Adds config options for using SSL

Adds auth_ca_cert and auth_insecure config options.

Change-Id: I4be39f47968a260d3958ef498050aba23a1aefe3
Closes-Bug: #1535823
This commit is contained in:
Mohammad Banikazemi 2016-02-15 16:07:01 -05:00
parent 811de8e9ab
commit 06134e437a
3 changed files with 14 additions and 4 deletions

View File

@ -75,6 +75,12 @@ keystone_opts = [
cfg.StrOpt('admin_token',
default=os.environ.get('SERVICE_TOKEN'),
help=_('The admin token.')),
cfg.StrOpt('auth_ca_cert',
default=os.environ.get('SERVICE_CA_CERT'),
help=_('The CA certification file.')),
cfg.BoolOpt('auth_insecure',
default=False,
help=_("Turn off verification of the certificate for ssl")),
]
binding_opts = [
cfg.StrOpt('veth_dst_prefix',

View File

@ -88,13 +88,16 @@ def get_neutron_client():
password = keystone_conf.admin_password
auth_token = keystone_conf.admin_token
auth_uri = keystone_conf.auth_uri.rstrip('/')
ca_cert = keystone_conf.auth_ca_cert
insecure = keystone_conf.auth_insecure
neutron_uri = cfg.CONF.neutron_client.neutron_uri
if username and password:
# Authenticate with password crentials
neutron_client = utils.get_neutron_client(
url=neutron_uri, username=username, tenant_name=tenant_name,
password=password, auth_url=auth_uri)
password=password, auth_url=auth_uri,
ca_cert=ca_cert, insecure=insecure)
else:
neutron_client = utils.get_neutron_client_simple(
url=neutron_uri, auth_url=auth_uri, token=auth_token)

View File

@ -40,11 +40,12 @@ def get_neutron_client_simple(url, auth_url, token):
def get_neutron_client(url, username, tenant_name, password,
auth_url, timeout=30):
auth_url, ca_cert, insecure, timeout=30):
return client_v2.Client(endpoint_url=url, timeout=timeout,
username=username, tenant_name=tenant_name,
password=password, auth_url=auth_url)
password=password, auth_url=auth_url,
ca_cert=ca_cert, insecure=insecure)
# Return all errors as JSON. From http://flask.pocoo.org/snippets/83/