1d11f0b7dd
This change enables operators to set [DEFAULT]listen_tls to true configure IPA to be host its WSGI server over TLS using existing SSL support in oslo.service. In addition to configuring this in IPA, a deployer will need to also set [ssl]cert_file, [ssl]key_file, and optionally [ssl]ca_file in their ipa config, in addition to embedding those files into the IPA ramdisk in order for this to be functional. In order to make this change work, we also need to monkey patch socket library early, or else oslo.service will end up passing an unpatched socket to the eventlet wsgi server, which causes deadlocks. Change-Id: Ib7decae410915f3c27b045ee08538c94d455b030
28 lines
1.2 KiB
Python
28 lines
1.2 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import os
|
|
|
|
import eventlet
|
|
|
|
# NOTE(TheJulia): Eventlet, when monkey patching occurs, replaces the base
|
|
# dns resolver methods. This can lead to compatability issues,
|
|
# and un-expected exceptions being raised during the process
|
|
# of monkey patching. Such as one if there are no resolvers.
|
|
os.environ['EVENTLET_NO_GREENDNS'] = "yes"
|
|
|
|
# NOTE(JayF) Without monkey_patching socket, API requests will hang with TLS
|
|
# enabled. Enabling more than just socket for monkey patching causes failures
|
|
# in image streaming. In an ideal world, we track down all those errors and
|
|
# monkey patch everything as suggested in eventlet documentation.
|
|
eventlet.monkey_patch(all=False, socket=True)
|