Allow setting "insecure" in neutron_lbaas.conf

Keystone deployments can be on self signed certs, which will fail
on verifying the cert on client side. This patch allows an user
to turn off cert verification.

Change-Id: I7db3c7f9dd5c2f8b0ff4da65eefaf6cd95a5c671
Partially-Closes: #1611509
(cherry picked from commit 56c7669dcf)
This commit is contained in:
chen, hao 2016-08-09 14:25:45 -07:00 committed by Hao Chen
parent 680998ee34
commit 32e2ad973b

View File

@ -76,6 +76,11 @@ OPTS = [
'endpoint_type',
default='public',
help=_('The endpoint_type to be used')
),
cfg.BoolOpt(
'insecure',
default=False,
help=_('Disable server certificate verification')
)
]
@ -92,6 +97,7 @@ def get_session():
if not _SESSION:
auth_url = cfg.CONF.service_auth.auth_url
insecure = cfg.CONF.service_auth.insecure
kwargs = {'auth_url': auth_url,
'username': cfg.CONF.service_auth.admin_user,
'password': cfg.CONF.service_auth.admin_password}
@ -111,7 +117,7 @@ def get_session():
try:
kc = client.Password(**kwargs)
_SESSION = session.Session(auth=kc)
_SESSION = session.Session(auth=kc, verify=not insecure)
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("Error creating Keystone session."))