|
 |
d4ebfc |
From b7032d16a07997ecab3b2c11a6436b3fa21f9043 Mon Sep 17 00:00:00 2001
|
|
|
d4ebfc |
From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
|
|
|
d4ebfc |
Date: Thu, 6 Jan 2022 12:53:28 +0100
|
|
|
d4ebfc |
Subject: [PATCH] fence_openstack: relax ssl cacert default
|
|
|
d4ebfc |
|
|
|
d4ebfc |
allow the agent to use Base OS defaults vs forcing a specific file
|
|
|
d4ebfc |
to increase portability.
|
|
|
d4ebfc |
|
|
|
d4ebfc |
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
|
|
|
d4ebfc |
---
|
|
|
d4ebfc |
agents/openstack/fence_openstack.py | 12 +++++++++---
|
|
|
d4ebfc |
tests/data/metadata/fence_openstack.xml | 2 +-
|
|
|
d4ebfc |
2 files changed, 10 insertions(+), 4 deletions(-)
|
|
|
d4ebfc |
|
|
|
d4ebfc |
diff --git a/agents/openstack/fence_openstack.py b/agents/openstack/fence_openstack.py
|
|
|
d4ebfc |
index c2d9df160..36b353b52 100755
|
|
|
d4ebfc |
--- a/agents/openstack/fence_openstack.py
|
|
|
d4ebfc |
+++ b/agents/openstack/fence_openstack.py
|
|
|
d4ebfc |
@@ -127,7 +127,13 @@ def nova_login(username, password, projectname, auth_url, user_domain_name,
|
|
|
d4ebfc |
cacert=cacert,
|
|
|
d4ebfc |
)
|
|
|
d4ebfc |
|
|
|
d4ebfc |
- session = ksc_session.Session(auth=auth, verify=False if ssl_insecure else cacert, timeout=apitimeout)
|
|
|
d4ebfc |
+ caverify=True
|
|
|
d4ebfc |
+ if ssl_insecure:
|
|
|
d4ebfc |
+ caverify=False
|
|
|
d4ebfc |
+ elif cacert:
|
|
|
d4ebfc |
+ caverify=cacert
|
|
|
d4ebfc |
+
|
|
|
d4ebfc |
+ session = ksc_session.Session(auth=auth, verify=caverify, timeout=apitimeout)
|
|
|
d4ebfc |
nova = client.Client("2", session=session, timeout=apitimeout)
|
|
|
d4ebfc |
apiversion = None
|
|
|
d4ebfc |
try:
|
|
|
d4ebfc |
@@ -189,10 +195,10 @@ def define_new_opts():
|
|
|
d4ebfc |
all_opt["cacert"] = {
|
|
|
d4ebfc |
"getopt": ":",
|
|
|
d4ebfc |
"longopt": "cacert",
|
|
|
d4ebfc |
- "help": "--cacert=[cacert] Path to the PEM file with trusted authority certificates",
|
|
|
d4ebfc |
+ "help": "--cacert=[cacert] Path to the PEM file with trusted authority certificates (override global CA trust)",
|
|
|
d4ebfc |
"required": "0",
|
|
|
d4ebfc |
"shortdesc": "SSL X.509 certificates file",
|
|
|
d4ebfc |
- "default": "/etc/pki/tls/certs/ca-bundle.crt",
|
|
|
d4ebfc |
+ "default": "",
|
|
|
d4ebfc |
"order": 7,
|
|
|
d4ebfc |
}
|
|
|
d4ebfc |
all_opt["apitimeout"] = {
|
|
|
d4ebfc |
diff --git a/tests/data/metadata/fence_openstack.xml b/tests/data/metadata/fence_openstack.xml
|
|
|
d4ebfc |
index 926d18c3d..c8dc2e60f 100644
|
|
|
d4ebfc |
--- a/tests/data/metadata/fence_openstack.xml
|
|
|
d4ebfc |
+++ b/tests/data/metadata/fence_openstack.xml
|
|
|
d4ebfc |
@@ -100,7 +100,7 @@
|
|
|
d4ebfc |
</parameter>
|
|
|
d4ebfc |
<parameter name="cacert" unique="0" required="0">
|
|
|
d4ebfc |
<getopt mixed="--cacert=[cacert]" />
|
|
|
d4ebfc |
- <content type="string" default="/etc/pki/tls/certs/ca-bundle.crt" />
|
|
|
d4ebfc |
+ <content type="string" default="" />
|
|
|
d4ebfc |
<shortdesc lang="en">SSL X.509 certificates file</shortdesc>
|
|
|
d4ebfc |
</parameter>
|
|
|
d4ebfc |
<parameter name="apitimeout" unique="0" required="0">
|