NSXv3: Check cert existance before creation
If NSX already has certificate which has same PEM data, the cert creation will fail with exception. To handle this, first check if NSX already has same pem cert. If so, just use that certificate for SSL profile binding. Depends-on: I2550b41dbbd71ac7f35a7c9ce85bd8e4e166b49e Change-Id: I6f8de7dd1665fb79313cbf693fcfc3a9987aa3c4
This commit is contained in:
parent
28efdef15d
commit
04095d41b7
|
@ -60,21 +60,26 @@ class EdgeListenerManager(base_mgr.Nsxv3LoadbalancerBaseManager):
|
|||
|
||||
def _get_ssl_profile_binding(self, tags, certificate=None):
|
||||
tm_client = self.core_plugin.nsxlib.trust_management
|
||||
nsx_cert_id = None
|
||||
ssl_profile_binding = None
|
||||
if certificate:
|
||||
nsx_cert_id = tm_client.create_cert(
|
||||
certificate.get_certificate(),
|
||||
private_key=certificate.get_private_key(),
|
||||
passphrase=certificate.get_private_key_passphrase(),
|
||||
tags=tags)
|
||||
ssl_profile_binding = {
|
||||
# First check if NSX already has certificate with same pem.
|
||||
# If so, use that certificate for ssl binding. Otherwise,
|
||||
# create a new certificate on NSX.
|
||||
cert_ids = tm_client.find_cert_with_pem(
|
||||
certificate.get_certificate())
|
||||
if cert_ids:
|
||||
nsx_cert_id = cert_ids[0]
|
||||
else:
|
||||
nsx_cert_id = tm_client.create_cert(
|
||||
certificate.get_certificate(),
|
||||
private_key=certificate.get_private_key(),
|
||||
passphrase=certificate.get_private_key_passphrase(),
|
||||
tags=tags)
|
||||
return {
|
||||
'client_ssl_profile_binding': {
|
||||
'ssl_profile_id': self.core_plugin.client_ssl_profile,
|
||||
'default_certificate_id': nsx_cert_id
|
||||
}
|
||||
}
|
||||
return ssl_profile_binding
|
||||
|
||||
@log_helpers.log_method_call
|
||||
def create(self, context, listener, certificate=None):
|
||||
|
|
Loading…
Reference in New Issue