Add checkbox for enable/disable NSX Manager SSL verification
Return checkbox that allows user enable/disable NSX Manager certificate verification. Document settings "Bypass NSX Manager certificate verification" and "CA certificate". Closes-bug: #1590383 Change-Id: I347c9c0630ed727ce9601faf1a6c8e79f3d975ac
This commit is contained in:
parent
103cf30456
commit
eaf476486d
|
@ -19,7 +19,7 @@ class nsxv (
|
|||
|
||||
$ca_filename = try_get_value($settings['nsxv_ca_file'],'name','')
|
||||
if empty($ca_filename) {
|
||||
$insecure = true # used in nsx.ini.erb template
|
||||
$insecure = $settings['nsxv_insecure'] # used in nsx.ini.erb template
|
||||
} else {
|
||||
$insecure = false
|
||||
$ca_certificate_content = $settings['nsxv_ca_file']['content']
|
||||
|
|
|
@ -8,7 +8,7 @@ manager_uri = https://<%= settings['nsxv_manager_host'] %>
|
|||
insecure = <%= scope.lookupvar('insecure') %>
|
||||
|
||||
# (Optional) Specify a CA bundle file to use in verifying the NSXv server certificate.
|
||||
<% if not scope.lookupvar('insecure') -%>
|
||||
<% if not (settings['ca_file']).to_s.strip.empty? -%>
|
||||
ca_file = <%= scope.lookupvar('ca_file') %>
|
||||
<% else -%>
|
||||
# ca_file =
|
||||
|
|
|
@ -31,9 +31,20 @@ Plugin contains the following settings:
|
|||
|
||||
#. NSX Manager password.
|
||||
|
||||
#. Bypass NSX Manager certificate verification -- if enabled then HTTPS
|
||||
connection will not be verified. Otherwise two options are available:
|
||||
|
||||
* setting "CA certificate file" appear below making it possible to upload CA
|
||||
certificate that issued NSX Manager certificate.
|
||||
|
||||
* no CA certificate provided, then NSX Manager certificate will be verified
|
||||
against CA certificate bundle that comes by default within OpenStack
|
||||
controller node operating system.
|
||||
|
||||
#. CA certificate file -- file in PEM format that contains bundle of CA
|
||||
certificates which will be used by Neutron during HTTPS connection to NSX
|
||||
Manager. If no file is present, then HTTPS connection will not be verified.
|
||||
certificates which will be used by the plugin during NSX Manager certificate
|
||||
verification. If no file is present, then HTTPS connection will not be
|
||||
verified.
|
||||
|
||||
#. Datacenter MoRef ID -- ID of Datacenter where NSX Edge nodes will be
|
||||
deployed.
|
||||
|
|
|
@ -32,12 +32,21 @@ attributes:
|
|||
regex:
|
||||
source: '^.+$'
|
||||
error: 'You must specify the password'
|
||||
nsxv_insecure:
|
||||
value: true
|
||||
label: "Bypass NSX Manager certificate verification"
|
||||
description: ''
|
||||
weight: 22
|
||||
type: 'checkbox'
|
||||
nsxv_ca_file:
|
||||
value: ''
|
||||
label: 'CA certificate file'
|
||||
description: 'Specify a CA certificate file to use in NSX Manager certificate verification, if empty - certificate will not be verified'
|
||||
description: 'Specify a CA certificate file to use in NSX Manager certificate verification'
|
||||
weight: 25
|
||||
type: 'file'
|
||||
restrictions:
|
||||
- condition: "settings:nsxv.nsxv_insecure.value == true"
|
||||
action: "hide"
|
||||
nsxv_datacenter_moid:
|
||||
value: ''
|
||||
label: 'Datacenter MoRef ID'
|
||||
|
|
Loading…
Reference in New Issue