summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dovetail/container.py30
-rw-r--r--dovetail/utils/dovetail_utils.py19
2 files changed, 29 insertions, 20 deletions
diff --git a/dovetail/container.py b/dovetail/container.py
index 69dd5e9a..ca37d810 100644
--- a/dovetail/container.py
+++ b/dovetail/container.py
@@ -194,24 +194,20 @@ class Container(object):
cacert_volume = ""
https_enabled = dt_utils.check_https_enabled(cls.logger)
- cacert = os.getenv('OS_CACERT',)
- if https_enabled:
- cls.logger.info("https enabled...")
- if cacert is not None:
- if not os.path.isfile(cacert):
- cls.logger.error("Env variable 'OS_CACERT' is set to {} "
- "but the file does not exist."
- .format(cacert))
- return None
- elif not dovetail_config['config_dir'] in cacert:
- cls.logger.error("Credential file has to be put in {}, "
- "which can be mount into container."
- .format(dovetail_config['config_dir']))
- return None
+ cacert = os.getenv('OS_CACERT')
+ insecure = os.getenv('OS_INSECURE')
+ if cacert is not None:
+ if dt_utils.check_cacert_file(cacert, cls.logger):
cacert_volume = ' -v %s:%s ' % (cacert, cacert)
else:
- cls.logger.warn("https enabled, OS_CACERT not set, insecure "
- "connection used or OS_CACERT missed")
+ return None
+ elif https_enabled:
+ if insecure and insecure.lower() == 'true':
+ cls.logger.debug("Use the insecure mode...")
+ else:
+ cls.logger.error("https enabled, please set OS_CACERT or "
+ "insecure mode...")
+ return None
result_volume = ' -v %s:%s ' % (dovetail_config['result_dir'],
dovetail_config[type]['result']['dir'])
@@ -292,7 +288,7 @@ class Container(object):
return None
if cls.has_pull_latest_image[validate_type] is True:
cls.logger.debug(
- '{} is already the newest version.'.format(docker_image))
+ '{} is already the latest one.'.format(docker_image))
return docker_image
old_image_id = cls.get_image_id(docker_image)
if not cls.pull_image_only(docker_image):
diff --git a/dovetail/utils/dovetail_utils.py b/dovetail/utils/dovetail_utils.py
index 5c335679..97186da0 100644
--- a/dovetail/utils/dovetail_utils.py
+++ b/dovetail/utils/dovetail_utils.py
@@ -139,9 +139,9 @@ def get_ext_net_name(env_file, logger=None):
else:
https_enabled = check_https_enabled(logger)
insecure_option = ''
- insecure = os.getenv('OS_INSECURE',)
+ insecure = os.getenv('OS_INSECURE')
if https_enabled:
- logger.info("https enabled...")
+ logger.debug("https enabled...")
if insecure:
if insecure.lower() == "true":
insecure_option = ' --insecure '
@@ -311,7 +311,7 @@ def combine_files(file_path, result_file, logger=None):
def get_openstack_endpoint(logger=None):
https_enabled = check_https_enabled(logger)
insecure_option = ''
- insecure = os.getenv('OS_INSECURE',)
+ insecure = os.getenv('OS_INSECURE')
if https_enabled:
if insecure:
if insecure.lower() == "true":
@@ -333,3 +333,16 @@ def get_openstack_endpoint(logger=None):
except Exception:
logger.exception("Failed to write endpoint info into file.")
return None
+
+
+def check_cacert_file(cacert, logger=None):
+ if not os.path.isfile(cacert):
+ logger.error("OS_CACERT is {}, but the file does not exist."
+ .format(cacert))
+ return False
+ if not dt_cfg.dovetail_config['config_dir'] == os.path.dirname(cacert):
+ logger.error("Credential file must be put under {}, "
+ "which can be mounted into other container."
+ .format(dt_cfg.dovetail_config['config_dir']))
+ return False
+ return True