From 883f0f7a3bb7320a70716530e200ac22d31ba9a5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 21 Apr 2014 23:09:32 -0400 Subject: [PATCH] Adds CA cert file path option for glance connections Currently, there is no way to pass CA cert for HTTPS glance connections. This patch adds new cinder.conf option to enable secure connection. Closes-Bug: 1311271 DocImpact - New option added to cinder.conf Change-Id: I3f39980b94ae314c6351c77f8668ab0922b1c3d8 --- cinder/common/config.py | 3 +++ cinder/image/glance.py | 1 + etc/cinder/cinder.conf.sample | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/cinder/common/config.py b/cinder/common/config.py index 9e9db35f75a..6cb2124c87d 100644 --- a/cinder/common/config.py +++ b/cinder/common/config.py @@ -100,6 +100,9 @@ global_opts = [ 'can improve data throughput, such as when high ' 'network bandwidth is available and you use ' 'compressed image formats like qcow2.'), + cfg.StrOpt('glance_ca_certificates_file', + help='Location of ca certificates file to use for glance ' + 'client requests.'), cfg.IntOpt('glance_request_timeout', default=None, help='http/https timeout value for glance operations. If no ' diff --git a/cinder/image/glance.py b/cinder/image/glance.py index d91582ec466..16340d5084a 100644 --- a/cinder/image/glance.py +++ b/cinder/image/glance.py @@ -84,6 +84,7 @@ def _create_glance_client(context, netloc, use_ssl, # https specific params params['insecure'] = CONF.glance_api_insecure params['ssl_compression'] = CONF.glance_api_ssl_compression + params['cacert'] = CONF.glance_ca_certificates_file else: scheme = 'http' if CONF.auth_strategy == 'keystone': diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample index 25c4dcb6771..1eb4bedc76a 100644 --- a/etc/cinder/cinder.conf.sample +++ b/etc/cinder/cinder.conf.sample @@ -501,6 +501,10 @@ # value) #glance_api_ssl_compression=false +# Location of ca certificates file to use for glance client +# requests. (string value) +#glance_ca_certificates_file= + # http/https timeout value for glance operations. If no value # (None) is supplied here, the glanceclient default value is # used. (integer value)