From 883f0f7a3bb7320a70716530e200ac22d31ba9a5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 21 Apr 2014 23:09:32 -0400 Subject: [PATCH] Adds CA cert file path option for glance connections Currently, there is no way to pass CA cert for HTTPS glance connections. This patch adds new cinder.conf option to enable secure connection. Closes-Bug: 1311271 DocImpact - New option added to cinder.conf Change-Id: I3f39980b94ae314c6351c77f8668ab0922b1c3d8 --- cinder/common/config.py | 3 +++ cinder/image/glance.py | 1 + etc/cinder/cinder.conf.sample | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/cinder/common/config.py b/cinder/common/config.py index 9e9db35f7..6cb2124c8 100644 --- a/cinder/common/config.py +++ b/cinder/common/config.py @@ -100,6 +100,9 @@ global_opts = [ 'can improve data throughput, such as when high ' 'network bandwidth is available and you use ' 'compressed image formats like qcow2.'), + cfg.StrOpt('glance_ca_certificates_file', + help='Location of ca certificates file to use for glance ' + 'client requests.'), cfg.IntOpt('glance_request_timeout', default=None, help='http/https timeout value for glance operations. If no ' diff --git a/cinder/image/glance.py b/cinder/image/glance.py index d91582ec4..16340d508 100644 --- a/cinder/image/glance.py +++ b/cinder/image/glance.py @@ -84,6 +84,7 @@ def _create_glance_client(context, netloc, use_ssl, # https specific params params['insecure'] = CONF.glance_api_insecure params['ssl_compression'] = CONF.glance_api_ssl_compression + params['cacert'] = CONF.glance_ca_certificates_file else: scheme = 'http' if CONF.auth_strategy == 'keystone': diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample index 25c4dcb67..1eb4bedc7 100644 --- a/etc/cinder/cinder.conf.sample +++ b/etc/cinder/cinder.conf.sample @@ -501,6 +501,10 @@ # value) #glance_api_ssl_compression=false +# Location of ca certificates file to use for glance client +# requests. (string value) +#glance_ca_certificates_file= + # http/https timeout value for glance operations. If no value # (None) is supplied here, the glanceclient default value is # used. (integer value) -- 2.45.2