openstack/deb-ceilometer
Code Issues Proposed changes

VMware: verify vCenter server certificate

Browse Source 
Two configuration properties are being added:

'ca_file': Specify a CA bundle file to use in verifying the vCenter
server certificate

'insecure': If true, the vCenter server certificate is not verified.
If false, then the default CA truststore is used for verification.
This option is ignored if 'ca_file' is set.

Closes-Bug: #1276207

DocImpact

Change-Id: I8f408308cddbb40b19e8dc9fce6ff02745d963b8
This commit is contained in:
Eric Brown 2015-05-05 11:38:49 -07:00
parent 9f76e5b580
commit 2f4ff42a92
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ceilometer/compute/virt/vmware/inspector.py
View File

@ -41,6 +41,15 @@ OPTS = [
default='', default='',
help='Password of VMware Vsphere.', help='Password of VMware Vsphere.',
secret=True), secret=True),
cfg.StrOpt('ca_file',
help='CA bundle file to use in verifying the vCenter server '
'certificate.'),
cfg.BoolOpt('insecure',
default=False,
help='If true, the vCenter server certificate is not '
'verified. If false, then the default CA truststore is '
'used for verification. This option is ignored if '
'"ca_file" is set.'),
cfg.IntOpt('api_retry_count', cfg.IntOpt('api_retry_count',
default=10, default=10,
help='Number of times a VMware Vsphere API may be retried.'), help='Number of times a VMware Vsphere API may be retried.'),
@ -76,7 +85,9 @@ def get_api_session():
cfg.CONF.vmware.api_retry_count, cfg.CONF.vmware.api_retry_count,
cfg.CONF.vmware.task_poll_interval, cfg.CONF.vmware.task_poll_interval,
wsdl_loc=cfg.CONF.vmware.wsdl_location, wsdl_loc=cfg.CONF.vmware.wsdl_location,
port=cfg.CONF.vmware.host_port) port=cfg.CONF.vmware.host_port,
cacert=cfg.CONF.vmware.ca_file,
insecure=cfg.CONF.vmware.insecure)
return api_session return api_session