VMware: verify vCenter server certificate

Two configuration properties are being added: 'ca_file': Specify a CA bundle file to use in verifying the vCenter server certificate 'insecure': If true, the vCenter server certificate is not verified. If false, then the default CA truststore is used for verification. This option is ignored if 'ca_file' is set. Closes-Bug: #1276207 DocImpact Change-Id: I8f408308cddbb40b19e8dc9fce6ff02745d963b8
2015-05-05 11:38:49 -07:00 · 2015-05-05 11:38:49 -07:00 · 2f4ff42a92
commit 2f4ff42a92
parent 9f76e5b580
1 changed files with 12 additions and 1 deletions
--- a/ceilometer/compute/virt/vmware/inspector.py
+++ b/ceilometer/compute/virt/vmware/inspector.py
@ -41,6 +41,15 @@ OPTS = [
               default='',
               help='Password of VMware Vsphere.',
               secret=True),
+    cfg.StrOpt('ca_file',
+               help='CA bundle file to use in verifying the vCenter server '
+                    'certificate.'),
+    cfg.BoolOpt('insecure',
+                default=False,
+                help='If true, the vCenter server certificate is not '
+                     'verified. If false, then the default CA truststore is '
+                     'used for verification. This option is ignored if '
+                     '"ca_file" is set.'),
    cfg.IntOpt('api_retry_count',
               default=10,
               help='Number of times a VMware Vsphere API may be retried.'),
@ -76,7 +85,9 @@ def get_api_session():
        cfg.CONF.vmware.api_retry_count,
        cfg.CONF.vmware.task_poll_interval,
        wsdl_loc=cfg.CONF.vmware.wsdl_location,
-        port=cfg.CONF.vmware.host_port)
+        port=cfg.CONF.vmware.host_port,
+        cacert=cfg.CONF.vmware.ca_file,
+        insecure=cfg.CONF.vmware.insecure)
    return api_session