Merge "API: Use SSL to listen on"

2013-06-07 22:55:25 +00:00 · 2013-06-07 22:55:25 +00:00 · 971f37d680
commit 971f37d680
parent 6940a8966c 288d05795f
2 changed files with 21 additions and 3 deletions
--- a/etc/sample_libra.cfg
+++ b/etc/sample_libra.cfg
@ -87,6 +87,8 @@ db_schema=lbaas
 gearman=127.0.0.1:4730
 swift_basepath=lbaaslogs
 swift_endpoint=https://host.com:443/v1/
+ssl_certfile=certfile.crt
+ssl_keyfile=keyfile.key

 # Keystone options go here
 [keystone]
--- a/libra/api/app.py
+++ b/libra/api/app.py
@ -99,7 +99,7 @@ def main():
        default='0.0.0.0'
    )
    options.parser.add_argument(
-        '--port', help='Port number for API server', type=int, default=8080
+        '--port', help='Port number for API server', type=int, default=443
    )
    options.parser.add_argument(
        '--disable_keystone', help='Unauthenticated server, for testing only',
@ -134,12 +134,20 @@ def main():
        '--swift_endpoint',
        help='Default endpoint URL (tenant ID will be appended to this'
    )
+    options.parser.add_argument(
+        '--ssl_cert',
+        help='Path to an SSL certificate file'
+    )
+    options.parser.add_argument(
+        '--ssl_keyfile',
+        help='Path to an SSL key file'
+    )

    args = options.run()

    required_args = [
        'db_user', 'db_pass', 'db_host', 'db_schema', 'swift_basepath',
-        'swift_endpoint'
+        'swift_endpoint', 'ssl_certfile', 'ssl_keyfile'
    ]

    missing_args = 0
@ -184,6 +192,14 @@ def main():
    logger.info('Starting on {0}:{1}'.format(args.host, args.port))
    api = setup_app(pc, args)
    sys.stderr = LogStdout(logger)
-    wsgi.server(eventlet.listen((args.host, args.port)), api)
+    wsgi.server(
+        eventlet.wrap_ssl(
+            eventlet.listen((args.host, args.port)),
+            certfile=args.ssl_certfile,
+            keyfile=args.ssl_keyfile,
+            server_side=True
+        ),
+        api
+    )

    return 0