openstack
/
nova
Code Issues Proposed changes

VMware: verify vCenter server certificate 

Two configuration properties are being added:
'ca_file': Specify a CA bundle file to use in verifying the vCenter
server certificate
'insecure': If true, the vCenter server certificate is not verified.
If false, then the default CA truststore is used for verification.
This option is ignored if 'ca_file' is set.

Closes-Bug: #1276207

DocImpact

Change-Id: I86a04fbd70f726206ddd95caf87685f3559d2ad8
This commit is contained in:
Radoslav Gerganov 2015-05-04 11:18:58 +03:00
parent 50e77aa9b8
commit 823766637d
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nova/virt/vmwareapi/driver.py
View File

@ -58,6 +58,15 @@ vmwareapi_opts = [
cfg.StrOpt('host_password',
help='Password for connection to VMware vCenter host.',
secret=True),
cfg.StrOpt('ca_file',
help='Specify a CA bundle file to use in verifying the '
'vCenter server certificate.'),
cfg.BoolOpt('insecure',
default=False,
help='If true, the vCenter server certificate is not '
'verified. If false, then the default CA truststore is '
'used for verification. This option is ignored if '
'"ca_file" is set.'),
cfg.MultiStrOpt('cluster_name',
help='Name of a VMware Cluster ComputeResource.'),
cfg.StrOpt('datastore_regex',
@ -696,7 +705,9 @@ class VMwareAPISession(api.VMwareAPISession):
username=CONF.vmware.host_username,
password=CONF.vmware.host_password,
retry_count=CONF.vmware.api_retry_count,
scheme="https"):
scheme="https",
cacert=CONF.vmware.ca_file,
insecure=CONF.vmware.insecure):
super(VMwareAPISession, self).__init__(
host=host_ip,
port=host_port,
@ -706,8 +717,9 @@ class VMwareAPISession(api.VMwareAPISession):
task_poll_interval=CONF.vmware.task_poll_interval,
scheme=scheme,
create_session=True,
wsdl_loc=CONF.vmware.wsdl_location
)
wsdl_loc=CONF.vmware.wsdl_location,
cacert=cacert,
insecure=insecure)
def _is_vim_object(self, module):
"""Check if the module is a VIM Object instance."""