Merge "Add nova_ca_certificates_file option to neutron"

etc/neutron.conf

@@ -320,6 +320,9 @@ notification_driver = neutron.openstack.common.notifier.rpc_notifier
 # Authorization URL for connection to nova in admin context.
 # nova_admin_auth_url =
 
+# CA file for novaclient to verify server certificates
+# nova_ca_certificates_file =
+
 # Boolean to control ignoring SSL errors on the nova url
 # nova_api_insecure = False
 

neutron/common/config.py

@@ -100,6 +100,9 @@ core_opts = [
                default='http://localhost:5000/v2.0',
                help=_('Authorization URL for connecting to nova in admin '
                       'context')),
+    cfg.StrOpt('nova_ca_certificates_file',
+               default=None,
+               help=_('CA file for novaclient to verify server certificates')),
     cfg.BoolOpt('nova_api_insecure', default=False,
                 help=_("If True, ignore any SSL validation issues")),
     cfg.StrOpt('nova_region_name',

neutron/notifiers/nova.py

@@ -49,6 +49,7 @@ class Notifier(object):
             project_id=None,
             tenant_id=cfg.CONF.nova_admin_tenant_id,
             auth_url=cfg.CONF.nova_admin_auth_url,
+            cacert=cfg.CONF.nova_ca_certificates_file,
             insecure=cfg.CONF.nova_api_insecure,
             bypass_url=bypass_url,
             region_name=cfg.CONF.nova_region_name,