If listen_tls is true, enable TLS on wsgi server

This change enables operators to set [DEFAULT]listen_tls to
true configure IPA to be host its WSGI server over TLS using
existing SSL support in oslo.service.

In addition to configuring this in IPA, a deployer will need to
also set [ssl]cert_file, [ssl]key_file, and optionally
[ssl]ca_file in their ipa config, in addition to embedding those
files into the IPA ramdisk in order for this to be functional.

In order to make this change work, we also need to monkey patch
socket library early, or else oslo.service will end up passing an
unpatched socket to the eventlet wsgi server, which causes
deadlocks.

Change-Id: Ib7decae410915f3c27b045ee08538c94d455b030

1 files changed, 2 insertions, 1 deletions

diff --git a/ironic_python_agent/api/app.py b/ironic_python_agent/api/app.py
index a4575ce7..a379a7e0 100644
--- a/ironic_python_agent/api/app.py
+++ b/ironic_python_agent/api/app.py
@@ -130,7 +130,8 @@ class Application(object):
         """Start the API service in the background."""
         self.service = wsgi.Server(self._conf, 'ironic-python-agent', app=self,
                                    host=self.agent.listen_address.hostname,
-                                   port=self.agent.listen_address.port)
+                                   port=self.agent.listen_address.port,
+                                   use_ssl=self._conf.listen_tls)
         self.service.start()
         LOG.info('Started API service on port %s',
                  self.agent.listen_address.port)