DVS: Verify certificate on vCenter connections
The DVS driver was not validating the vCenter certificate. This patch utilizes the function already available in oslo.vmware to verify certs. DocImpact: This introduces two config options: cafile and insecure. Change-Id: I3162437f219946e0acfa63ff0ae35f36a7e3bba7 Closes-Bug: #1487962
This commit is contained in:
parent
6a71709d0c
commit
e7c30d1fdf
@ -85,6 +85,8 @@ function neutron_plugin_configure_service {
|
||||
iniset /$Q_PLUGIN_CONF_FILE dvs host_ip "$VMWAREAPI_IP"
|
||||
iniset /$Q_PLUGIN_CONF_FILE dvs host_username "$VMWAREAPI_USER"
|
||||
iniset /$Q_PLUGIN_CONF_FILE dvs host_password "$VMWAREAPI_PASSWORD"
|
||||
iniset /$Q_PLUGIN_CONF_FILE dvs ca_file "$VMWAREAPI_CA_FILE"
|
||||
iniset /$Q_PLUGIN_CONF_FILE dvs insecure "$VMWAREAPI_INSECURE"
|
||||
iniset /$Q_PLUGIN_CONF_FILE dvs dvs_name "$VMWARE_DVS_NAME"
|
||||
}
|
||||
|
||||
|
@ -29,6 +29,15 @@ dvs_opts = [
|
||||
cfg.FloatOpt('task_poll_interval',
|
||||
default=0.5,
|
||||
help='The interval used for polling of remote tasks.'),
|
||||
cfg.StrOpt('ca_file',
|
||||
help='Specify a CA bundle file to use in verifying the '
|
||||
'vCenter server certificate.'),
|
||||
cfg.BoolOpt('insecure',
|
||||
default=False,
|
||||
help='If true, the vCenter server certificate is not '
|
||||
'verified. If false, then the default CA truststore is '
|
||||
'used for verification. This option is ignored if '
|
||||
'"ca_file" is set.'),
|
||||
cfg.IntOpt('api_retry_count',
|
||||
default=10,
|
||||
help='The number of times we retry on failures, e.g., '
|
||||
@ -53,7 +62,9 @@ def dvs_create_session():
|
||||
CONF.dvs.host_password,
|
||||
CONF.dvs.api_retry_count,
|
||||
CONF.dvs.task_poll_interval,
|
||||
port=CONF.dvs.host_port)
|
||||
port=CONF.dvs.host_port,
|
||||
cacert=CONF.dvs.ca_file,
|
||||
insecure=CONF.dvs.insecure)
|
||||
|
||||
|
||||
def dvs_name_get():
|
||||
|
@ -35,6 +35,8 @@ class DvsUtilsTestCase(base.BaseTestCase):
|
||||
group='dvs')
|
||||
cfg.CONF.set_override('dvs_name', 'fake_dvs', group='dvs')
|
||||
cfg.CONF.set_override('host_port', '443', group='dvs')
|
||||
cfg.CONF.set_override('ca_file', 'cacert', group='dvs')
|
||||
cfg.CONF.set_override('insecure', False, group='dvs')
|
||||
|
||||
def test_dvs_set(self):
|
||||
self._dvs_fake_cfg_set()
|
||||
@ -49,7 +51,9 @@ class DvsUtilsTestCase(base.BaseTestCase):
|
||||
cfg.CONF.dvs.host_password,
|
||||
cfg.CONF.dvs.api_retry_count,
|
||||
cfg.CONF.dvs.task_poll_interval,
|
||||
port=cfg.CONF.dvs.host_port)
|
||||
port=cfg.CONF.dvs.host_port,
|
||||
cacert=cfg.CONF.dvs.ca_file,
|
||||
insecure=cfg.CONF.dvs.insecure)
|
||||
|
||||
def test_dvs_name_get(self):
|
||||
cfg.CONF.set_override('dvs_name', 'fake-dvs', group='dvs')
|
||||
|
Loading…
Reference in New Issue
Block a user