diff options
author | Vincent Untz <vuntz@suse.com> | 2012-08-22 15:40:59 +0200 |
---|---|---|
committer | Vincent Untz <vuntz@suse.com> | 2012-08-27 08:48:18 +0200 |
commit | fa5be443bae880ab15d5079caa28d6862cbd13b9 (patch) | |
tree | c40e4f638deaec2b2215ec95560579593e4c3180 /plugins | |
parent | 68e9a9e351e5b7bc91148a939d470ba04a525020 (diff) | |
download | nova-fa5be443bae880ab15d5079caa28d6862cbd13b9.tar.gz nova-fa5be443bae880ab15d5079caa28d6862cbd13b9.tar.xz nova-fa5be443bae880ab15d5079caa28d6862cbd13b9.zip |
Allow connecting to a ssl-based glance
This introduces a new glance_api_insecure setting that can be used to
not verify the certificate of the glance server against the certificate
authorities.
Fix bug 1042081.
Change-Id: I0a9f081425854e9c01e00dfd641e42276c878c67
Diffstat (limited to 'plugins')
-rwxr-xr-x | plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 2f0050f11..a574bb406 100755 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -95,7 +95,7 @@ def _download_tarball_and_verify(request, staging_path): def _download_tarball(sr_path, staging_path, image_id, glance_host, - glance_port, auth_token): + glance_port, glance_use_ssl, auth_token): """Download the tarball image from Glance and extract it into the staging area. Retry if there is any failure. """ @@ -104,7 +104,12 @@ def _download_tarball(sr_path, staging_path, image_id, glance_host, if auth_token: headers['x-auth-token'] = auth_token - url = ("http://%(glance_host)s:%(glance_port)d/v1/images/" + if glance_use_ssl: + scheme = 'https' + else: + scheme = 'http' + + url = ("%(scheme)s://%(glance_host)s:%(glance_port)d/v1/images/" "%(image_id)s" % locals()) logging.info("Downloading %s" % url) @@ -117,14 +122,23 @@ def _download_tarball(sr_path, staging_path, image_id, glance_host, def _upload_tarball(staging_path, image_id, glance_host, glance_port, - auth_token, properties): + glance_use_ssl, auth_token, properties): """ Create a tarball of the image and then stream that into Glance using chunked-transfer-encoded HTTP. """ - url = 'http://%s:%s/v1/images/%s' % (glance_host, glance_port, image_id) + if glance_use_ssl: + scheme = 'https' + else: + scheme = 'http' + + url = '%s://%s:%s/v1/images/%s' % (scheme, glance_host, glance_port, + image_id) logging.info("Writing image data to %s" % url) - conn = httplib.HTTPConnection(glance_host, glance_port) + if glance_use_ssl: + conn = httplib.HTTPSConnection(glance_host, glance_port) + else: + conn = httplib.HTTPConnection(glance_host, glance_port) # NOTE(sirp): httplib under python2.4 won't accept a file-like object # to request @@ -196,6 +210,7 @@ def download_vhd(session, args): image_id = params["image_id"] glance_host = params["glance_host"] glance_port = params["glance_port"] + glance_use_ssl = params["glance_use_ssl"] uuid_stack = params["uuid_stack"] sr_path = params["sr_path"] auth_token = params["auth_token"] @@ -205,7 +220,7 @@ def download_vhd(session, args): # Download tarball into staging area and extract it _download_tarball( sr_path, staging_path, image_id, glance_host, glance_port, - auth_token) + glance_use_ssl, auth_token) # Move the VHDs from the staging area into the storage repository imported_vhds = utils.import_vhds(sr_path, staging_path, uuid_stack) @@ -225,6 +240,7 @@ def upload_vhd(session, args): image_id = params["image_id"] glance_host = params["glance_host"] glance_port = params["glance_port"] + glance_use_ssl = params["glance_use_ssl"] sr_path = params["sr_path"] auth_token = params["auth_token"] properties = params["properties"] @@ -233,7 +249,7 @@ def upload_vhd(session, args): try: utils.prepare_staging_area(sr_path, staging_path, vdi_uuids) _upload_tarball(staging_path, image_id, glance_host, glance_port, - auth_token, properties) + glance_use_ssl, auth_token, properties) finally: utils.cleanup_staging_area(staging_path) |