diff options
author | Dmitry Tantsur <dtantsur@protonmail.com> | 2020-09-04 13:52:27 +0200 |
---|---|---|
committer | Dmitry Tantsur <dtantsur@protonmail.com> | 2020-09-11 17:46:52 +0200 |
commit | 021e0a6a4660135f06fc7c4d0a4b0c76b8772a7f (patch) | |
tree | 4c6fdfd0c076b4c2dd7a328b10caa6896dffe236 /ironic_python_agent/api | |
parent | 6a8056414ef0e353555df396417989aa054114ea (diff) | |
download | ironic-python-agent-021e0a6a4660135f06fc7c4d0a4b0c76b8772a7f.tar.gz |
Generate a TLS certificate and send it to ironic
Adds a new flag (on by default) that enables generating a TLS
certificate and sending it to ironic via heartbeat. Whether
ironic supports auto-generated certificates is determined by
checking its API version.
Change-Id: I01f83dd04cfec2adc9e2a6b9c531391773ed36e5
Depends-On: https://review.opendev.org/747136
Depends-On: https://review.opendev.org/749975
Story: #2007214
Task: #40604
Diffstat (limited to 'ironic_python_agent/api')
-rw-r--r-- | ironic_python_agent/api/app.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/ironic_python_agent/api/app.py b/ironic_python_agent/api/app.py index a379a7e0..467f8d9c 100644 --- a/ironic_python_agent/api/app.py +++ b/ironic_python_agent/api/app.py @@ -16,6 +16,7 @@ import json from ironic_lib import metrics_utils from oslo_log import log +from oslo_service import sslutils from oslo_service import wsgi import werkzeug from werkzeug import exceptions as http_exc @@ -126,12 +127,20 @@ class Application(object): response = self.handle_exception(environ, exc) return response(environ, start_response) - def start(self): + def start(self, tls_cert_file=None, tls_key_file=None): """Start the API service in the background.""" + if tls_cert_file and tls_key_file: + sslutils.register_opts(self._conf) + self._conf.set_override('cert_file', tls_cert_file, group='ssl') + self._conf.set_override('key_file', tls_key_file, group='ssl') + use_tls = True + else: + use_tls = self._conf.listen_tls + self.service = wsgi.Server(self._conf, 'ironic-python-agent', app=self, host=self.agent.listen_address.hostname, port=self.agent.listen_address.port, - use_ssl=self._conf.listen_tls) + use_ssl=use_tls) self.service.start() LOG.info('Started API service on port %s', self.agent.listen_address.port) |