feat: add verify ca conf support for drivers
Closes-Bug: #2040236 Change-Id: Iaedb68e9e3c22b7194c9e09425757a081c601bf1
This commit is contained in:
Zou Yu
@@ -138,6 +138,9 @@ opts = [
|
|||||||
'/proc/cmdline. Mind severe cmdline size limit! Can be '
|
'/proc/cmdline. Mind severe cmdline size limit! Can be '
|
||||||
'overridden by `instance_info/kernel_append_params` '
|
'overridden by `instance_info/kernel_append_params` '
|
||||||
'property.')),
|
'property.')),
|
||||||
|
cfg.StrOpt('verify_ca',
|
||||||
|
help=_('The default verify_ca path when irmc_verify_ca '
|
||||||
|
'in driver_info is missing or set to True.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -121,6 +121,9 @@ opts = [
|
|||||||
help=_('Number of seconds to wait for boot mode or secure '
|
help=_('Number of seconds to wait for boot mode or secure '
|
||||||
'boot status change to take effect after a reboot. '
|
'boot status change to take effect after a reboot. '
|
||||||
'Set to 0 to disable waiting.')),
|
'Set to 0 to disable waiting.')),
|
||||||
|
cfg.StrOpt('verify_ca',
|
||||||
|
help=_('The default verify_ca path when redfish_verify_ca '
|
||||||
|
'in driver_info is missing or set to True.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ from ironic.common.i18n import _
|
|||||||
from ironic.common import utils
|
from ironic.common import utils
|
||||||
from ironic.conf import CONF
|
from ironic.conf import CONF
|
||||||
from ironic.drivers.modules import snmp
|
from ironic.drivers.modules import snmp
|
||||||
|
from ironic.drivers import utils as driver_utils
|
||||||
|
|
||||||
scci = importutils.try_import('scciclient.irmc.scci')
|
scci = importutils.try_import('scciclient.irmc.scci')
|
||||||
elcm = importutils.try_import('scciclient.irmc.elcm')
|
elcm = importutils.try_import('scciclient.irmc.elcm')
|
||||||
@@ -182,7 +183,7 @@ def parse_driver_info(node):
|
|||||||
_("Value '%s' is not supported for 'irmc_sensor_method'.") %
|
_("Value '%s' is not supported for 'irmc_sensor_method'.") %
|
||||||
d_info['irmc_sensor_method'])
|
d_info['irmc_sensor_method'])
|
||||||
|
|
||||||
verify_ca = d_info.get('irmc_verify_ca')
|
verify_ca = driver_utils.get_verify_ca(node, d_info.get('irmc_verify_ca'))
|
||||||
if verify_ca is None:
|
if verify_ca is None:
|
||||||
d_info['irmc_verify_ca'] = verify_ca = CONF.webserver_verify_ca
|
d_info['irmc_verify_ca'] = verify_ca = CONF.webserver_verify_ca
|
||||||
|
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ from ironic.common import exception
|
|||||||
from ironic.common.i18n import _
|
from ironic.common.i18n import _
|
||||||
from ironic.common import utils
|
from ironic.common import utils
|
||||||
from ironic.conf import CONF
|
from ironic.conf import CONF
|
||||||
|
from ironic.drivers import utils as driver_utils
|
||||||
|
|
||||||
LOG = log.getLogger(__name__)
|
LOG = log.getLogger(__name__)
|
||||||
|
|
||||||
@@ -151,7 +152,8 @@ def parse_driver_info(node):
|
|||||||
{'value': driver_info['redfish_system_id'], 'node': node.uuid})
|
{'value': driver_info['redfish_system_id'], 'node': node.uuid})
|
||||||
|
|
||||||
# Check if verify_ca is a Boolean or a file/directory in the file-system
|
# Check if verify_ca is a Boolean or a file/directory in the file-system
|
||||||
verify_ca = driver_info.get('redfish_verify_ca', True)
|
verify_ca = driver_utils.get_verify_ca(
|
||||||
|
node, driver_info.get('redfish_verify_ca', True))
|
||||||
if isinstance(verify_ca, str):
|
if isinstance(verify_ca, str):
|
||||||
if os.path.isdir(verify_ca) or os.path.isfile(verify_ca):
|
if os.path.isdir(verify_ca) or os.path.isfile(verify_ca):
|
||||||
pass
|
pass
|
||||||
|
|||||||
@@ -550,3 +550,27 @@ def power_off_and_on(task):
|
|||||||
next_state = (states.REBOOT if task.node.disable_power_off
|
next_state = (states.REBOOT if task.node.disable_power_off
|
||||||
else states.POWER_ON)
|
else states.POWER_ON)
|
||||||
utils.node_power_action(task, next_state)
|
utils.node_power_action(task, next_state)
|
||||||
|
|
||||||
|
|
||||||
|
def get_verify_ca(node, verify_ca):
|
||||||
|
"""Add verify_ca setting to driver_info if needed.
|
||||||
|
|
||||||
|
This function checks if verify_ca needs to be set based on
|
||||||
|
configuration values and existing driver_info settings.
|
||||||
|
|
||||||
|
:param node: The node object
|
||||||
|
:param verify_ca: The verify_ca settings in driver_info
|
||||||
|
:return: Updated verify_ca setting if needed
|
||||||
|
"""
|
||||||
|
config_group = node.driver
|
||||||
|
|
||||||
|
if node.driver == 'idrac':
|
||||||
|
config_group = 'redfish'
|
||||||
|
|
||||||
|
if verify_ca is not None and verify_ca is not True:
|
||||||
|
return verify_ca
|
||||||
|
|
||||||
|
if CONF.get(config_group, {}).get('verify_ca'):
|
||||||
|
verify_ca = CONF[config_group]['verify_ca']
|
||||||
|
|
||||||
|
return verify_ca
|
||||||
|
|||||||
@@ -430,3 +430,74 @@ class MixinVendorInterfaceTestCase(db_base.DbTestCase):
|
|||||||
self.assertRaises(exception.InvalidParameterValue,
|
self.assertRaises(exception.InvalidParameterValue,
|
||||||
self.vendor.validate,
|
self.vendor.validate,
|
||||||
task, method='fake_method')
|
task, method='fake_method')
|
||||||
|
|
||||||
|
|
||||||
|
class GetVerifyCATestCase(tests_base.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(GetVerifyCATestCase, self).setUp()
|
||||||
|
|
||||||
|
def test_default_verify_is_unspecified(self):
|
||||||
|
node = obj_utils.get_test_node(self.context)
|
||||||
|
for case in [
|
||||||
|
{
|
||||||
|
'driver': 'idrac',
|
||||||
|
'config_group': 'drac',
|
||||||
|
'driver_info_key': 'redfish_verify_ca',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'driver': 'irmc',
|
||||||
|
'config_group': 'irmc',
|
||||||
|
'driver_info_key': 'irmc_verify_ca',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'driver': 'redfish',
|
||||||
|
'config_group': 'redfish',
|
||||||
|
'driver_info_key': 'redfish_verify_ca',
|
||||||
|
},
|
||||||
|
]:
|
||||||
|
node.driver = case['driver']
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, True)
|
||||||
|
self.assertEqual(verify_ca, True)
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, False)
|
||||||
|
self.assertEqual(verify_ca, False)
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, None)
|
||||||
|
self.assertIsNone(verify_ca)
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, 'rootca.crt')
|
||||||
|
self.assertEqual(verify_ca, 'rootca.crt')
|
||||||
|
|
||||||
|
def test_default_verify_is_specified(self):
|
||||||
|
node = obj_utils.get_test_node(self.context)
|
||||||
|
for case in [
|
||||||
|
{
|
||||||
|
'driver': 'idrac',
|
||||||
|
'config_group': 'redfish',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'driver': 'irmc',
|
||||||
|
'config_group': 'irmc',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'driver': 'redfish',
|
||||||
|
'config_group': 'redfish',
|
||||||
|
},
|
||||||
|
]:
|
||||||
|
node.driver = case['driver']
|
||||||
|
cfg.CONF.set_override(
|
||||||
|
'verify_ca', 'default.crt', case['config_group'])
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, True)
|
||||||
|
self.assertEqual(verify_ca, 'default.crt')
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, False)
|
||||||
|
self.assertEqual(verify_ca, False)
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, None)
|
||||||
|
self.assertEqual(verify_ca, 'default.crt')
|
||||||
|
|
||||||
|
verify_ca = driver_utils.get_verify_ca(node, 'rootca.crt')
|
||||||
|
self.assertEqual(verify_ca, 'rootca.crt')
|
||||||
|
|||||||
@@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Allows users to specify the verify_ca path for the corresponding driver
|
||||||
|
through the ``verify_ca`` option under the ``[<driver>]`` section in the configuration.
|
||||||
|
When ``[driver_info]/<driver>_verify_ca`` is specified as None or True,
|
||||||
|
it will be replaced by the value of the ``verify_ca`` option.
|
||||||
|
NOTE: For the ``idrac`` driver, it uses the same options as the ``redfish`` driver.
|
||||||
Reference in New Issue
Block a user