Support no validation of internal SSL endpoints
If self-signed certificates are used for internal endpoints the current implementation will fail as there is no option to turn off the certificate validation. This patch implements a new variable to do so. Change-Id: I64a80716a8636ab978071e9e6c7aaa19962547ec
This commit is contained in:
parent
918331e28f
commit
8b7fc595e7
@ -91,6 +91,9 @@ cinder_enable_v1_api: true
|
|||||||
cinder_enable_v2_api: true
|
cinder_enable_v2_api: true
|
||||||
cinder_enable_v3_api: true
|
cinder_enable_v3_api: true
|
||||||
|
|
||||||
|
## Cinder API check cert validation
|
||||||
|
cinder_service_internaluri_insecure: false
|
||||||
|
|
||||||
## Cinder api service type and data
|
## Cinder api service type and data
|
||||||
cinder_service_name: cinder
|
cinder_service_name: cinder
|
||||||
cinder_service_project_domain_id: default
|
cinder_service_project_domain_id: default
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The ability to disable the certificate validation when checking
|
||||||
|
and interacting with the internal cinder endpoint has been
|
||||||
|
implemented. In order to do so, set the following in
|
||||||
|
``/etc/openstack_deploy/user_variables.yml``.
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
cinder_service_internaluri_insecure: yes
|
@ -17,8 +17,9 @@
|
|||||||
uri:
|
uri:
|
||||||
url: "{{ cinder_service_internaluri }}"
|
url: "{{ cinder_service_internaluri }}"
|
||||||
status_code: 200,300
|
status_code: 200,300
|
||||||
|
validate_certs: "{{ cinder_service_internaluri_insecure | bool }}"
|
||||||
register: api_status
|
register: api_status
|
||||||
until: api_status |success
|
until: api_status | success
|
||||||
retries: 10
|
retries: 10
|
||||||
delay: 10
|
delay: 10
|
||||||
|
|
||||||
@ -30,22 +31,28 @@
|
|||||||
- name: Add in cinder devices types
|
- name: Add in cinder devices types
|
||||||
shell: |
|
shell: |
|
||||||
. {{ ansible_env.HOME }}/openrc
|
. {{ ansible_env.HOME }}/openrc
|
||||||
if ! {{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-list | grep " {{ item.key }} "; then
|
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-create "{{ item.key }}"
|
if ! {{ cinder_bin }}/cinder ${CLI_OPTIONS} type-list | grep " {{ item.key }} "; then
|
||||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-key "{{ item.key }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-create "{{ item.key }}"
|
||||||
|
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-key "{{ item.key }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
||||||
fi
|
fi
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
with_dict: "{{ _cinder_backends|default({}) }}"
|
with_dict: "{{ _cinder_backends|default({}) }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Add extra cinder volume types
|
- name: Add extra cinder volume types
|
||||||
shell: |
|
shell: |
|
||||||
. {{ ansible_env.HOME }}/openrc
|
. {{ ansible_env.HOME }}/openrc
|
||||||
|
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||||
{% for evtype in item.value.extra_volume_types %}
|
{% for evtype in item.value.extra_volume_types %}
|
||||||
if ! {{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-list | grep " {{ evtype }} "; then
|
if ! {{ cinder_bin }}/cinder ${CLI_OPTIONS} type-list | grep " {{ evtype }} "; then
|
||||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-create "{{ evtype }}"
|
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-create "{{ evtype }}"
|
||||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-key "{{ evtype }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-key "{{ evtype }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
||||||
fi
|
fi
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
with_dict: "{{ _cinder_backends|default({}) }}"
|
with_dict: "{{ _cinder_backends|default({}) }}"
|
||||||
when: item.value.extra_volume_types is defined
|
when: item.value.extra_volume_types is defined
|
||||||
|
|
||||||
|
@ -16,9 +16,12 @@
|
|||||||
- name: Add in cinder qos types
|
- name: Add in cinder qos types
|
||||||
shell: |
|
shell: |
|
||||||
. {{ ansible_env.HOME }}/openrc
|
. {{ ansible_env.HOME }}/openrc
|
||||||
|
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||||
{{ cinder_bin }}/cinder qos-list | grep {{ item.name }} || \
|
{{ cinder_bin }}/cinder qos-list | grep {{ item.name }} || \
|
||||||
{{ cinder_bin }}/cinder qos-create {{ item.name }}\
|
{{ cinder_bin }}/cinder qos-create {{ item.name }}\
|
||||||
{% for k,v in item.options.iteritems() %} {{ k }}={{ v }}{% endfor %}
|
{% for k,v in item.options.iteritems() %} {{ k }}={{ v }}{% endfor %}
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
with_items: "{{ cinder_qos_specs }}"
|
with_items: "{{ cinder_qos_specs }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
tags:
|
tags:
|
||||||
@ -27,11 +30,14 @@
|
|||||||
- name: Associate qos types to volume types
|
- name: Associate qos types to volume types
|
||||||
shell: |
|
shell: |
|
||||||
. {{ ansible_env.HOME }}/openrc
|
. {{ ansible_env.HOME }}/openrc
|
||||||
|
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||||
{% for vtype in item.cinder_volume_types %}
|
{% for vtype in item.cinder_volume_types %}
|
||||||
{{ cinder_bin }}/cinder qos-associate \
|
{{ cinder_bin }}/cinder qos-associate \
|
||||||
$({{ cinder_bin }}/cinder qos-list | grep {{ item.name }} | grep -oE "{{ _UUID_regex }}") \
|
$({{ cinder_bin }}/cinder qos-list | grep {{ item.name }} | grep -oE "{{ _UUID_regex }}") \
|
||||||
$({{ cinder_bin }}/cinder type-list | grep {{ vtype }} | grep -oE "{{ _UUID_regex }}")
|
$({{ cinder_bin }}/cinder type-list | grep {{ vtype }} | grep -oE "{{ _UUID_regex }}")
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
with_items: "{{ cinder_qos_specs }}"
|
with_items: "{{ cinder_qos_specs }}"
|
||||||
when:
|
when:
|
||||||
- item.cinder_volume_types is defined
|
- item.cinder_volume_types is defined
|
||||||
|
Loading…
Reference in New Issue
Block a user