cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix for problems found by @dguerri

Browse source 
* TLSConfig['verify'] has to be set to False if we're only encrypting the
  connection, not verifying the host.
* tls_hostname was not set if tls_ca_cert was not present

https://github.com/ansible/ansible-modules-core/pull/926#issuecomment-78573877
This commit is contained in:
Toshio Kuratomi 2015-03-12 12:53:48 -07:00 committed by Matt Clay
parent 7c261b3954
commit 95df4bcbee
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
lib/ansible/modules/cloud/docker/docker.py
View file

@ -571,19 +571,18 @@ class DockerManager(object):
if not tls_ca_cert and env_cert_path: if not tls_ca_cert and env_cert_path:
tls_ca_cert = os.path.join(env_cert_path, 'ca.pem') tls_ca_cert = os.path.join(env_cert_path, 'ca.pem')
if tls_ca_cert: tls_hostname = module.params.get('tls_hostname')
tls_hostname = module.params.get('tls_hostname') if tls_hostname is None:
if tls_hostname is None: if env_docker_hostname:
if env_docker_hostname: tls_hostname = env_docker_hostname
tls_hostname = env_docker_hostname else:
parsed_url = urlparse(docker_url)
if ':' in parsed_url.netloc:
tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')]
else: else:
parsed_url = urlparse(docker_url) tls_hostname = parsed_url
if ':' in parsed_url.netloc: if not tls_hostname:
tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')] tls_hostname = True
else:
tls_hostname = parsed_url
if not tls_hostname:
tls_hostname = True
# use_tls can be one of four values: # use_tls can be one of four values:
# no: Do not use tls # no: Do not use tls
@ -614,8 +613,10 @@ class DockerManager(object):
else: else:
params['verify'] = True params['verify'] = True
params['assert_hostname'] = tls_hostname params['assert_hostname'] = tls_hostname
elif use_tls == 'encrpyt':
params['verify'] = False
if params or use_tls == 'encrypt': if params:
# See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296 # See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296
docker_url = docker_url.replace('tcp://', 'https://') docker_url = docker_url.replace('tcp://', 'https://')
tls_config = docker.tls.TLSConfig(**params) tls_config = docker.tls.TLSConfig(**params)