Merge "Avoid self-signed cert creation for HTTPS"
This commit is contained in:
commit
4189d9a116
|
@ -2320,6 +2320,10 @@ CERT_MODE_TO_SECRET_NAME = {
|
|||
CERT_MODE_OPENLDAP: OPENLDAP_CERT_SECRET_NAME
|
||||
}
|
||||
|
||||
# Create RestAPI/GUI and Docker Registry certificates from bootstrap
|
||||
CREATE_PLATFORM_CERTIFICATES_IN_BOOTSTRAP = os.path.join(tsc.CONFIG_PATH,
|
||||
".create_platform_certificates")
|
||||
|
||||
# Storage associated networks
|
||||
SB_SUPPORTED_NETWORKS = {
|
||||
SB_TYPE_CEPH: [NETWORK_TYPE_MGMT, NETWORK_TYPE_CLUSTER_HOST]
|
||||
|
|
|
@ -2389,6 +2389,12 @@ def is_fqdn_ready_to_use():
|
|||
return False
|
||||
|
||||
|
||||
def is_platform_certificates_creation_enabled():
|
||||
"""Check if RestAPI/GUI and Docker Registry are to be created by bootstrap
|
||||
"""
|
||||
return os.path.isfile(constants.CREATE_PLATFORM_CERTIFICATES_IN_BOOTSTRAP)
|
||||
|
||||
|
||||
def is_std_system(dbapi):
|
||||
system = dbapi.isystem_get_one()
|
||||
return system.system_type == constants.TIS_STD_BUILD
|
||||
|
|
|
@ -8765,15 +8765,16 @@ class ConductorManager(service.PeriodicService):
|
|||
:param context: an admin context.
|
||||
"""
|
||||
personalities = [constants.CONTROLLER]
|
||||
system = self.dbapi.isystem_get_one()
|
||||
|
||||
if system.capabilities.get('https_enabled', False):
|
||||
certificates = self.dbapi.certificate_get_list()
|
||||
for certificate in certificates:
|
||||
if certificate.certtype == constants.CERT_MODE_SSL:
|
||||
break
|
||||
else:
|
||||
self._config_selfsigned_certificate(context)
|
||||
if not cutils.is_platform_certificates_creation_enabled():
|
||||
system = self.dbapi.isystem_get_one()
|
||||
if system.capabilities.get('https_enabled', False):
|
||||
certificates = self.dbapi.certificate_get_list()
|
||||
for certificate in certificates:
|
||||
if certificate.certtype == constants.CERT_MODE_SSL:
|
||||
break
|
||||
else:
|
||||
self._config_selfsigned_certificate(context)
|
||||
|
||||
config_dict = {
|
||||
"personalities": personalities,
|
||||
|
|
Loading…
Reference in New Issue