Add checkbox for enable/disable NSX Manager SSL verification

Return checkbox that allows user enable/disable NSX Manager certificate
verification.

Document settings "Bypass NSX Manager certificate verification" and "CA
certificate".

Closes-bug: #1590383
Change-Id: I347c9c0630ed727ce9601faf1a6c8e79f3d975ac
This commit is contained in:
Igor Zinovik 2016-07-04 11:30:21 +03:00
parent 103cf30456
commit eaf476486d
4 changed files with 25 additions and 5 deletions

View File

@ -19,7 +19,7 @@ class nsxv (
$ca_filename = try_get_value($settings['nsxv_ca_file'],'name','')
if empty($ca_filename) {
$insecure = true # used in nsx.ini.erb template
$insecure = $settings['nsxv_insecure'] # used in nsx.ini.erb template
} else {
$insecure = false
$ca_certificate_content = $settings['nsxv_ca_file']['content']

View File

@ -8,7 +8,7 @@ manager_uri = https://<%= settings['nsxv_manager_host'] %>
insecure = <%= scope.lookupvar('insecure') %>
# (Optional) Specify a CA bundle file to use in verifying the NSXv server certificate.
<% if not scope.lookupvar('insecure') -%>
<% if not (settings['ca_file']).to_s.strip.empty? -%>
ca_file = <%= scope.lookupvar('ca_file') %>
<% else -%>
# ca_file =

View File

@ -31,9 +31,20 @@ Plugin contains the following settings:
#. NSX Manager password.
#. Bypass NSX Manager certificate verification -- if enabled then HTTPS
connection will not be verified. Otherwise two options are available:
* setting "CA certificate file" appear below making it possible to upload CA
certificate that issued NSX Manager certificate.
* no CA certificate provided, then NSX Manager certificate will be verified
against CA certificate bundle that comes by default within OpenStack
controller node operating system.
#. CA certificate file -- file in PEM format that contains bundle of CA
certificates which will be used by Neutron during HTTPS connection to NSX
Manager. If no file is present, then HTTPS connection will not be verified.
certificates which will be used by the plugin during NSX Manager certificate
verification. If no file is present, then HTTPS connection will not be
verified.
#. Datacenter MoRef ID -- ID of Datacenter where NSX Edge nodes will be
deployed.

View File

@ -32,12 +32,21 @@ attributes:
regex:
source: '^.+$'
error: 'You must specify the password'
nsxv_insecure:
value: true
label: "Bypass NSX Manager certificate verification"
description: ''
weight: 22
type: 'checkbox'
nsxv_ca_file:
value: ''
label: 'CA certificate file'
description: 'Specify a CA certificate file to use in NSX Manager certificate verification, if empty - certificate will not be verified'
description: 'Specify a CA certificate file to use in NSX Manager certificate verification'
weight: 25
type: 'file'
restrictions:
- condition: "settings:nsxv.nsxv_insecure.value == true"
action: "hide"
nsxv_datacenter_moid:
value: ''
label: 'Datacenter MoRef ID'