CA certificate verification should be available only if
Bypass verification is disabled.
Some changes were made in vmware_attributes_metadata
in openstack.yaml so we have to update releases table
accordingly during upgrade.
Change-Id: Ibc1da57cfda4e732210e5eddb821856f72770dda
Closes-bug: #1616438
CA file is not uploaded because we made a mistake
in name vc_ca_file.
Fix typos vc_ca_file -> vcenter_ca_file to get correct
certificate files for cinder and compute item in
orchestrator serializer.
Change-Id: I531a1d6fb7d8cf28df644f8d2301cec4f437a996
Closes-bug: #1623478
CA certificate verification should be available only if
Bypass verification is disabled.
Partial-Bug: 1616438
Change-Id: Ib83210f52c7874398fcb1791e51091e05151273f
Depends-On: Id38bf7c74869fa60852ca1cb2ccaa9c63412cf64
* Add field that allows user to upload CA certificate
that emitted vCenters TLS/SSL certificate (Self-Signed certificate).
It allow cinder-volume configured with VMwareVcVmdkDriver
and nova-compute configured with VMwareVCDriver verify
connection to vCenter server.
* Add checkbox "Bypass vCenter certificate verification" for
cinder-volume, nova-compute, Glance vSphere backend.
These changes will allow the cover use cases for cinder-volume,
nova-compute and Glance vSphere backend:
1. Bypass vCenter certificate verification (default). Certificate
verification turn off. This case is useful for faster deployment
and for testing environment.
2. vCenter is using a Self-Signed certificate. In this case the
user must upload custom CA bundle file certificate.
3. vCenter server certificate was emitted by know CA (e.g. GeoTrust).
In this case user have to leave CA certificate bundle upload field empty.
Change-Id: I6a697d01d84065c8f3ed80adf409b79bc7913620
Implements: blueprint custom-ca-bundle-verify-vcenter-cert
Add field that allows user to upload CA certificate that emitted
vCenters TLS/SSL certificate. It allow Glance with VMware backend verify
connection to vCenter server (verification is turned on by default).
If user did not uploaded certificate then, glance will be configured
to skip verification step during connection to vCenter.
Partial-bug: #1559067
DocImpact: Document how to use 'CA file' field on VMware tab.
Change-Id: I810bc000e54b941018a1190acb26d33150b74ce0
New role 'compute-vmware' was introduced. Also vmware deployment
serializer is changed for supporting 'target-node'
Implements: blueprint compute-vmware-role
Change-Id: I4e35f2e980737a0e64abbba585e2f2aaaa3f27c3
- OpenStack services may reference to previously defined variable in
configuration files using $ (dollar sign), e.g. 'metadata_host =
$my_ip'. Interpolation can be avoided by using $$. Passwords often
contain metachars and $ is one of them. We must replace all $
occurrences with $$, otherwise service will fail to start because it
cannot interpolate non-existing variable.
- add static method escape_dollar() to VMwareDeploymentSerializerMixin
class that implements conversion
- also handle username and regular expression that is used for datastore
search
- provide input values with '$' in test fixture vmware_attributes.json
- modify integration test
Change-Id: I0d7d9f2d7f0ccaa3310c865a7f467c377c067442
Closes-bug: #1436083
* provides implementation for checking
restrictions which behavior desribed in openstack.yaml
file for attributes and vmware_attribute on nailgun side.
* pre-deployment checking for vmware consistency
Change-Id: I2124bbf3fd8d2f7fd586c9859f63b169354b8ad7
* fix in deployment serialization for multi-role node
* fix dc and ds for glance
* deny access to default vmware attributes when cluster
doesn't support vmware configuration
Closes-Bug: #1431333
Change-Id: Ieabdd1b2c74c66dbea72e1bb4a97921a312e009e