Skip to content

Commit

Permalink
tune SSL using in contrail-agent after testing
Browse files Browse the repository at this point in the history
  • Loading branch information
@Andrey-mp
Andrey-mp committed Aug 31, 2017
1 parent 7d6eccc commit 343c617
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions contrail-agent/hooks/contrail_agent_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,15 +228,16 @@ def provision_vrouter(op, self_ip=None):
ip = self_ip if self_ip else get_control_network_ip()
api_ip, api_port = get_controller_address()
identity = _load_json_from_config("auth_info")
use_ssl = "true" if config.get("ssl_enabled", False) else "false"
params = [
"contrail-provision-vrouter",
"--host_name", gethostname(),
"--host_ip", ip,
"--api_server_ip", api_ip,
"--api_server_port", str(api_port),
"--oper", op,
"--api_server_use_ssl", use_ssl]
"--api_server_use_ssl", "false"]
# api_server_use_ssl is needed only if contrail-api behind haproxy with
# ssl termination
if "keystone_admin_user" in identity:
params += [
"--admin_user", identity.get("keystone_admin_user"),
Expand Down Expand Up @@ -355,14 +356,17 @@ def update_unit_status():
ip = config.get("api_ip")
try:
params = ["curl", "-s"]
proto = "http"
ssl_enabled = config.get("ssl_enabled", False)
if ssl_enabled:
params.extend([
"--cacert", "/etc/contrail/ssl/certs/ca-cert.pem",
"--cert", "/etc/contrail/ssl/certs/server.pem",
"--key", "/etc/contrail/ssl/private/server-privkey.pem"
])
url = "http://{}:8083/Snh_ConfigClientReinitReq?".format(ip)
proto = "https"
url = ("{proto}://{ip}:8083/Snh_ConfigClientReinitReq?"
.format(proto=proto, ip=ip))
params.append(url)
check_call(params)
sleep(5)
Expand Down

0 comments on commit 343c617

Please sign in to comment.