Fix CA file for nova client

If a custom CA file is configured via nova_ca_certificates_file, currently communication with Keystone will fail, since the session is not created using this CA file. The same is true for nova_api_insecure. This change fixes the issue by using a keystoneauth session loader. Closes-Bug: #1873736 Change-Id: I54a4f398a06c61e0f6f8f3efd3e4b6214bca756b (cherry picked from commit 3bd82c776c)
2020-07-17 18:57:21 +00:00 · 2020-07-17 18:57:21 +00:00 · 1dd743aed3
parent f043401456
commit 1dd743aed3
1 changed files with 5 additions and 2 deletions
--- a/masakari/compute/nova.py
+++ b/masakari/compute/nova.py
@ -21,7 +21,7 @@ import sys

 from keystoneauth1 import exceptions as keystone_exception
 import keystoneauth1.loading
-import keystoneauth1.session
+import keystoneauth1.loading.session
 from novaclient import api_versions
 from novaclient import client as nova_client
 from novaclient import exceptions as nova_exception
@ -113,7 +113,10 @@ def novaclient(context, timeout=None):
        project_name=context.project_name,
        user_domain_name=CONF.os_user_domain_name,
        project_domain_name=CONF.os_project_domain_name)
-    keystone_session = keystoneauth1.session.Session(auth=auth)
+    session_loader = keystoneauth1.loading.session.Session()
+    keystone_session = session_loader.load_from_options(
+        auth=auth, cacert=CONF.nova_ca_certificates_file,
+        insecure=CONF.nova_api_insecure)

    client_obj = nova_client.Client(
        api_versions.APIVersion(NOVA_API_VERSION),