diff options
author | Toshio Kuratomi <toshio@fedoraproject.org> | 2015-03-12 12:53:48 -0700 |
---|---|---|
committer | Toshio Kuratomi <toshio@fedoraproject.org> | 2015-03-12 12:53:48 -0700 |
commit | 3a6cc86578da7ea459dac38965692bad6a649ec9 (patch) | |
tree | 0e0693eaedb8fa963c8fba934eb2576e3c4dc934 | |
parent | 1add8ed9e5ae96dfe9114861e6ccead33710a8a2 (diff) | |
download | ansible-modules-core-docker-tls-alt-854.tar.gz |
Fix for problems found by @dguerridocker-tls-alt-854
* TLSConfig['verify'] has to be set to False if we're only encrypting the
connection, not verifying the host.
* tls_hostname was not set if tls_ca_cert was not present
https://github.com/ansible/ansible-modules-core/pull/926#issuecomment-78573877
-rw-r--r-- | cloud/docker/docker.py | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/cloud/docker/docker.py b/cloud/docker/docker.py index 2815f580..802ecbb8 100644 --- a/cloud/docker/docker.py +++ b/cloud/docker/docker.py @@ -567,19 +567,18 @@ class DockerManager(object): if not tls_ca_cert and env_cert_path: tls_ca_cert = os.path.join(env_cert_path, 'ca.pem') - if tls_ca_cert: - tls_hostname = module.params.get('tls_hostname') - if tls_hostname is None: - if env_docker_hostname: - tls_hostname = env_docker_hostname + tls_hostname = module.params.get('tls_hostname') + if tls_hostname is None: + if env_docker_hostname: + tls_hostname = env_docker_hostname + else: + parsed_url = urlparse(docker_url) + if ':' in parsed_url.netloc: + tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')] else: - parsed_url = urlparse(docker_url) - if ':' in parsed_url.netloc: - tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')] - else: - tls_hostname = parsed_url - if not tls_hostname: - tls_hostname = True + tls_hostname = parsed_url + if not tls_hostname: + tls_hostname = True # use_tls can be one of four values: # no: Do not use tls @@ -610,8 +609,10 @@ class DockerManager(object): else: params['verify'] = True params['assert_hostname'] = tls_hostname + elif use_tls == 'encrpyt': + params['verify'] = False - if params or use_tls == 'encrypt': + if params: # See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296 docker_url = docker_url.replace('tcp://', 'https://') tls_config = docker.tls.TLSConfig(**params) |