Configure and use SSL-related requests options
This patch adds standard SSL options to IPA config and makes use of them when making HTTP requests. For now, a single set of certificates is used when needed. In the future configuration can be expanded to allow per-service certificates. Besides, the 'insecure' option (defaults to False) can be overridden through kernel command line parameter 'ipa-insecure'. This will allow running IPA in CI-like environments with self-signed SSL certificates. Change-Id: I259d9b3caa9ba1dc3d7382f375b8e086a5348d80 Closes-Bug: #1642515
This commit is contained in:
doc/source
etc/ironic_python_agent
ironic_python_agent
releasenotes/notes
@ -180,6 +180,24 @@ cli_opts = [
|
||||
'in inventory. '
|
||||
'Can be supplied as "ipa-disk-wait-delay" '
|
||||
'kernel parameter.'),
|
||||
cfg.BoolOpt('insecure',
|
||||
default=APARAMS.get('ipa-insecure', False),
|
||||
help='Verify HTTPS connections. Can be supplied as '
|
||||
'"ipa-insecure" kernel parameter.'),
|
||||
cfg.StrOpt('cafile',
|
||||
help='Path to PEM encoded Certificate Authority file '
|
||||
'to use when verifying HTTPS connections. '
|
||||
'Default is to use available system-wide configured CAs.'),
|
||||
cfg.StrOpt('certfile',
|
||||
help='Path to PEM encoded client certificate cert file. '
|
||||
'Must be provided together with "keyfile" option. '
|
||||
'Default is to not present any client certificates to '
|
||||
'the server.'),
|
||||
cfg.StrOpt('keyfile',
|
||||
help='Path to PEM encoded client certificate key file. '
|
||||
'Must be provided together with "certfile" option. '
|
||||
'Default is to not present any client certificates to '
|
||||
'the server.'),
|
||||
]
|
||||
|
||||
CONF.register_cli_opts(cli_opts)
|
||||
|
Reference in New Issue
Block a user