From 4edf0f42c723917c150918a955311b57e6148c7f Mon Sep 17 00:00:00 2001 From: Paul Ward Date: Fri, 18 Apr 2014 14:57:38 -0500 Subject: [PATCH] Add nova_ca_certificates_file option to neutron Previously, neutron had no way to pass a certificates file to the novaclient. This change is to add that ability, similar to the way you can pass a certificates file to neutronclient in nova.conf via neturon_ca_certificates_file. Change-Id: I1a3f85505eb44bee604900301af79d773e1952a3 Closes-Bug: #1309694 --- etc/neutron.conf | 3 +++ neutron/common/config.py | 3 +++ neutron/notifiers/nova.py | 1 + 3 files changed, 7 insertions(+) diff --git a/etc/neutron.conf b/etc/neutron.conf index f116cdfd35..119641b746 100644 --- a/etc/neutron.conf +++ b/etc/neutron.conf @@ -320,6 +320,9 @@ notification_driver = neutron.openstack.common.notifier.rpc_notifier # Authorization URL for connection to nova in admin context. # nova_admin_auth_url = +# CA file for novaclient to verify server certificates +# nova_ca_certificates_file = + # Boolean to control ignoring SSL errors on the nova url # nova_api_insecure = False diff --git a/neutron/common/config.py b/neutron/common/config.py index 2ac76dad12..c38a1c13c1 100644 --- a/neutron/common/config.py +++ b/neutron/common/config.py @@ -100,6 +100,9 @@ core_opts = [ default='http://localhost:5000/v2.0', help=_('Authorization URL for connecting to nova in admin ' 'context')), + cfg.StrOpt('nova_ca_certificates_file', + default=None, + help=_('CA file for novaclient to verify server certificates')), cfg.BoolOpt('nova_api_insecure', default=False, help=_("If True, ignore any SSL validation issues")), cfg.StrOpt('nova_region_name', diff --git a/neutron/notifiers/nova.py b/neutron/notifiers/nova.py index 8633c990c7..bcb253ccfa 100644 --- a/neutron/notifiers/nova.py +++ b/neutron/notifiers/nova.py @@ -49,6 +49,7 @@ class Notifier(object): project_id=None, tenant_id=cfg.CONF.nova_admin_tenant_id, auth_url=cfg.CONF.nova_admin_auth_url, + cacert=cfg.CONF.nova_ca_certificates_file, insecure=cfg.CONF.nova_api_insecure, bypass_url=bypass_url, region_name=cfg.CONF.nova_region_name,