diff options
| author | Dmitry Tantsur <dtantsur@protonmail.com> | 2020-08-20 12:26:08 +0200 |
|---|---|---|
| committer | Dmitry Tantsur <dtantsur@protonmail.com> | 2020-09-09 17:27:30 +0200 |
| commit | 2b676a68640d47c7883214a622971b4638670a6b (patch) | |
| tree | b8d09ee957c1be7eb66f55bd532daa696c75cfb6 /ironic/conductor/rpcapi.py | |
| parent | f6b65cb68fbfa306f3fa6bb5dc5a658d519eed88 (diff) | |
| download | ironic-2b676a68640d47c7883214a622971b4638670a6b.tar.gz | |
Accept and use a TLS certificate from the agent
Accepts the certificate from a heartbeat and stores its path in
driver_internal_info for further usage by the agent client (or
any 3rd party deploy implementations).
Similarly to agent_url, the certificate is protected from further
changes (unless the local copy does not exist) and is removed
on reboot or tear down (unless fast-tracking).
Change-Id: I81b326116e62cd86ad22b533f55d061e5ed53e96
Story: #2007214
Task: #40603
Diffstat (limited to 'ironic/conductor/rpcapi.py')
| -rw-r--r-- | ironic/conductor/rpcapi.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ironic/conductor/rpcapi.py b/ironic/conductor/rpcapi.py index 8752914ac..16b66e637 100644 --- a/ironic/conductor/rpcapi.py +++ b/ironic/conductor/rpcapi.py @@ -103,13 +103,14 @@ class ConductorAPI(object): heartbeat | 1.50 - Added set_indicator_state, get_indicator_state and | get_supported_indicators. + | 1.51 - Added agent_verify_ca to heartbeat. """ # NOTE(rloo): This must be in sync with manager.ConductorManager's. # NOTE(pas-ha): This also must be in sync with # ironic.common.release_mappings.RELEASE_MAPPING['master'] - RPC_API_VERSION = '1.50' + RPC_API_VERSION = '1.51' def __init__(self, topic=None): super(ConductorAPI, self).__init__() @@ -898,7 +899,7 @@ class ConductorAPI(object): node_id=node_id, clean_steps=clean_steps) def heartbeat(self, context, node_id, callback_url, agent_version, - agent_token=None, topic=None): + agent_token=None, agent_verify_ca=None, topic=None): """Process a node heartbeat. :param context: request context. @@ -907,6 +908,7 @@ class ConductorAPI(object): :param topic: RPC topic. Defaults to self.topic. :param agent_token: randomly generated validation token. :param agent_version: the version of the agent that is heartbeating + :param agent_verify_ca: TLS certificate for the agent. :raises: InvalidParameterValue if an invalid agent token is received. """ new_kws = {} @@ -917,6 +919,9 @@ class ConductorAPI(object): if self.client.can_send_version('1.49'): version = '1.49' new_kws['agent_token'] = agent_token + if self.client.can_send_version('1.51'): + version = '1.51' + new_kws['agent_verify_ca'] = agent_verify_ca cctxt = self.client.prepare(topic=topic or self.topic, version=version) return cctxt.call(context, 'heartbeat', node_id=node_id, callback_url=callback_url, **new_kws) |