Support no validation of internal SSL endpoints
If self-signed certificates are used for internal endpoints the current implementation will fail as there is no option to turn off the certificate validation. This patch implements a new variable to do so. Change-Id: I64a80716a8636ab978071e9e6c7aaa19962547ec
This commit is contained in:
parent
918331e28f
commit
8b7fc595e7
@ -91,6 +91,9 @@ cinder_enable_v1_api: true
|
||||
cinder_enable_v2_api: true
|
||||
cinder_enable_v3_api: true
|
||||
|
||||
## Cinder API check cert validation
|
||||
cinder_service_internaluri_insecure: false
|
||||
|
||||
## Cinder api service type and data
|
||||
cinder_service_name: cinder
|
||||
cinder_service_project_domain_id: default
|
||||
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The ability to disable the certificate validation when checking
|
||||
and interacting with the internal cinder endpoint has been
|
||||
implemented. In order to do so, set the following in
|
||||
``/etc/openstack_deploy/user_variables.yml``.
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
cinder_service_internaluri_insecure: yes
|
@ -17,6 +17,7 @@
|
||||
uri:
|
||||
url: "{{ cinder_service_internaluri }}"
|
||||
status_code: 200,300
|
||||
validate_certs: "{{ cinder_service_internaluri_insecure | bool }}"
|
||||
register: api_status
|
||||
until: api_status | success
|
||||
retries: 10
|
||||
@ -30,22 +31,28 @@
|
||||
- name: Add in cinder devices types
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
if ! {{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-list | grep " {{ item.key }} "; then
|
||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-create "{{ item.key }}"
|
||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-key "{{ item.key }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
||||
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||
if ! {{ cinder_bin }}/cinder ${CLI_OPTIONS} type-list | grep " {{ item.key }} "; then
|
||||
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-create "{{ item.key }}"
|
||||
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-key "{{ item.key }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
with_dict: "{{ _cinder_backends|default({}) }}"
|
||||
changed_when: false
|
||||
|
||||
- name: Add extra cinder volume types
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||
{% for evtype in item.value.extra_volume_types %}
|
||||
if ! {{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-list | grep " {{ evtype }} "; then
|
||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-create "{{ evtype }}"
|
||||
{{ cinder_bin }}/cinder {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} type-key "{{ evtype }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
||||
if ! {{ cinder_bin }}/cinder ${CLI_OPTIONS} type-list | grep " {{ evtype }} "; then
|
||||
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-create "{{ evtype }}"
|
||||
{{ cinder_bin }}/cinder ${CLI_OPTIONS} type-key "{{ evtype }}" set volume_backend_name="{{ item.value.volume_backend_name }}"
|
||||
fi
|
||||
{% endfor %}
|
||||
args:
|
||||
executable: /bin/bash
|
||||
with_dict: "{{ _cinder_backends|default({}) }}"
|
||||
when: item.value.extra_volume_types is defined
|
||||
|
||||
|
@ -16,9 +16,12 @@
|
||||
- name: Add in cinder qos types
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||
{{ cinder_bin }}/cinder qos-list | grep {{ item.name }} || \
|
||||
{{ cinder_bin }}/cinder qos-create {{ item.name }}\
|
||||
{% for k,v in item.options.iteritems() %} {{ k }}={{ v }}{% endfor %}
|
||||
args:
|
||||
executable: /bin/bash
|
||||
with_items: "{{ cinder_qos_specs }}"
|
||||
changed_when: false
|
||||
tags:
|
||||
@ -27,11 +30,14 @@
|
||||
- name: Associate qos types to volume types
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
CLI_OPTIONS="{{ ((keystone_service_adminuri_insecure | bool) or (cinder_service_internaluri_insecure | bool)) | ternary('--insecure','') }}"
|
||||
{% for vtype in item.cinder_volume_types %}
|
||||
{{ cinder_bin }}/cinder qos-associate \
|
||||
$({{ cinder_bin }}/cinder qos-list | grep {{ item.name }} | grep -oE "{{ _UUID_regex }}") \
|
||||
$({{ cinder_bin }}/cinder type-list | grep {{ vtype }} | grep -oE "{{ _UUID_regex }}")
|
||||
{% endfor %}
|
||||
args:
|
||||
executable: /bin/bash
|
||||
with_items: "{{ cinder_qos_specs }}"
|
||||
when:
|
||||
- item.cinder_volume_types is defined
|
||||
|
Loading…
Reference in New Issue
Block a user