From 5893fa9d751d3e00324b22dfbdea024722ab9272 Mon Sep 17 00:00:00 2001 From: dliu5 Date: Tue, 1 Nov 2022 21:47:57 +0800 Subject: [PATCH] Support register to smo with https/tls protocol. Signed-off-by: dliu5 Change-Id: I06b3d233b9f00f1b1e479838fb8611fb2566cc8a --- charts/templates/deployment.yaml | 7 +++-- o2common/config/config.py | 5 ++++ o2ims/service/command/registration_handler.py | 39 +++++++++++++++++++++++++-- 3 files changed, 45 insertions(+), 6 deletions(-) diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index bcc8dc9..4a10890 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -86,6 +86,9 @@ spec: mountPath: /configs/o2app.conf subPath: config.json readOnly: true + - name: smocacrt + mountPath: /configs/smoca.crt + subPath: config.json - name: watcher image: "{{ .Values.o2ims.image.repository }}:{{ .Values.o2ims.image.tag }}" command: ["/bin/bash", "/opt/o2watcher_start.sh"] @@ -161,10 +164,6 @@ spec: mountPath: /configs/server.key subPath: config.json readOnly: true - - name: smocacrt - mountPath: /configs/smoca.crt - subPath: config.json - readOnly: true - name: helmcli image: "{{ .Values.o2ims.image.repository }}:{{ .Values.o2ims.image.tag }}" ports: diff --git a/o2common/config/config.py b/o2common/config/config.py index 9756535..8946bdf 100644 --- a/o2common/config/config.py +++ b/o2common/config/config.py @@ -29,6 +29,11 @@ def get_config_path(): return path +def get_smo_ca_config_path(): + path = os.environ.get("SMO_CA_CONFIG", "/configs/smoca.crt") + return path + + def get_postgres_uri(): host = os.environ.get("DB_HOST", "localhost") port = 54321 if host == "localhost" else 5432 diff --git a/o2ims/service/command/registration_handler.py b/o2ims/service/command/registration_handler.py index 0c6bbef..77ab28b 100644 --- a/o2ims/service/command/registration_handler.py +++ b/o2ims/service/command/registration_handler.py @@ -17,6 +17,7 @@ import json # import asyncio # import requests import http.client +import ssl from urllib.parse import urlparse from retry import retry @@ -48,9 +49,16 @@ def registry_to_smo( register_smo(uow, ocloud_dict) +class RegIMSToSMOExp(Exception): + def __init__(self, value): + self.value = value + + def register_smo(uow, ocloud_data): call_res = call_smo(ocloud_data) logger.debug('Call SMO response is {}'.format(call_res)) + if call_res is not True: + raise RegIMSToSMOExp('Register o2ims to SMO failed') # TODO: record the result for the smo register @@ -87,9 +95,36 @@ def call_smo(reg_data: dict): logger.info('URL: {}, data: {}'.format( conf.DEFAULT.smo_register_url, callback_data)) o = urlparse(conf.DEFAULT.smo_register_url) - conn = http.client.HTTPConnection(o.netloc) + if o.scheme == 'https': + sslctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH) + sslctx.check_hostname = True + sslctx.verify_mode = ssl.CERT_REQUIRED + sslctx.load_default_certs() + conn = http.client.HTTPSConnection(o.netloc, context=sslctx) + else: + conn = http.client.HTTPConnection(o.netloc) + + try: + return post_data(conn, o.path, callback_data) + except ssl.SSLCertVerificationError as e: + logger.info('post data except: {}'.format(e)) + if 'self signed' in str(e): + sslctx = ssl.create_default_context( + purpose=ssl.Purpose.SERVER_AUTH) + smo_ca_path = config.get_smo_ca_config_path() + sslctx.load_verify_locations(smo_ca_path) + sslctx.check_hostname = False + sslctx.verify_mode = ssl.CERT_REQUIRED + conn = http.client.HTTPSConnection(o.netloc, context=sslctx) + return post_data(conn, o.path, callback_data) + except Exception as e: + logger.info('except: {}'.format(e)) + return False + + +def post_data(conn, path, data): headers = {'Content-type': 'application/json'} - conn.request('POST', o.path, callback_data, headers) + conn.request('POST', path, data, headers) resp = conn.getresponse() data = resp.read().decode('utf-8') # json_data = json.loads(data) -- 2.16.6