Adds CA cert file path option for glance connections

Currently, there is no way to pass CA cert for HTTPS glance connections. This patch adds new cinder.conf option to enable secure connection. Closes-Bug: 1311271 DocImpact - New option added to cinder.conf Change-Id: I3f39980b94ae314c6351c77f8668ab0922b1c3d8
2014-04-21 23:09:32 -04:00 · 2014-04-21 23:09:32 -04:00 · 883f0f7a3b
commit 883f0f7a3b
parent 79b6b98f21
3 changed files with 8 additions and 0 deletions
--- a/cinder/common/config.py
+++ b/cinder/common/config.py
@ -100,6 +100,9 @@ global_opts = [
                     'can improve data throughput, such as when high '
                     'network bandwidth is available and you use '
                     'compressed image formats like qcow2.'),
+    cfg.StrOpt('glance_ca_certificates_file',
+               help='Location of ca certificates file to use for glance '
+                    'client requests.'),
    cfg.IntOpt('glance_request_timeout',
               default=None,
               help='http/https timeout value for glance operations. If no '
--- a/cinder/image/glance.py
+++ b/cinder/image/glance.py
@ -84,6 +84,7 @@ def _create_glance_client(context, netloc, use_ssl,
        # https specific params
        params['insecure'] = CONF.glance_api_insecure
        params['ssl_compression'] = CONF.glance_api_ssl_compression
+        params['cacert'] = CONF.glance_ca_certificates_file
    else:
        scheme = 'http'
    if CONF.auth_strategy == 'keystone':
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@ -501,6 +501,10 @@
 # value)
 #glance_api_ssl_compression=false

+# Location of ca certificates file to use for glance client
+# requests. (string value)
+#glance_ca_certificates_file=<None>
+
 # http/https timeout value for glance operations. If no value
 # (None) is supplied here, the glanceclient default value is
 # used. (integer value)