Browse code
Merge "Enable certificate check for glance_store+swift"
Zuul authored on 2020/06/24 01:47:11Showing 1 changed files
| ... | ... |
@@ -186,25 +186,19 @@ function configure_glance {
|
| 186 | 186 |
if is_service_enabled s-proxy; then |
| 187 | 187 |
iniset $GLANCE_API_CONF glance_store default_store swift |
| 188 | 188 |
iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True |
| 189 |
- if python3_enabled; then |
|
| 190 |
- iniset $GLANCE_API_CONF glance_store swift_store_auth_insecure True |
|
| 191 |
- fi |
|
| 192 | 189 |
|
| 193 | 190 |
iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF |
| 194 | 191 |
iniset $GLANCE_API_CONF glance_store default_swift_reference ref1 |
| 195 | 192 |
iniset $GLANCE_API_CONF glance_store stores "file, http, swift" |
| 193 |
+ if is_service_enabled tls-proxy; then |
|
| 194 |
+ iniset $GLANCE_API_CONF glance_store swift_store_cacert $SSL_BUNDLE_FILE |
|
| 195 |
+ fi |
|
| 196 | 196 |
iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" |
| 197 | 197 |
|
| 198 | 198 |
iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift |
| 199 | 199 |
|
| 200 | 200 |
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD |
| 201 |
- if python3_enabled; then |
|
| 202 |
- # NOTE(dims): Currently the glance_store+swift does not support either an insecure flag |
|
| 203 |
- # or ability to specify the CACERT. So fallback to http:// url |
|
| 204 |
- iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address ${KEYSTONE_SERVICE_URI/https/http}/v3
|
|
| 205 |
- else |
|
| 206 |
- iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3 |
|
| 207 |
- fi |
|
| 201 |
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3 |
|
| 208 | 202 |
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3 |
| 209 | 203 |
fi |
| 210 | 204 |
|