043ad08237
Currently there is no way to provide SSL configuration for Trove, so it fails e.g. when uploading backups to a secured Swift endpoint. This patch sets an environment variable (REQUESTS_CA_BUNDLE [1]) understood by Requests library for Python, so all HTTPS calls done by trove-guest service will trust the provided CAs. For Ubuntu Xenial and Fedora a systemd drop-in sets this environment variable for trove-guest service, so it uses Ubuntu's/Fedora's system certificate store to validate server certificates. For Ubuntu Trusty the upstart script is modified to build and use a bundle file from certificates in /usr/local/share/ca-certificates, because Requests library doesn't support CA directories in such old Python versions. On Ubuntu systems the custom certificates are taken from /usr/local/share/ca-certificates; please use PEM format, .crt extension and call update-ca-certificates. On Fedora systems custom certificates can be put in /usr/share/pki/ca-trust-source/anchors; please use PEM format, .pem extension and call update-ca-trust. [1] http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification Change-Id: I0025e7c72fa2d863ae9540941956b1ab63bcc636 |
||
|---|---|---|
| .. | ||
| 15-trove-dep | ||
| 20-etc | ||
| 21-use-fedora-certificates | ||
| 50-user | ||
| 62-ssh-key | ||