From c93a7a22c02b5b95c85027da3a26e5f378b8f1f2 Mon Sep 17 00:00:00 2001 From: Thomas Leaman Date: Mon, 24 Feb 2014 17:03:33 +0000 Subject: [PATCH] Bump python-swiftclient version https://review.openstack.org/#/c/69187/ introduced SSL certificate checking in python-swiftclient (released as v2.0). This patch ensures that the version of swiftclient used will verify SSL certificates correctly. This patch also documents the `swift_store_auth_insecure` configuration option for bypassing the cert verification DocImpact SecurityImpact Change-Id: I20ddab5c3359071daf7505268c72331e4c786987 --- doc/source/configuring.rst | 9 +++++++++ etc/glance-api.conf | 3 +++ requirements.txt | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/source/configuring.rst b/doc/source/configuring.rst index 3c6ab601f2..f6ed0a0346 100644 --- a/doc/source/configuring.rst +++ b/doc/source/configuring.rst @@ -643,6 +643,15 @@ Can only be specified in configuration files. Optional. Default: ``0`` +* ``swift_store_auth_insecure`` + +If True, bypass SSL certificate verification for Swift. + +Can only be specified in configuration files. + +`This option is specific to the Swift storage backend.` + +Optional. Default: ``False`` Configuring the S3 Storage Backend ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/etc/glance-api.conf b/etc/glance-api.conf index 8b4bf666b9..84f2ebce5b 100644 --- a/etc/glance-api.conf +++ b/etc/glance-api.conf @@ -374,6 +374,9 @@ swift_enable_snet = False # request fails #swift_store_retry_get_count = 0 +# Bypass SSL verification for Swift +#swift_store_auth_insecure = False + # ============ S3 Store Options ============================= # Address where the S3 authentication service lives diff --git a/requirements.txt b/requirements.txt index cdf2d7ab90..0a752ee774 100644 --- a/requirements.txt +++ b/requirements.txt @@ -25,7 +25,7 @@ stevedore>=0.14 netaddr>=0.7.6 # For Swift storage backend. -python-swiftclient>=1.6 +python-swiftclient>=2.0.2 # For VMware storage backed. oslo.vmware>=0.2 # Apache-2.0