ea77b5f857
Metadata service in the NSX-V plugin is handled by a Edge DHCP or router VM. Currently the traffic between nova and the metadata service is insecure. This patch adds the SSL support for metadata service which will make the connection secure. The certificate used for secure communication will be created on the VC under the edge scope. If user does not supply the certificate and private key for secure communication, a self signed certificate will be generated in the backend. This self signed certificate will last for a period of 10yrs. A certifcate with the given details will be created in the backend if such a configuration exists in nsx.ini Appropriate config is pushed for the loadbalancer with the protocol set to HTTPS if SSL is enabled for metadata service. DocImpact Change-Id: I5582cc1186ef4b8451f999b46e55bc2c684b1be3
55 lines
2.0 KiB
Python
55 lines
2.0 KiB
Python
# Copyright 2014 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# Edge size
|
|
COMPACT = 'compact'
|
|
LARGE = 'large'
|
|
XLARGE = 'xlarge'
|
|
QUADLARGE = 'quadlarge'
|
|
|
|
|
|
SHARED = "shared"
|
|
EXCLUSIVE = "exclusive"
|
|
|
|
# Edge type
|
|
SERVICE_EDGE = 'service'
|
|
VDR_EDGE = 'vdr'
|
|
|
|
# Internal element purpose
|
|
INTER_EDGE_PURPOSE = 'inter_edge_net'
|
|
|
|
# etc
|
|
INTERNAL_TENANT_ID = 'a1b2c3d4-e5f6-eeff-ffee-6f5e4d3c2b1a'
|
|
|
|
# L2 gateway edge name prefix
|
|
L2_GATEWAY_EDGE = 'L2 bridging'
|
|
|
|
# LoadBalancer Certificate constants
|
|
#NOTE(abhiraut): Number of days specify the total number of days for which the
|
|
# the certificate will be active. This certificate will expire
|
|
# in 10 years. Once the backend API allows creation of certs
|
|
# which do not expire, the following constant should be removed.
|
|
CERT_NUMBER_OF_DAYS = 3650
|
|
CSR_REQUEST = ("<csr><subject>"
|
|
"<attribute><key>CN</key><value>metadata.nsx.local</value>"
|
|
"</attribute>"
|
|
"<attribute><key>O</key><value>Organization</value></attribute>"
|
|
"<attribute><key>OU</key><value>Unit</value></attribute>"
|
|
"<attribute><key>L</key><value>Locality</value></attribute>"
|
|
"<attribute><key>ST</key><value>State</value></attribute>"
|
|
"<attribute><key>C</key><value>US</value></attribute>"
|
|
"</subject><algorithm>RSA</algorithm><keySize>2048</keySize>"
|
|
"</csr>")
|