NSXAdminV3: Add message on client cert generation

When certificate is generated with nsxadmin, alert the user to restart neutron service, but only in case no previous certificate existed. If previous certificate was functional, neutron server will pick up certificate change on next request automatically. Change-Id: I79b390b32b570afdcf40b3cdd522566bca76027e
2018-07-03 15:49:33 -07:00 · 2018-07-03 15:49:33 -07:00 · 9d90a33ecd
commit 9d90a33ecd
parent 159a1d8f75
1 changed files with 7 additions and 0 deletions
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py
@ -113,11 +113,13 @@ def generate_cert(resource, event, trigger, **kwargs):
    subject[client_cert.CERT_SUBJECT_UNIT] = properties.get('org')
    subject[client_cert.CERT_SUBJECT_HOST] = properties.get('host')

+    regenerate = False
    with get_certificate_manager(**kwargs) as cert:
        if cert.exists():
            LOG.info("Deleting existing certificate")
            # Need to delete cert first
            cert.delete()
+            regenerate = True

        try:
            cert.generate(subject, key_size, valid_for_days, signature_alg)
@ -126,6 +128,11 @@ def generate_cert(resource, event, trigger, **kwargs):
            return

    LOG.info("Client certificate generated successfully")
+    if not regenerate:
+        # No certificate existed, so client authentication service was likely
+        # changed to true just now. The user must restart neutron to avoid
+        # failures.
+        LOG.info("Please restart neutron service")


@admin_utils.output_header