Apache-2.0
|
||||
oslo.config>=9.7.1 # Apache-2.0
|
||||
oslo.concurrency>=7.1.0 # Apache-2.0
|
||||
oslo.log>=7.1.0 # Apache-2.0
|
||||
oslo.service>=4.1.1 # Apache-2.0
|
||||
oslo.utils>=8.2.0 # Apache-2.0
|
||||
Pint>=0.5 # BSD
|
||||
psutil>=3.2.2 # BSD
|
||||
|
Reference in New Issue
Block a user