Enable certificate check for glance_store+swift

Disable insecure option for glance_store with swift backend when tls is enabled. Specify swift_store_cacert option. Change-Id: Ia1e8f596c95dd7b6e63cb21a94c8316dc71bf945
2020-05-20 12:14:04 +04:00 · 2020-05-20 12:14:04 +04:00 · 9cbd02d8c8
parent 43c172acd0
commit 9cbd02d8c8
1 changed files with 4 additions and 10 deletions
--- a/lib/glance
+++ b/lib/glance
@ -212,25 +212,19 @@ function configure_glance {
    if is_service_enabled s-proxy; then
        iniset $GLANCE_API_CONF glance_store default_store swift
        iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True
-        if python3_enabled; then
-            iniset $GLANCE_API_CONF glance_store swift_store_auth_insecure True
-        fi

        iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
        iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
        iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
+        if is_service_enabled tls-proxy; then
+            iniset $GLANCE_API_CONF glance_store swift_store_cacert $SSL_BUNDLE_FILE
+        fi
        iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"

        iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift

        iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
-        if python3_enabled; then
-            # NOTE(dims): Currently the glance_store+swift does not support either an insecure flag
-            # or ability to specify the CACERT. So fallback to http:// url
-            iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address ${KEYSTONE_SERVICE_URI/https/http}/v3
-        else
-            iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
-        fi
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
        iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
    fi