Browse Source

VMware: verify vCenter server certificate

Two configuration properties are being added:

'ca_file': Specify a CA bundle file to use in verifying the vCenter
server certificate

'insecure': If true, the vCenter server certificate is not verified.
If false, then the default CA truststore is used for verification.
This option is ignored if 'ca_file' is set.

Closes-Bug: #1276207

DocImpact

Change-Id: I8f408308cddbb40b19e8dc9fce6ff02745d963b8
changes/66/180266/2
Eric Brown 7 years ago
parent
commit
2f4ff42a92
  1. 13
      ceilometer/compute/virt/vmware/inspector.py

13
ceilometer/compute/virt/vmware/inspector.py

@ -41,6 +41,15 @@ OPTS = [
default='',
help='Password of VMware Vsphere.',
secret=True),
cfg.StrOpt('ca_file',
help='CA bundle file to use in verifying the vCenter server '
'certificate.'),
cfg.BoolOpt('insecure',
default=False,
help='If true, the vCenter server certificate is not '
'verified. If false, then the default CA truststore is '
'used for verification. This option is ignored if '
'"ca_file" is set.'),
cfg.IntOpt('api_retry_count',
default=10,
help='Number of times a VMware Vsphere API may be retried.'),
@ -76,7 +85,9 @@ def get_api_session():
cfg.CONF.vmware.api_retry_count,
cfg.CONF.vmware.task_poll_interval,
wsdl_loc=cfg.CONF.vmware.wsdl_location,
port=cfg.CONF.vmware.host_port)
port=cfg.CONF.vmware.host_port,
cacert=cfg.CONF.vmware.ca_file,
insecure=cfg.CONF.vmware.insecure)
return api_session

Loading…
Cancel
Save