Fix for problems found by @dguerri

* TLSConfig['verify'] has to be set to False if we're only encrypting the
  connection, not verifying the host.
* tls_hostname was not set if tls_ca_cert was not present

https://github.com/ansible/ansible-modules-core/pull/926#issuecomment-78573877
This commit is contained in:
Toshio Kuratomi 2015-03-12 12:53:48 -07:00 committed by Matt Clay
parent 7c261b3954
commit 95df4bcbee

View file

@ -571,7 +571,6 @@ class DockerManager(object):
if not tls_ca_cert and env_cert_path: if not tls_ca_cert and env_cert_path:
tls_ca_cert = os.path.join(env_cert_path, 'ca.pem') tls_ca_cert = os.path.join(env_cert_path, 'ca.pem')
if tls_ca_cert:
tls_hostname = module.params.get('tls_hostname') tls_hostname = module.params.get('tls_hostname')
if tls_hostname is None: if tls_hostname is None:
if env_docker_hostname: if env_docker_hostname:
@ -614,8 +613,10 @@ class DockerManager(object):
else: else:
params['verify'] = True params['verify'] = True
params['assert_hostname'] = tls_hostname params['assert_hostname'] = tls_hostname
elif use_tls == 'encrpyt':
params['verify'] = False
if params or use_tls == 'encrypt': if params:
# See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296 # See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296
docker_url = docker_url.replace('tcp://', 'https://') docker_url = docker_url.replace('tcp://', 'https://')
tls_config = docker.tls.TLSConfig(**params) tls_config = docker.tls.TLSConfig(**params)