Allow setting "insecure" in neutron_lbaas.conf

Keystone deployments can be on self signed certs, which will fail on verifying the cert on client side. This patch allows an user to turn off cert verification. Change-Id: I7db3c7f9dd5c2f8b0ff4da65eefaf6cd95a5c671 Partially-Closes: #1611509 (cherry picked from commit 56c7669dcf)
2016-08-09 14:25:45 -07:00 · 2016-08-09 14:25:45 -07:00 · 32e2ad973b
commit 32e2ad973b
parent 680998ee34
1 changed files with 7 additions and 1 deletions
--- a/neutron_lbaas/common/keystone.py
+++ b/neutron_lbaas/common/keystone.py
@ -76,6 +76,11 @@ OPTS = [
        'endpoint_type',
        default='public',
        help=_('The endpoint_type to be used')
+    ),
+    cfg.BoolOpt(
+        'insecure',
+        default=False,
+        help=_('Disable server certificate verification')
    )
 ]

@ -92,6 +97,7 @@ def get_session():
    if not _SESSION:

        auth_url = cfg.CONF.service_auth.auth_url
+        insecure = cfg.CONF.service_auth.insecure
        kwargs = {'auth_url': auth_url,
                  'username': cfg.CONF.service_auth.admin_user,
                  'password': cfg.CONF.service_auth.admin_password}
@ -111,7 +117,7 @@ def get_session():

        try:
            kc = client.Password(**kwargs)
-            _SESSION = session.Session(auth=kc)
+            _SESSION = session.Session(auth=kc, verify=not insecure)
        except Exception:
            with excutils.save_and_reraise_exception():
                LOG.exception(_LE("Error creating Keystone session."))