openstack
/
cinder
Code Issues Proposed changes

VMware: Enable vCenter certificate verification 

Currently vCenter certificate is not verified during connection
establishment. This patch adds a config option to specify a CA
bundle file to verify vCenter server certificate.

DocImpact

Change-Id: Ida730db66b154a4d445f7a91bccb9ca5b5a26f5e
Closes-Bug: #1276207
This commit is contained in:
Vipin Balachandran 2015-05-04 16:13:41 +05:30
parent 51ae2ebccd
commit 39478338bb
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cinder/tests/unit/test_vmware_vmdk.py
View File

@ -147,6 +147,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
IMG_TX_TIMEOUT = 10 IMG_TX_TIMEOUT = 10
MAX_OBJECTS = 100 MAX_OBJECTS = 100
TMP_DIR = "/vmware-tmp" TMP_DIR = "/vmware-tmp"
CA_FILE = "/etc/ssl/rui-ca-cert.pem"
VMDK_DRIVER = vmdk.VMwareEsxVmdkDriver VMDK_DRIVER = vmdk.VMwareEsxVmdkDriver
def setUp(self): def setUp(self):
@ -163,6 +164,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
self._config.vmware_image_transfer_timeout_secs = self.IMG_TX_TIMEOUT self._config.vmware_image_transfer_timeout_secs = self.IMG_TX_TIMEOUT
self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS
self._config.vmware_tmp_dir = self.TMP_DIR self._config.vmware_tmp_dir = self.TMP_DIR
self._config.vmware_ca_file = self.CA_FILE
self._db = mock.Mock() self._db = mock.Mock()
self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config, self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config,
db=self._db) db=self._db)
@ -2835,6 +2837,22 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase):
vops.move_backing_to_folder.assert_called_once_with(backing, vops.move_backing_to_folder.assert_called_once_with(backing,
folder) folder)
@mock.patch('oslo_vmware.api.VMwareAPISession')
def test_session(self, apiSession):
self._session = None
self._driver.session()
apiSession.assert_called_once_with(
self._config.vmware_host_ip,
self._config.vmware_host_username,
self._config.vmware_host_password,
self._config.vmware_api_retry_count,
self._config.vmware_task_poll_interval,
wsdl_loc=self._config.safe_get('vmware_wsdl_location'),
pbm_wsdl_loc=None,
cacert=self._config.vmware_ca_file)
class ImageDiskTypeTest(test.TestCase): class ImageDiskTypeTest(test.TestCase):
"""Unit tests for ImageDiskType.""" """Unit tests for ImageDiskType."""

9
cinder/volume/drivers/vmware/vmdk.py
View File

@ -106,7 +106,10 @@ vmdk_opts = [
cfg.StrOpt('vmware_tmp_dir', cfg.StrOpt('vmware_tmp_dir',
default='/tmp', default='/tmp',
help='Directory where virtual disks are stored during volume ' help='Directory where virtual disks are stored during volume '
'backup and restore.') 'backup and restore.'),
cfg.StrOpt('vmware_ca_file',
default=None,
help='CA bundle file to verify vCenter server certificate.')
] ]
CONF = cfg.CONF CONF = cfg.CONF
@ -1884,11 +1887,13 @@ class VMwareVcVmdkDriver(VMwareEsxVmdkDriver):
task_poll_interval = self.configuration.vmware_task_poll_interval task_poll_interval = self.configuration.vmware_task_poll_interval
wsdl_loc = self.configuration.safe_get('vmware_wsdl_location') wsdl_loc = self.configuration.safe_get('vmware_wsdl_location')
pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None
ca_file = self.configuration.vmware_ca_file
self._session = api.VMwareAPISession(ip, username, self._session = api.VMwareAPISession(ip, username,
password, api_retry_count, password, api_retry_count,
task_poll_interval, task_poll_interval,
wsdl_loc=wsdl_loc, wsdl_loc=wsdl_loc,
pbm_wsdl_loc=pbm_wsdl) pbm_wsdl_loc=pbm_wsdl,
cacert=ca_file)
return self._session return self._session
def _get_vc_version(self): def _get_vc_version(self):