Support multiple ca certificates
Split the ca file into two files if there are two ca certificates Change-Id: I2bdef4ab4a2c6f24a28a4f41d7f58657c3e31bee
This commit is contained in:
parent
778dd72e86
commit
baa50d5c88
|
@ -370,10 +370,55 @@ class Provider(object):
|
|||
self.password = password
|
||||
self.ca_file = ca_file
|
||||
self.thumbprint = thumbprint
|
||||
self._config_ca_file = ca_file
|
||||
|
||||
def __str__(self):
|
||||
return str(self.url)
|
||||
|
||||
def select_cert(self):
|
||||
# If two ca certs in one file which only 'Serial Number' are different,
|
||||
# ssl verify process will break if the first cert is not enabled in
|
||||
# the nsxt. Put only one ca cert in one file and verify it by GET
|
||||
# operation
|
||||
if not self._config_ca_file:
|
||||
return
|
||||
|
||||
try:
|
||||
ca_content = self._get_ca_files(self._config_ca_file)
|
||||
except Exception as e:
|
||||
LOG.error('read ca file %s error %s', self._config_ca_file, e)
|
||||
return
|
||||
|
||||
if len(ca_content) <= 1:
|
||||
return
|
||||
|
||||
base_file = '/tmp/ca_cert.pem'
|
||||
for index, buff in enumerate(ca_content):
|
||||
session = TimeoutSession(60, 60)
|
||||
ca_file = base_file + self.id + '.' + str(index)
|
||||
try:
|
||||
with open(ca_file, 'w') as fname:
|
||||
fname.writelines(buff)
|
||||
session.verify = ca_file
|
||||
session.get(self.url + '/api/v1/node/version')
|
||||
self.ca_file = ca_file
|
||||
break
|
||||
except Exception as e:
|
||||
LOG.debug("verify cert error %s, ca file %s", e, ca_file)
|
||||
continue
|
||||
|
||||
def _get_ca_files(self, ca_file):
|
||||
files = []
|
||||
with open(ca_file) as fname:
|
||||
lines = fname.readlines()
|
||||
buff = []
|
||||
for line in lines:
|
||||
buff.append(line)
|
||||
if 'END CERTIFICATE' in line:
|
||||
files.append(buff)
|
||||
buff = []
|
||||
return files
|
||||
|
||||
|
||||
class Endpoint(object):
|
||||
"""A single NSX manager endpoint (host).
|
||||
|
@ -900,4 +945,6 @@ class NSXClusteredAPI(ClusteredAPI):
|
|||
self.nsxlib_config.password(provider_index),
|
||||
self.nsxlib_config.ca_file(provider_index),
|
||||
self.nsxlib_config.thumbprint(provider_index)))
|
||||
for provider in providers:
|
||||
provider.select_cert()
|
||||
return providers
|
||||
|
|
Loading…
Reference in New Issue