Commit b2b2f0e8 authored by Bryce Cousins's avatar Bryce Cousins

Fix: allow certificates not recognized by certifi

parent e2a35d6f
Pipeline #137253 passed with stages
in 8 minutes and 56 seconds
......@@ -110,6 +110,29 @@ aggregator.store_columns(measurement, cols)
```
## Using HTTPS
An HTTPS to the database backend can be enabled in the configuration by specifying
`auth` and `https`, e.g.:
```
backends:
default:
backend: influxdb
db: <db_name>
hostname: <host_name>
port: <port>
auth: True
https: True
```
Scald will need database authentication credentials in the form of environment variables;
these can be provided in a .netrc file inside the Scald config directory.
For the HTTPS connection, Scald will need an SSL cert, whose path is specified as
an environment variable, e.g.:
```
SCALD_SSL_CA_CERT="/etc/pki/tls/certs/<cert_name>"
```
## Installation:
1. Conda installation:
......
......@@ -1160,10 +1160,18 @@ def create_client(host='localhost', port=8086, auth=False, https=False):
headers = urllib3.make_headers(keep_alive=True)
if https and check_certs:
return urllib3.HTTPSConnectionPool(host, port=port, maxsize=10, block=True, headers=headers,
if 'SCALD_SSL_CA_CERT' in os.environ:
return urllib3.HTTPSConnectionPool(host, port=port, maxsize=10, block=True, headers=headers,
cert_reqs='CERT_REQUIRED', ca_certs=os.environ.get('SCALD_SSL_CA_CERT'))
else:
return urllib3.HTTPSConnectionPool(host, port=port, maxsize=10, block=True, headers=headers,
cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
elif https:
return urllib3.HTTPSConnectionPool(host, port=port, maxsize=10, block=True, headers=headers)
if 'SCALD_SSL_CA_CERT' in os.environ:
return urllib3.HTTPSConnectionPool(host, port=port, maxsize=10, block=True, headers=headers,
cert_reqs='CERT_REQUIRED', ca_certs=os.environ.get('SCALD_SSL_CA_CERT'))
else:
return urllib3.HTTPSConnectionPool(host, port=port, maxsize=10, block=True, headers=headers, cert_reqs='CERT_NONE')
else:
return urllib3.HTTPConnectionPool(host, port=port, maxsize=10, block=True, headers=headers)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment