Enable certificate check for glance_store+swift
Disable insecure option for glance_store with swift backend when tls is enabled. Specify swift_store_cacert option. Change-Id: Ia1e8f596c95dd7b6e63cb21a94c8316dc71bf945
This commit is contained in:
parent
43c172acd0
commit
9cbd02d8c8
12
lib/glance
12
lib/glance
|
@ -212,25 +212,19 @@ function configure_glance {
|
|||
if is_service_enabled s-proxy; then
|
||||
iniset $GLANCE_API_CONF glance_store default_store swift
|
||||
iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True
|
||||
if python3_enabled; then
|
||||
iniset $GLANCE_API_CONF glance_store swift_store_auth_insecure True
|
||||
fi
|
||||
|
||||
iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
|
||||
iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
|
||||
iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
|
||||
if is_service_enabled tls-proxy; then
|
||||
iniset $GLANCE_API_CONF glance_store swift_store_cacert $SSL_BUNDLE_FILE
|
||||
fi
|
||||
iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
|
||||
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
|
||||
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
|
||||
if python3_enabled; then
|
||||
# NOTE(dims): Currently the glance_store+swift does not support either an insecure flag
|
||||
# or ability to specify the CACERT. So fallback to http:// url
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address ${KEYSTONE_SERVICE_URI/https/http}/v3
|
||||
else
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
|
||||
fi
|
||||
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue