starlingx/utilities
Code Issues Proposed changes
StarlingX miscellaneous tools and utilities
182 Commits 14 Branches 21 Tags 11 MiB
Shell 53.5%
Python 39.3%
C 3.4%
Makefile 1.2%
HTML 1.1%
Other 1.3%
9f73cd4f9b
Go to file
Daniel Badea 9f73cd4f9b python-cephclient: use configured restful api plugin 
ceph-mgr restful plugin is using self-signed certificate when providing
HTTPS access to Ceph REST API.

Instead of retrieving and using this certificate python-cephclient is
currently a shortcut and disables verifying HTTPS requests for the
entire requests/urllib3 library. This was meant to be temporary shortcut
until proper handling of ceph-mgr restful plugin HTTPS certificates is
implemented.

This commit implements automatic python-cephclient restful plugin
certificate retrieval such that it is no longer necessary to disable
requests/urllib3 certificates verification.

Two options were available:

1. provide path to certificate file when creating an instance of
   CephClient() or CephWrapper() then use that value when creating
   a request session ('verify' attribute).

   This delegates the responsibility of providing a valid certificate to
   the caller/user of python-cephclient library. Because it implies an
   API update all StarlingX components using python-cephclient need to
   be updated.

   The certificate file itself is created when mgr-restful-plugin
   is started before ceph-mgr restful plugin service is configured
   to use it.

2. add support for retrieving the certificate by using 'ceph' commands
   similar to how user credentials and restful plugin endpoint are
   discovered.

   If there is an error in getting the certificate then the session
   certificate verification is temporarily disabled until the next
   request is made. This means that if the corresponding Ceph config-key
   'mgr/restful/{hostname}/crt' is removed then python-cephclient will
   incur the overhead of running 'ceph config-key get' before each
   request but this is an unlikely scenario in our case.

Option #2 was selected because it doesn't change existing API.

Change-Id: I68acb3e1d2fb8e2bb07c8d67e65b02d55a6716ca
Depends-on: I6e8ca93c7b51546d134a6eb221c282961ba50afa
Closes-bug: 1828470
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
2019-09-09 06:55:06 +00:00
ceph python-cephclient: use configured restful api plugin 2019-09-09 06:55:06 +00:00
security Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
tools Make platform.conf variables visible to collect.d service scripts 2019-08-13 13:47:23 -04:00
utilities Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
centos_guest_image_rt.inc Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
centos_guest_image.inc Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
centos_iso_image.inc Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
centos_pkg_dirs Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00