Added CA certificate option to support SSL Overcloud endpoints

When SSL is enabled on the Overcloud endpoints, requests from within the Python virtual environments fail with the error: "SSL: CERTIFICATE_VERIFY_FAILED" Added new variable "overcloud_ca_path" to provide support for SSL enabled Overcloud endpoints. If the variable is defined, each of the 4 python virtual environments will have a line appended to their activation file that exports the environment variable REQUESTS_CA_BUNDLE pointing to the provided certificate path. Python requests will then use this CA cert, allowing Overcloud API calls to succeed. Change-Id: I75446a5544dcbeb86567a405c5bf183298b86abf Closes-Bug: #1612442
2016-08-12 17:08:19 -04:00 · 2016-08-12 17:08:19 -04:00 · cb22b13212
commit cb22b13212
parent 6efffa4f53
2 changed files with 27 additions and 0 deletions
--- a/ansible/install/group_vars/all.yml
+++ b/ansible/install/group_vars/all.yml
@ -16,6 +16,9 @@ local_remote_user: stack
 # The Overcloud RC file
 overcloudrc: /home/stack/overcloudrc

+# The Overcloud CA cert file
+# overcloud_ca_path: /etc/pki/ca-trust/source/anchors/overcloud.crt.pem
+
 # The default Browbeat venv
 browbeat_venv: /home/stack/browbeat-venv

--- a/ansible/install/roles/browbeat/tasks/main.yml
+++ b/ansible/install/roles/browbeat/tasks/main.yml
@ -43,6 +43,30 @@
 - name: Create shaker virtualenv
  command: virtualenv {{ shaker_venv }} creates={{ shaker_venv }}

+- name: Setup browbeat-venv CA certificate path
+  lineinfile:
+    dest: {{ browbeat_venv }}/bin/activate
+    line: 'export REQUESTS_CA_BUNDLE={{ overcloud_ca_path }}'
+  when: overcloud_ca_path is defined
+
+- name: Setup perfkit-venv CA certificate path
+  lineinfile:
+    dest: {{ perfkit_venv }}/bin/activate
+    line: 'export REQUESTS_CA_BUNDLE={{ overcloud_ca_path }}'
+  when: overcloud_ca_path is defined
+
+- name: Setup rally-venv CA certificate path
+  lineinfile:
+    dest: {{ rally_venv }}/bin/activate
+    line: 'export REQUESTS_CA_BUNDLE={{ overcloud_ca_path }}'
+  when: overcloud_ca_path is defined
+
+- name: Setup shaker-venv CA certificate path
+  lineinfile:
+    dest: {{ shaker_venv }}/bin/activate
+    line: 'export REQUESTS_CA_BUNDLE={{ overcloud_ca_path }}'
+  when: overcloud_ca_path is defined
+
 - name: Determine if browbeat directory exists already
  stat: path={{ browbeat_path }}
  register: browbeat_exists