From fdd11b54a5e3d7a9ee89628baba2990e4e00abdd Mon Sep 17 00:00:00 2001
From: Pavlo Shchelokovskyy <shchelokovskyy@gmail.com>
Date: Thu, 17 Nov 2016 13:26:28 +0200
Subject: Configure and use SSL-related requests options

This patch adds standard SSL options to IPA config and makes use of them
when making HTTP requests.

For now, a single set of certificates is used when needed.
In the future configuration can be expanded to allow per-service
certificates.

Besides, the 'insecure' option (defaults to False) can be overridden
through kernel command line parameter 'ipa-insecure'.
This will allow running IPA in CI-like environments with self-signed SSL
certificates.

Change-Id: I259d9b3caa9ba1dc3d7382f375b8e086a5348d80
Closes-Bug: #1642515
---
 ironic_python_agent/agent.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ironic_python_agent/agent.py')

diff --git a/ironic_python_agent/agent.py b/ironic_python_agent/agent.py
index 281c4803..8aa1f77b 100644
--- a/ironic_python_agent/agent.py
+++ b/ironic_python_agent/agent.py
@@ -162,6 +162,9 @@ class IronicPythonAgent(base.ExecuteCommandMixin):
                  lookup_timeout, lookup_interval, standalone,
                  hardware_initialization_delay=0):
         super(IronicPythonAgent, self).__init__()
+        if bool(cfg.CONF.keyfile) != bool(cfg.CONF.certfile):
+            LOG.warning("Only one of 'keyfile' and 'certfile' options is "
+                        "defined in config file. Its value will be ignored.")
         self.ext_mgr = extension.ExtensionManager(
             namespace='ironic_python_agent.extensions',
             invoke_on_load=True,
-- 
cgit v1.2.1