diff --git a/manifests/backend/vsphere.pp b/manifests/backend/vsphere.pp index 5e1f0b2a..3dda70ce 100644 --- a/manifests/backend/vsphere.pp +++ b/manifests/backend/vsphere.pp @@ -24,7 +24,14 @@ # [*vcenter_api_insecure*] # (optional) Allow to perform insecure SSL requests to vCenter/ESXi. # Should be a valid string boolean value -# Defaults to 'False' +# Defaults to 'True' +# +# [*vcenter_ca_file*] +# (optional) The name of the CA bundle file which will be used in +# verifying vCenter server certificate. If parameter is not set +# then system truststore is used. If parameter is set, vcenter_api_insecure +# value is ignored. +# Defaults to undef # # [*vcenter_host*] # (required) vCenter/ESXi Server target system. @@ -72,7 +79,8 @@ class glance::backend::vsphere( $vcenter_datacenter, $vcenter_datastore, $vcenter_image_dir, - $vcenter_api_insecure = 'False', + $vcenter_ca_file = undef, + $vcenter_api_insecure = 'True', $vcenter_task_poll_interval = '5', $vcenter_api_retry_count = '10', $multi_store = false, @@ -81,6 +89,7 @@ class glance::backend::vsphere( glance_api_config { 'glance_store/vmware_api_insecure': value => $vcenter_api_insecure; + 'glance_store/vmware_ca_file': value => $vcenter_ca_file; 'glance_store/vmware_server_host': value => $vcenter_host; 'glance_store/vmware_server_username': value => $vcenter_user; 'glance_store/vmware_server_password': value => $vcenter_password; @@ -94,6 +103,7 @@ class glance::backend::vsphere( if $glare_enabled { glance_glare_config { 'glance_store/vmware_api_insecure': value => $vcenter_api_insecure; + 'glance_store/vmware_ca_file': value => $vcenter_ca_file; 'glance_store/vmware_server_host': value => $vcenter_host; 'glance_store/vmware_server_username': value => $vcenter_user; 'glance_store/vmware_server_password': value => $vcenter_password; diff --git a/spec/classes/glance_backend_vsphere_spec.rb b/spec/classes/glance_backend_vsphere_spec.rb index 2b8f9b48..2b103b22 100644 --- a/spec/classes/glance_backend_vsphere_spec.rb +++ b/spec/classes/glance_backend_vsphere_spec.rb @@ -41,7 +41,7 @@ describe 'glance::backend::vsphere' do end it 'configures glance-api.conf' do is_expected.to contain_glance_api_config('glance_store/default_store').with_value('vsphere') - is_expected.to contain_glance_api_config('glance_store/vmware_api_insecure').with_value('False') + is_expected.to contain_glance_api_config('glance_store/vmware_api_insecure').with_value('True') is_expected.to contain_glance_api_config('glance_store/vmware_server_host').with_value('10.0.0.1') is_expected.to contain_glance_api_config('glance_store/vmware_server_username').with_value('root') is_expected.to contain_glance_api_config('glance_store/vmware_server_password').with_value('123456') @@ -53,7 +53,7 @@ describe 'glance::backend::vsphere' do end it 'not configures glance-glare.conf' do is_expected.to_not contain_glance_glare_config('glance_store/default_store').with_value('vsphere') - is_expected.to_not contain_glance_glare_config('glance_store/vmware_api_insecure').with_value('False') + is_expected.to_not contain_glance_glare_config('glance_store/vmware_api_insecure').with_value('True') is_expected.to_not contain_glance_glare_config('glance_store/vmware_server_host').with_value('10.0.0.1') is_expected.to_not contain_glance_glare_config('glance_store/vmware_server_username').with_value('root') is_expected.to_not contain_glance_glare_config('glance_store/vmware_server_password').with_value('123456') @@ -74,20 +74,20 @@ describe 'glance::backend::vsphere' do :vcenter_datacenter => 'Datacenter', :vcenter_datastore => 'Datastore', :vcenter_image_dir => '/openstack_glance', - :vcenter_api_insecure => 'True', + :vcenter_ca_file => '/etc/glance/vcenter-ca.pem', :vcenter_task_poll_interval => '6', :vcenter_api_retry_count => '11', :glare_enabled => true, } end it 'configures glance-api.conf' do - is_expected.to contain_glance_api_config('glance_store/vmware_api_insecure').with_value('True') + is_expected.to contain_glance_api_config('glance_store/vmware_ca_file').with_value('/etc/glance/vcenter-ca.pem') is_expected.to contain_glance_api_config('glance_store/vmware_task_poll_interval').with_value('6') is_expected.to contain_glance_api_config('glance_store/vmware_api_retry_count').with_value('11') end it 'configures glance-glare.conf' do - is_expected.to contain_glance_glare_config('glance_store/vmware_api_insecure').with_value('True') + is_expected.to contain_glance_glare_config('glance_store/vmware_ca_file').with_value('/etc/glance/vcenter-ca.pem') is_expected.to contain_glance_glare_config('glance_store/vmware_task_poll_interval').with_value('6') is_expected.to contain_glance_glare_config('glance_store/vmware_api_retry_count').with_value('11') end