vncproxy: Use dedicated options for SSL

The [ssl] options from oslo.services are deprecated, because these have been used to enable ssl in eventlet-based wsgi server, which is now deprecated. Introduce the dedicated options to [vnc] section to replace these deprecated options. Because the vnc console feature is not yet released, no release note is added by this change. Change-Id: If9d0e1413b46d7157bcd085280b80bf1e0e6355b
2025-03-07 21:09:55 +09:00
parent 25a3dd076a
commit 57d7b10cb0
2 changed files with 17 additions and 6 deletions
--- a/ironic/conf/vnc.py
+++ b/ironic/conf/vnc.py
@@ -127,6 +127,19 @@ opts = [
             'have no authentication or encryption so they also should not '
             'be exposed to public access. Additionally, the containers '
             'need to be able to access BMC management endpoints. '),
+    cfg.StrOpt(
+        'ssl_cert_file',
+        help="Certificate file to use when starting the server securely."),
+    cfg.StrOpt(
+        'ssl_key_file',
+        help="Private key file to use when starting the server securely."),
+    cfg.StrOpt(
+        'ssl_minimum_version',
+        help="The minimum SSL version to use."),
+    cfg.StrOpt(
+        'ssl_ciphers',
+        help="Sets the list of available ciphers. value should be a "
+             "string in the OpenSSL cipher list format."),
 ]


--- a/ironic/console/novncproxy_service.py
+++ b/ironic/console/novncproxy_service.py
@@ -17,7 +17,6 @@ import os
 from oslo_config import cfg
 from oslo_log import log
 from oslo_service import service
-from oslo_service import sslutils

 from ironic.common import exception
 from ironic.console.securityproxy import rfb
@@ -58,13 +57,12 @@ class NoVNCProxyService(service.Service):
            'security_proxy': rfb.RFBSecurityProxy(),
        }
        if CONF.vnc.enable_ssl:
-            sslutils.is_enabled(CONF)
            kwargs.update({
-                'cert': CONF.ssl.cert_file,
-                'key': CONF.ssl.key_file,
+                'cert': CONF.vnc.ssl_cert_file,
+                'key': CONF.vnc.ssl_key_file,
                'ssl_only': CONF.vnc.enable_ssl,
-                'ssl_ciphers': CONF.ssl.ciphers,
-                'ssl_minimum_version': CONF.ssl.version,
+                'ssl_ciphers': CONF.vnc.ssl_ciphers,
+                'ssl_minimum_version': CONF.vnc.ssl_minimum_version,
            })

        # Check to see if tty html/js/css files are present