Fixes the SNI issues in master(mitaka) for octavia
1. Fixes the mismatch between the tls_container_id lengths in neutron.lbaas_sni and octavia.sni tables. 2. Fixes the syntax error in cert_parser.py field. (tls_container.id => tls_container_id) 3. Removes the certs['sni_certs'] parameter from the rest_api_driver.py as it gets wrongly assigned to socket_path parameter in the jinja_cfg.py file. 4. Modifies the sample_configs to make the unit tests work with the above changes. Change-Id: I8fe5854ef2dc508e37a368294c44eef63b5bccba Closes-Bug: #1520990
This commit is contained in:
parent
2cd234a0f1
commit
298fd45380
|
@ -67,8 +67,7 @@ class HaproxyAmphoraLoadBalancerDriver(
|
||||||
# Process listener certificate info
|
# Process listener certificate info
|
||||||
certs = self._process_tls_certificates(listener)
|
certs = self._process_tls_certificates(listener)
|
||||||
# Generate HaProxy configuration from listener object
|
# Generate HaProxy configuration from listener object
|
||||||
config = self.jinja.build_config(listener, certs['tls_cert'],
|
config = self.jinja.build_config(listener, certs['tls_cert'])
|
||||||
certs['sni_certs'])
|
|
||||||
|
|
||||||
for amp in listener.load_balancer.amphorae:
|
for amp in listener.load_balancer.amphorae:
|
||||||
if amp.status != constants.DELETED:
|
if amp.status != constants.DELETED:
|
||||||
|
|
|
@ -197,7 +197,7 @@ def load_certificates_data(cert_mngr, listener):
|
||||||
for sni_cont in listener.sni_containers:
|
for sni_cont in listener.sni_containers:
|
||||||
cert_container = _map_cert_tls_container(
|
cert_container = _map_cert_tls_container(
|
||||||
cert_mngr.get_cert(listener.project_id,
|
cert_mngr.get_cert(listener.project_id,
|
||||||
sni_cont.tls_container.id,
|
sni_cont.tls_container_id,
|
||||||
check_only=True))
|
check_only=True))
|
||||||
sni_certs.append(cert_container)
|
sni_certs.append(cert_container)
|
||||||
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
|
return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
# Copyright 2016 Hewlett-Packard Development Company, L.P.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
"""change_tls_container_id_length_in_sni_table
|
||||||
|
|
||||||
|
Revision ID: 8c0851bdf6c3
|
||||||
|
Revises: 186509101b9b
|
||||||
|
Create Date: 2016-03-23 19:08:53.148812
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '8c0851bdf6c3'
|
||||||
|
down_revision = '186509101b9b'
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
op.alter_column(u'sni', u'tls_container_id', type_=sa.String(128),
|
||||||
|
existing_type=sa.String(36), nullable=True)
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
pass
|
|
@ -403,12 +403,14 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
|
||||||
) if tls else '',
|
) if tls else '',
|
||||||
sni_containers=[
|
sni_containers=[
|
||||||
sample_tls_sni_container_tuple(
|
sample_tls_sni_container_tuple(
|
||||||
|
tls_container_id='cont_id_2',
|
||||||
tls_container=sample_tls_container_tuple(
|
tls_container=sample_tls_container_tuple(
|
||||||
id='cont_id_2', certificate='--imapem2--\n',
|
id='cont_id_2', certificate='--imapem2--\n',
|
||||||
private_key='--imakey2--\n', intermediates=[
|
private_key='--imakey2--\n', intermediates=[
|
||||||
'--imainter2--\n', '--imainter2too--\n'
|
'--imainter2--\n', '--imainter2too--\n'
|
||||||
], primary_cn='aFakeCN')),
|
], primary_cn='aFakeCN')),
|
||||||
sample_tls_sni_container_tuple(
|
sample_tls_sni_container_tuple(
|
||||||
|
tls_container_id='cont_id_3',
|
||||||
tls_container=sample_tls_container_tuple(
|
tls_container=sample_tls_container_tuple(
|
||||||
id='cont_id_3', certificate='--imapem3--\n',
|
id='cont_id_3', certificate='--imapem3--\n',
|
||||||
private_key='--imakey3--\n', intermediates=[
|
private_key='--imakey3--\n', intermediates=[
|
||||||
|
@ -421,14 +423,16 @@ def sample_listener_tuple(proto=None, monitor=True, persistence=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def sample_tls_sni_container_tuple(tls_container=None):
|
def sample_tls_sni_container_tuple(tls_container_id=None, tls_container=None):
|
||||||
sc = collections.namedtuple('sni_container', 'tls_container')
|
sc = collections.namedtuple('sni_container', 'tls_container_id, '
|
||||||
return sc(tls_container=tls_container)
|
'tls_container')
|
||||||
|
return sc(tls_container_id=tls_container_id, tls_container=tls_container)
|
||||||
|
|
||||||
|
|
||||||
def sample_tls_sni_containers_tuple(tls_container=None):
|
def sample_tls_sni_containers_tuple(tls_container_id=None, tls_container=None):
|
||||||
sc = collections.namedtuple('sni_containers', 'tls_container')
|
sc = collections.namedtuple('sni_containers', 'tls_container_id, '
|
||||||
return [sc(tls_container=tls_container)]
|
'tls_container')
|
||||||
|
return [sc(tls_container_id=tls_container_id, tls_container=tls_container)]
|
||||||
|
|
||||||
|
|
||||||
def sample_tls_container_tuple(id='cont_id_1', certificate=None,
|
def sample_tls_container_tuple(id='cont_id_1', certificate=None,
|
||||||
|
@ -633,4 +637,4 @@ def sample_base_expected_config(frontend=None, backend=None, peers=None):
|
||||||
" option redispatch\n"
|
" option redispatch\n"
|
||||||
" timeout connect 5000\n"
|
" timeout connect 5000\n"
|
||||||
" timeout client 50000\n"
|
" timeout client 50000\n"
|
||||||
" timeout server 50000\n\n" + peers + frontend + backend)
|
" timeout server 50000\n\n" + peers + frontend + backend)
|
Loading…
Reference in New Issue