Glance with vsphere backend by default verifies vCenter server TLS/SSL
certificate using system truststore (e.g.
/etc/ssl/certs/ca-certificates.crt). Here is a problem with connection
to vCenter: if we consider case with default installation, then vCenter
starts with self-signed certificate which cannot be verified using linux
shipped CA bundle. Glance starts, but fails to do any useful work,
because it generates SSL errors due to inability to verify vCenter
TLS/SSL certificate.
User can provide its own CA bundle file for Glance to verify connection,
but currently puppet-glance does not support this. This patch aims to
fix this problem, it:
- introduces new optional parameter $vcenter_ca_file which undef by
default, which means that value will not be written to glance-api.conf
- it switches default value of vmware_api_insecure to True
- provides rspec tests for changed behaviour
Change-Id: Icef5c35ad1128df465da548dd880a0dfeeadb5e1
Related-bug: #1559067
(cherry picked from commit a1fbd1a42c)
dd7ac6ecb0