Prepare updating default of emc_ssl_cert_verify
Currently, the emc_ssl_cert_verify parameter defaults to false in some backends. However the parameter defaults to true in Manila itself, and it is generally discouraged to disable verification of SSL certs. This change prepares updating the default value in a future release, and provide notice about that change. Change-Id: I75378fdef418f95cae1790abcd26754453256dbf
This commit is contained in:
Takashi Kajinami
parent
fc19c688fb
commit
e197b396a8
|
|
@ -105,7 +105,7 @@ define manila::backend::dellemc_unity (
|
|||
$unity_share_server = $::os_service_default,
|
||||
$report_default_filter_function = $::os_service_default,
|
||||
$network_plugin_ipv6_enabled = true,
|
||||
$emc_ssl_cert_verify = false,
|
||||
$emc_ssl_cert_verify = undef,
|
||||
$emc_ssl_cert_path = $::os_service_default,
|
||||
$package_ensure = 'present',
|
||||
) {
|
||||
|
|
@ -115,6 +115,11 @@ define manila::backend::dellemc_unity (
|
|||
|
||||
validate_legacy(String, 'validate_string', $emc_nas_password)
|
||||
|
||||
if $emc_ssl_cert_verify == undef {
|
||||
warning('Default of emc_ssl_cert_verify will be changed from false to service default(true).')
|
||||
}
|
||||
$emc_ssl_cert_verify_real = pick($emc_ssl_cert_verify, false)
|
||||
|
||||
$unity_share_driver = 'manila.share.drivers.dell_emc.driver.EMCShareDriver'
|
||||
|
||||
manila_config {
|
||||
|
|
@ -132,7 +137,7 @@ define manila::backend::dellemc_unity (
|
|||
"${share_backend_name}/unity_share_server": value => $unity_share_server;
|
||||
"${share_backend_name}/report_default_filter_function": value => $report_default_filter_function;
|
||||
"${share_backend_name}/network_plugin_ipv6_enabled": value => $network_plugin_ipv6_enabled;
|
||||
"${share_backend_name}/emc_ssl_cert_verify": value => $emc_ssl_cert_verify;
|
||||
"${share_backend_name}/emc_ssl_cert_verify": value => $emc_ssl_cert_verify_real;
|
||||
"${share_backend_name}/emc_ssl_cert_path": value => $emc_ssl_cert_path;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ define manila::backend::dellemc_vnx (
|
|||
$vnx_share_data_pools = $::os_service_default,
|
||||
$vnx_ethernet_ports = $::os_service_default,
|
||||
$network_plugin_ipv6_enabled = true,
|
||||
$emc_ssl_cert_verify = false,
|
||||
$emc_ssl_cert_verify = undef,
|
||||
$emc_ssl_cert_path = $::os_service_default,
|
||||
$package_ensure = 'present',
|
||||
$driver_handles_share_servers = undef,
|
||||
|
|
@ -105,6 +105,11 @@ define manila::backend::dellemc_vnx (
|
|||
|
||||
validate_legacy(String, 'validate_string', $emc_nas_password)
|
||||
|
||||
if $emc_ssl_cert_verify == undef {
|
||||
warning('Default of emc_ssl_cert_verify will be changed from false to service default(true).')
|
||||
}
|
||||
$emc_ssl_cert_verify_real = pick($emc_ssl_cert_verify, false)
|
||||
|
||||
if $driver_handles_share_servers != undef {
|
||||
warning('The driver_handles_share_servers parameter has been deprecated and has no effect')
|
||||
}
|
||||
|
|
@ -124,7 +129,7 @@ define manila::backend::dellemc_vnx (
|
|||
"${share_backend_name}/vnx_share_data_pools": value => join(any2array($vnx_share_data_pools), ',');
|
||||
"${share_backend_name}/vnx_ethernet_ports": value => join(any2array($vnx_ethernet_ports), ',');
|
||||
"${share_backend_name}/network_plugin_ipv6_enabled": value => $network_plugin_ipv6_enabled;
|
||||
"${share_backend_name}/emc_ssl_cert_verify": value => $emc_ssl_cert_verify;
|
||||
"${share_backend_name}/emc_ssl_cert_verify": value => $emc_ssl_cert_verify_real;
|
||||
"${share_backend_name}/emc_ssl_cert_path": value => $emc_ssl_cert_path;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
Defaut value of the ``emc_ssl_cert_verify`` parameter in the following
|
||||
resource types will be changed from ``false`` to service default which
|
||||
is effectively ``true``. Make sure the parameter is set if needed.
|
||||
|
||||
- ``manila::backend::dellemc_unity``
|
||||
- ``manila::backend::dellemc_vnx``
|
||||
Loading…
Reference in New Issue