Add nova_ca_certificates_file option to neutron

Previously, neutron had no way to pass a certificates file to the novaclient. This change is to add that ability, similar to the way you can pass a certificates file to neutronclient in nova.conf via neturon_ca_certificates_file. Change-Id: I1a3f85505eb44bee604900301af79d773e1952a3 Closes-Bug: #1309694
2014-04-18 14:57:38 -05:00 · 2014-04-18 14:57:38 -05:00 · b22bc5d435
parent 7305ace9f3
commit b22bc5d435
3 changed files with 7 additions and 0 deletions
--- a/etc/neutron.conf
+++ b/etc/neutron.conf
@ -320,6 +320,9 @@ notification_driver = neutron.openstack.common.notifier.rpc_notifier
 # Authorization URL for connection to nova in admin context.
 # nova_admin_auth_url =

+# CA file for novaclient to verify server certificates
+# nova_ca_certificates_file =
+
 # Boolean to control ignoring SSL errors on the nova url
 # nova_api_insecure = False

--- a/neutron/common/config.py
+++ b/neutron/common/config.py
@ -100,6 +100,9 @@ core_opts = [
               default='http://localhost:5000/v2.0',
               help=_('Authorization URL for connecting to nova in admin '
                      'context')),
+    cfg.StrOpt('nova_ca_certificates_file',
+               default=None,
+               help=_('CA file for novaclient to verify server certificates')),
    cfg.BoolOpt('nova_api_insecure', default=False,
                help=_("If True, ignore any SSL validation issues")),
    cfg.StrOpt('nova_region_name',
--- a/neutron/notifiers/nova.py
+++ b/neutron/notifiers/nova.py
@ -49,6 +49,7 @@ class Notifier(object):
            project_id=None,
            tenant_id=cfg.CONF.nova_admin_tenant_id,
            auth_url=cfg.CONF.nova_admin_auth_url,
+            cacert=cfg.CONF.nova_ca_certificates_file,
            insecure=cfg.CONF.nova_api_insecure,
            bypass_url=bypass_url,
            region_name=cfg.CONF.nova_region_name,