Merge "Add SSL support to the Ironic API"
This commit is contained in:
commit
506fd793ba
|
@ -504,6 +504,14 @@
|
|||
# (integer value)
|
||||
#api_workers=<None>
|
||||
|
||||
# Enable the integrated stand-alone API to service requests
|
||||
# via HTTPS instead of HTTP. If there is a front-end service
|
||||
# performing HTTPS offloading from the service, this option
|
||||
# should be False; note, you will want to change public API
|
||||
# endpoint to represent SSL termination URL with
|
||||
# 'public_endpoint' option. (boolean value)
|
||||
#enable_ssl_api=false
|
||||
|
||||
|
||||
[cimc]
|
||||
|
||||
|
@ -1897,6 +1905,27 @@
|
|||
#get_vm_name_retry_interval=3
|
||||
|
||||
|
||||
[ssl]
|
||||
|
||||
#
|
||||
# Options defined in oslo.service.sslutils
|
||||
#
|
||||
|
||||
# CA certificate file to use to verify connecting clients.
|
||||
# (string value)
|
||||
#ca_file=<None>
|
||||
|
||||
# Certificate file to use when starting the server securely.
|
||||
# (string value)
|
||||
#cert_file=<None>
|
||||
|
||||
# Private key file to use when starting the server securely.
|
||||
# (string value)
|
||||
#key_file=<None>
|
||||
|
||||
|
||||
|
||||
|
||||
[swift]
|
||||
|
||||
#
|
||||
|
|
|
@ -41,6 +41,14 @@ API_SERVICE_OPTS = [
|
|||
'The default is equal to the number of CPUs available '
|
||||
'if that can be determined, else a default worker '
|
||||
'count of 1 is returned.')),
|
||||
cfg.BoolOpt('enable_ssl_api',
|
||||
default=False,
|
||||
help=_("Enable the integrated stand-alone API to service "
|
||||
"requests via HTTPS instead of HTTP. If there is a "
|
||||
"front-end service performing HTTPS offloading from "
|
||||
"the service, this option should be False; note, you "
|
||||
"will want to change public API endpoint to represent "
|
||||
"SSL termination URL with 'public_endpoint' option.")),
|
||||
]
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
|
|
@ -36,7 +36,7 @@ def main():
|
|||
|
||||
# Build and start the WSGI app
|
||||
launcher = ironic_service.process_launcher()
|
||||
server = ironic_service.WSGIService('ironic_api')
|
||||
server = ironic_service.WSGIService('ironic_api', CONF.api.enable_ssl_api)
|
||||
launcher.launch_service(server, workers=server.workers)
|
||||
launcher.wait()
|
||||
|
||||
|
|
|
@ -150,10 +150,11 @@ def process_launcher():
|
|||
class WSGIService(service.ServiceBase):
|
||||
"""Provides ability to launch ironic API from wsgi app."""
|
||||
|
||||
def __init__(self, name):
|
||||
def __init__(self, name, use_ssl=False):
|
||||
"""Initialize, but do not start the WSGI server.
|
||||
|
||||
:param name: The name of the WSGI server given to the loader.
|
||||
:param use_ssl: Wraps the socket in an SSL context if True.
|
||||
:returns: None
|
||||
"""
|
||||
self.name = name
|
||||
|
@ -167,7 +168,8 @@ class WSGIService(service.ServiceBase):
|
|||
|
||||
self.server = wsgi.Server(CONF, name, self.app,
|
||||
host=CONF.api.host_ip,
|
||||
port=CONF.api.port)
|
||||
port=CONF.api.port,
|
||||
use_ssl=use_ssl)
|
||||
|
||||
def start(self):
|
||||
"""Start serving this service using loaded configuration.
|
||||
|
|
|
@ -12,11 +12,14 @@
|
|||
|
||||
import mock
|
||||
from oslo_concurrency import processutils
|
||||
from oslo_config import cfg
|
||||
|
||||
from ironic.common import exception
|
||||
from ironic.common import service
|
||||
from ironic.tests import base
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
class TestWSGIService(base.TestCase):
|
||||
|
||||
|
@ -60,3 +63,13 @@ class TestWSGIService(base.TestCase):
|
|||
service.WSGIService,
|
||||
'ironic_api')
|
||||
self.assertFalse(wsgi_server.called)
|
||||
|
||||
@mock.patch.object(service.wsgi, 'Server')
|
||||
def test_wsgi_service_with_ssl_enabled(self, wsgi_server):
|
||||
self.config(enable_ssl_api=True, group='api')
|
||||
srv = service.WSGIService('ironic_api', CONF.api.enable_ssl_api)
|
||||
wsgi_server.assert_called_once_with(CONF, 'ironic_api',
|
||||
srv.app,
|
||||
host='0.0.0.0',
|
||||
port=6385,
|
||||
use_ssl=True)
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
export IRONIC_CONFIG_GENERATOR_EXTRA_LIBRARIES='oslo.db oslo.messaging oslo.middleware.cors keystonemiddleware.auth_token oslo.concurrency oslo.policy oslo.log oslo.service.service oslo.service.periodic_task'
|
||||
export IRONIC_CONFIG_GENERATOR_EXTRA_LIBRARIES='oslo.db oslo.messaging oslo.middleware.cors keystonemiddleware.auth_token oslo.concurrency oslo.policy oslo.log oslo.service.service oslo.service.periodic_task oslo.service.sslutils'
|
||||
export IRONIC_CONFIG_GENERATOR_EXTRA_MODULES=
|
||||
|
|
Loading…
Reference in New Issue