Support register to smo with https/tls protocol.

Signed-off-by: dliu5 <david.liu@windriver.com>
Change-Id: I06b3d233b9f00f1b1e479838fb8611fb2566cc8a
(cherry picked from commit 5893fa9d751d3e00324b22dfbdea024722ab9272)

diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml
index bcc8dc9..4a10890 100644 (file)
--- a/charts/templates/deployment.yaml
+++ b/charts/templates/deployment.yaml
@@ -86,6 +86,9 @@ spec:
               mountPath: /configs/o2app.conf
               subPath: config.json
               readOnly: true
+            - name: smocacrt
+              mountPath: /configs/smoca.crt
+              subPath: config.json
         - name: watcher
           image: "{{ .Values.o2ims.image.repository }}:{{ .Values.o2ims.image.tag }}"
           command: ["/bin/bash", "/opt/o2watcher_start.sh"]
@@ -161,10 +164,6 @@ spec:
               mountPath: /configs/server.key
               subPath: config.json
               readOnly: true
-            - name: smocacrt
-              mountPath: /configs/smoca.crt
-              subPath: config.json
-              readOnly: true
         - name: helmcli
           image: "{{ .Values.o2ims.image.repository }}:{{ .Values.o2ims.image.tag }}"
           ports:

diff --git a/o2common/config/config.py b/o2common/config/config.py
index ef67e74..a2907c4 100644 (file)
--- a/o2common/config/config.py
+++ b/o2common/config/config.py
@@ -30,6 +30,11 @@ def get_config_path():
     return path
 
 
+def get_smo_ca_config_path():
+    path = os.environ.get("SMO_CA_CONFIG", "/configs/smoca.crt")
+    return path
+
+
 def get_postgres_uri():
     host = os.environ.get("DB_HOST", "localhost")
     port = 54321 if host == "localhost" else 5432

diff --git a/o2ims/service/command/registration_handler.py b/o2ims/service/command/registration_handler.py
index 0c6bbef..77ab28b 100644 (file)
--- a/o2ims/service/command/registration_handler.py
+++ b/o2ims/service/command/registration_handler.py
@@ -17,6 +17,7 @@ import json
 # import asyncio
 # import requests
 import http.client
+import ssl
 from urllib.parse import urlparse
 from retry import retry
 
@@ -48,9 +49,16 @@ def registry_to_smo(
             register_smo(uow, ocloud_dict)
 
 
+class RegIMSToSMOExp(Exception):
+    def __init__(self, value):
+        self.value = value
+
+
 def register_smo(uow, ocloud_data):
     call_res = call_smo(ocloud_data)
     logger.debug('Call SMO response is {}'.format(call_res))
+    if call_res is not True:
+        raise RegIMSToSMOExp('Register o2ims to SMO failed')
     # TODO: record the result for the smo register
 
 
@@ -87,9 +95,36 @@ def call_smo(reg_data: dict):
     logger.info('URL: {}, data: {}'.format(
         conf.DEFAULT.smo_register_url, callback_data))
     o = urlparse(conf.DEFAULT.smo_register_url)
-    conn = http.client.HTTPConnection(o.netloc)
+    if o.scheme == 'https':
+        sslctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
+        sslctx.check_hostname = True
+        sslctx.verify_mode = ssl.CERT_REQUIRED
+        sslctx.load_default_certs()
+        conn = http.client.HTTPSConnection(o.netloc, context=sslctx)
+    else:
+        conn = http.client.HTTPConnection(o.netloc)
+
+    try:
+        return post_data(conn, o.path, callback_data)
+    except ssl.SSLCertVerificationError as e:
+        logger.info('post data except: {}'.format(e))
+        if 'self signed' in str(e):
+            sslctx = ssl.create_default_context(
+                purpose=ssl.Purpose.SERVER_AUTH)
+            smo_ca_path = config.get_smo_ca_config_path()
+            sslctx.load_verify_locations(smo_ca_path)
+            sslctx.check_hostname = False
+            sslctx.verify_mode = ssl.CERT_REQUIRED
+            conn = http.client.HTTPSConnection(o.netloc, context=sslctx)
+            return post_data(conn, o.path, callback_data)
+    except Exception as e:
+        logger.info('except: {}'.format(e))
+        return False
+
+
+def post_data(conn, path, data):
     headers = {'Content-type': 'application/json'}
-    conn.request('POST', o.path, callback_data, headers)
+    conn.request('POST', path, data, headers)
     resp = conn.getresponse()
     data = resp.read().decode('utf-8')
     # json_data = json.loads(data)