diff --git a/ironic/conf/vnc.py b/ironic/conf/vnc.py index b8891b602f..6a7c279005 100644 --- a/ironic/conf/vnc.py +++ b/ironic/conf/vnc.py @@ -127,6 +127,19 @@ opts = [ 'have no authentication or encryption so they also should not ' 'be exposed to public access. Additionally, the containers ' 'need to be able to access BMC management endpoints. '), + cfg.StrOpt( + 'ssl_cert_file', + help="Certificate file to use when starting the server securely."), + cfg.StrOpt( + 'ssl_key_file', + help="Private key file to use when starting the server securely."), + cfg.StrOpt( + 'ssl_minimum_version', + help="The minimum SSL version to use."), + cfg.StrOpt( + 'ssl_ciphers', + help="Sets the list of available ciphers. value should be a " + "string in the OpenSSL cipher list format."), ] diff --git a/ironic/console/novncproxy_service.py b/ironic/console/novncproxy_service.py index f9bb354d33..1c24636289 100644 --- a/ironic/console/novncproxy_service.py +++ b/ironic/console/novncproxy_service.py @@ -17,7 +17,6 @@ import os from oslo_config import cfg from oslo_log import log from oslo_service import service -from oslo_service import sslutils from ironic.common import exception from ironic.console.securityproxy import rfb @@ -58,13 +57,12 @@ class NoVNCProxyService(service.Service): 'security_proxy': rfb.RFBSecurityProxy(), } if CONF.vnc.enable_ssl: - sslutils.is_enabled(CONF) kwargs.update({ - 'cert': CONF.ssl.cert_file, - 'key': CONF.ssl.key_file, + 'cert': CONF.vnc.ssl_cert_file, + 'key': CONF.vnc.ssl_key_file, 'ssl_only': CONF.vnc.enable_ssl, - 'ssl_ciphers': CONF.ssl.ciphers, - 'ssl_minimum_version': CONF.ssl.version, + 'ssl_ciphers': CONF.vnc.ssl_ciphers, + 'ssl_minimum_version': CONF.vnc.ssl_minimum_version, }) # Check to see if tty html/js/css files are present