Restore use of legacy use-https flag
This commit is contained in:
parent
be5dbdc20f
commit
cefead2cd5
|
@ -57,9 +57,10 @@ options:
|
|||
ssl_key:
|
||||
type: string
|
||||
description: SSL key to use with certificate specified as ssl_cert.
|
||||
# CA Cert info
|
||||
# Locally generated CA Cert info (only use without keystone)
|
||||
# These options are deprecated and will be removed sometime
|
||||
use-https:
|
||||
default: "no"
|
||||
default: "yes"
|
||||
type: string
|
||||
description: Whether to listen on HTTPS
|
||||
country:
|
||||
|
@ -78,6 +79,7 @@ options:
|
|||
default: CN
|
||||
type: string
|
||||
description: Common Name
|
||||
# General Swift Proxy configuration
|
||||
bind-port:
|
||||
default: 8080
|
||||
type: int
|
||||
|
|
|
@ -193,19 +193,6 @@ def write_proxy_config():
|
|||
proxy_control('restart')
|
||||
subprocess.check_call(['open-port', str(bind_port)])
|
||||
|
||||
def configure_ssl():
|
||||
# this should be expanded to cover setting up user-specified certificates
|
||||
if (utils.config_get('use-https') == 'yes' and
|
||||
not os.path.isfile(SSL_CERT) and
|
||||
not os.path.isfile(SSL_KEY)):
|
||||
subj = '/C=%s/ST=%s/L=%s/CN=%s' %\
|
||||
(utils.config_get('country'), utils.config_get('state'),
|
||||
utils.config_get('locale'), utils.config_get('common-name'))
|
||||
cmd = ['openssl', 'req', '-new', '-x509', '-nodes',
|
||||
'-out', SSL_CERT, '-keyout', SSL_KEY,
|
||||
'-subj', subj]
|
||||
subprocess.check_call(cmd)
|
||||
|
||||
|
||||
def _load_builder(path):
|
||||
# lifted straight from /usr/bin/swift-ring-builder
|
||||
|
|
|
@ -13,6 +13,7 @@ import subprocess
|
|||
import socket
|
||||
import sys
|
||||
import base64
|
||||
import tempfile
|
||||
|
||||
|
||||
def do_hooks(hooks):
|
||||
|
@ -320,6 +321,8 @@ def https():
|
|||
.
|
||||
returns: boolean
|
||||
'''
|
||||
if config_get('use-https'):
|
||||
return True
|
||||
if config_get('ssl_cert') and config_get('ssl_key'):
|
||||
return True
|
||||
for r_id in relation_ids('identity-service'):
|
||||
|
@ -366,6 +369,11 @@ def enable_https(port_maps, namespace):
|
|||
key = relation_get('ssl_key', rid=r_id, unit=unit)
|
||||
if not ca_cert:
|
||||
ca_cert = relation_get('ca_cert', rid=r_id, unit=unit)
|
||||
if (not (cert and key and ca_cert) and
|
||||
config_get('use-https')):
|
||||
juju_log('INFO',
|
||||
"Using self-signed SSL certificate.")
|
||||
(cert, key) = generate_cert()
|
||||
else:
|
||||
juju_log('INFO',
|
||||
"Using SSL certificate provided in service config.")
|
||||
|
@ -474,6 +482,32 @@ def setup_https(port_maps, namespace):
|
|||
enable_https(port_maps, namespace)
|
||||
|
||||
|
||||
def generate_cert():
|
||||
'''
|
||||
Generates a self signed certificate and key using the
|
||||
provided charm configuration data.
|
||||
|
||||
returns: tuple of (cert, key)
|
||||
'''
|
||||
CERT = '/etc/swift/ssl.cert'
|
||||
KEY = '/etc/swift/ssl.key'
|
||||
if (not os.path.exists(CERT) and
|
||||
not os.path.exists(KEY)):
|
||||
subj = '/C=%s/ST=%s/L=%s/CN=%s' %\
|
||||
(config_get('country'), config_get('state'),
|
||||
config_get('locale'), config_get('common-name'))
|
||||
cmd = ['openssl', 'req', '-new', '-x509', '-nodes',
|
||||
'-out', CERT, '-keyout', KEY,
|
||||
'-subj', subj]
|
||||
subprocess.check_call(cmd)
|
||||
# Slurp as base64 encoded - makes handling easier up the stack
|
||||
with open(CERT, 'r') as cfile:
|
||||
ssl_cert = base64.b64encode(cfile.read())
|
||||
with open(KEY, 'r') as kfile:
|
||||
ssl_key = base64.b64encode(kfile.read())
|
||||
return (ssl_cert, ssl_key)
|
||||
|
||||
|
||||
def determine_api_port(public_port):
|
||||
'''
|
||||
Determine correct API server listening port based on
|
||||
|
|
Loading…
Reference in New Issue