summaryrefslogtreecommitdiff
path: root/ironic_python_agent/api
diff options
context:
space:
mode:
authorDmitry Tantsur <dtantsur@protonmail.com>2020-09-04 13:52:27 +0200
committerDmitry Tantsur <dtantsur@protonmail.com>2020-09-11 17:46:52 +0200
commit021e0a6a4660135f06fc7c4d0a4b0c76b8772a7f (patch)
tree4c6fdfd0c076b4c2dd7a328b10caa6896dffe236 /ironic_python_agent/api
parent6a8056414ef0e353555df396417989aa054114ea (diff)
downloadironic-python-agent-021e0a6a4660135f06fc7c4d0a4b0c76b8772a7f.tar.gz
Generate a TLS certificate and send it to ironic
Adds a new flag (on by default) that enables generating a TLS certificate and sending it to ironic via heartbeat. Whether ironic supports auto-generated certificates is determined by checking its API version. Change-Id: I01f83dd04cfec2adc9e2a6b9c531391773ed36e5 Depends-On: https://review.opendev.org/747136 Depends-On: https://review.opendev.org/749975 Story: #2007214 Task: #40604
Diffstat (limited to 'ironic_python_agent/api')
-rw-r--r--ironic_python_agent/api/app.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/ironic_python_agent/api/app.py b/ironic_python_agent/api/app.py
index a379a7e0..467f8d9c 100644
--- a/ironic_python_agent/api/app.py
+++ b/ironic_python_agent/api/app.py
@@ -16,6 +16,7 @@ import json
from ironic_lib import metrics_utils
from oslo_log import log
+from oslo_service import sslutils
from oslo_service import wsgi
import werkzeug
from werkzeug import exceptions as http_exc
@@ -126,12 +127,20 @@ class Application(object):
response = self.handle_exception(environ, exc)
return response(environ, start_response)
- def start(self):
+ def start(self, tls_cert_file=None, tls_key_file=None):
"""Start the API service in the background."""
+ if tls_cert_file and tls_key_file:
+ sslutils.register_opts(self._conf)
+ self._conf.set_override('cert_file', tls_cert_file, group='ssl')
+ self._conf.set_override('key_file', tls_key_file, group='ssl')
+ use_tls = True
+ else:
+ use_tls = self._conf.listen_tls
+
self.service = wsgi.Server(self._conf, 'ironic-python-agent', app=self,
host=self.agent.listen_address.hostname,
port=self.agent.listen_address.port,
- use_ssl=self._conf.listen_tls)
+ use_ssl=use_tls)
self.service.start()
LOG.info('Started API service on port %s',
self.agent.listen_address.port)
View Lorry Controller Status