From e155ba93b5249770890a34f021a93eef83a73d4c Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Tue, 13 Dec 2016 19:05:24 +0100 Subject: [PATCH] Support insecure SSL when talking to services The certificates may not be known to Trove when doing requests to the different services so support insecure requests. This can be configured via the new config options - nova_api_insecure - cinder_api_insecure - neutron_api_insecure - swift_api_insecure All new config parameters default to 'False' so nothing changes if not explicitly configured. This is useful if the services use SSL adn Trove wants to talk to theses services without configuring the different certs. Change-Id: Ib59abd1500baad132e5c9f53895fd1eca18ac4d7 Closes-Bug: #1535895 --- trove/common/cfg.py | 8 ++++++++ trove/common/remote.py | 12 ++++++++---- trove/common/single_tenant_remote.py | 9 ++++++--- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/trove/common/cfg.py b/trove/common/cfg.py index ffe570ac0f..c76cb9be97 100644 --- a/trove/common/cfg.py +++ b/trove/common/cfg.py @@ -70,21 +70,29 @@ common_opts = [ help="The version of the compute service client."), cfg.StrOpt('glance_client_version', default='2', help="The version of the image service client."), + cfg.BoolOpt('nova_api_insecure', default=False, + help="Allow to perform insecure SSL requests to nova."), cfg.URIOpt('neutron_url', help='URL without the tenant segment.'), cfg.StrOpt('neutron_service_type', default='network', help='Service type to use when searching catalog.'), cfg.StrOpt('neutron_endpoint_type', default='publicURL', help='Service endpoint type to use when searching catalog.'), + cfg.BoolOpt('neutron_api_insecure', default=False, + help="Allow to perform insecure SSL requests to neutron."), cfg.URIOpt('cinder_url', help='URL without the tenant segment.'), cfg.StrOpt('cinder_service_type', default='volumev2', help='Service type to use when searching catalog.'), cfg.StrOpt('cinder_endpoint_type', default='publicURL', help='Service endpoint type to use when searching catalog.'), + cfg.BoolOpt('cinder_api_insecure', default=False, + help="Allow to perform insecure SSL requests to cinder."), cfg.URIOpt('swift_url', help='URL ending in ``AUTH_``.'), cfg.StrOpt('swift_service_type', default='object-store', help='Service type to use when searching catalog.'), cfg.StrOpt('swift_endpoint_type', default='publicURL', help='Service endpoint type to use when searching catalog.'), + cfg.BoolOpt('swift_api_insecure', default=False, + help="Allow to perform insecure SSL requests to swift."), cfg.URIOpt('glance_url', help='URL ending in ``AUTH_``.'), cfg.StrOpt('glance_service_type', default='image', help='Service type to use when searching catalog.'), diff --git a/trove/common/remote.py b/trove/common/remote.py index 86562b5b71..53625e3d09 100644 --- a/trove/common/remote.py +++ b/trove/common/remote.py @@ -101,7 +101,8 @@ def nova_client(context, region_name=None): project_id=context.tenant, project_domain_name=context.project_domain_name, auth_url=CONF.trove_auth_url, - auth_token=context.auth_token) + auth_token=context.auth_token, + insecure=CONF.nova_api_insecure) client.client.auth_token = context.auth_token client.client.endpoint_override = url return client @@ -129,7 +130,8 @@ def cinder_client(context, region_name=None): client = CinderClient.Client(context.user, context.auth_token, project_id=context.tenant, - auth_url=CONF.trove_auth_url) + auth_url=CONF.trove_auth_url, + insecure=CONF.cinder_api_insecure) client.client.auth_token = context.auth_token client.client.management_url = url return client @@ -149,7 +151,8 @@ def swift_client(context, region_name=None): client = Connection(preauthurl=url, preauthtoken=context.auth_token, tenant_name=context.tenant, - snet=CONF.backup_use_snet) + snet=CONF.backup_use_snet, + insecure=CONF.swift_api_insecure) return client @@ -164,7 +167,8 @@ def neutron_client(context, region_name=None): endpoint_type=CONF.neutron_endpoint_type) client = NeutronClient.Client(token=context.auth_token, - endpoint_url=url) + endpoint_url=url, + insecure=CONF.neutron_api_insecure) return client diff --git a/trove/common/single_tenant_remote.py b/trove/common/single_tenant_remote.py index bb73ad3dbe..1cdbe784ba 100644 --- a/trove/common/single_tenant_remote.py +++ b/trove/common/single_tenant_remote.py @@ -66,7 +66,8 @@ def nova_client_trove_admin(context, region_name=None, compute_url=None): CONF.nova_proxy_admin_tenant_name, auth_url=CONF.trove_auth_url, service_type=CONF.nova_compute_service_type, - region_name=region_name or CONF.os_region_name) + region_name=region_name or CONF.os_region_name, + insecure=CONF.nova_api_insecure) if compute_url and CONF.nova_proxy_admin_tenant_id: client.client.endpoint_override = "%s/%s/" % ( @@ -88,7 +89,8 @@ def cinder_client_trove_admin(context=None): project_id=CONF.nova_proxy_admin_tenant_name, auth_url=CONF.trove_auth_url, service_type=CONF.cinder_service_type, - region_name=CONF.os_region_name) + region_name=CONF.os_region_name, + insecure=CONF.cinder_api_insecure) if CONF.cinder_url and CONF.nova_proxy_admin_tenant_id: client.client.management_url = "%s/%s/" % ( @@ -110,7 +112,8 @@ def neutron_client_trove_admin(context=None): tenant_name=CONF.nova_proxy_admin_tenant_name, auth_url=CONF.trove_auth_url, service_type=CONF.neutron_service_type, - region_name=CONF.os_region_name) + region_name=CONF.os_region_name, + insecure=CONF.neutron_api_insecure) if CONF.neutron_url: client.management_url = CONF.neutron_url