Configure and use SSL-related requests options
This patch adds standard SSL options to IPA config and makes use of them when making HTTP requests. For now, a single set of certificates is used when needed. In the future configuration can be expanded to allow per-service certificates. Besides, the 'insecure' option (defaults to False) can be overridden through kernel command line parameter 'ipa-insecure'. This will allow running IPA in CI-like environments with self-signed SSL certificates. Change-Id: I259d9b3caa9ba1dc3d7382f375b8e086a5348d80 Closes-Bug: #1642515
This commit is contained in:
Pavlo Shchelokovskyy
doc/source
etc/ironic_python_agent
ironic_python_agent
releasenotes/notes
@ -416,3 +416,20 @@ def collect_system_logs(journald_max_lines=None):
|
||||
try_get_command_output(io_dict, name, cmd)
|
||||
|
||||
return gzip_and_b64encode(io_dict=io_dict, file_list=file_list)
|
||||
|
||||
|
||||
def get_ssl_client_options(conf):
|
||||
"""Format SSL-related requests options.
|
||||
|
||||
:param conf: oslo_config CONF object
|
||||
:returns: tuple of 'verify' and 'cert' values to pass to requests
|
||||
"""
|
||||
if conf.insecure:
|
||||
verify = False
|
||||
else:
|
||||
verify = conf.cafile or True
|
||||
if conf.certfile and conf.keyfile:
|
||||
cert = (conf.certfile, conf.keyfile)
|
||||
else:
|
||||
cert = None
|
||||
return verify, cert
|
||||
|
||||
Reference in New Issue
Block a user