Fix CA file for API client

If a custom CA file is configured via OPENSTACK_SSL_CACERT, currently
communication with Keystone will fail, since the session is not created
using this CA file.

This change fixes the issue by passing the path to the CA file to the
keystoneauth session constructor.

Change-Id: Iad1bdea97ed649cc3c8f042dc5dd147b989dfd0e
Closes-Bug: #1873736
(cherry picked from commit 59ee1d59a1)
This commit is contained in:
Mark Goddard 2020-09-04 15:10:49 +01:00
parent 76604431b5
commit 9952f9e7a6
2 changed files with 7 additions and 1 deletions

View File

@ -39,7 +39,8 @@ def openstack_connection(request, version=None):
token=request.user.token.id,
project_name=request.user.project_name,
project_id=request.user.tenant_id)
session = ks_session.Session(auth=auth)
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT')
session = ks_session.Session(auth=auth, verify=cacert or True)
conn = connection.Connection(session=session,
ha_api_version=version)

View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixes an issue where the dashboard fails to load if communication with the
API requires a custom CA certificate.