Ensure default vCenter CA file is used if specified
This patch adds the same check already in place for function validate_config_for_migration to other routines to ensure a vCenter CA file is used - if specified - even if not present in plugin configuration. Change-Id: Ica293b5c0e8d17843e40cd3fab99bae68f2d0f49
This commit is contained in:
parent
61bcb1e4ba
commit
7b9ee7e6e3
|
@ -509,6 +509,17 @@ def _validate_l2gw(admin_context):
|
||||||
"supported." % (len(l2gws), [l2gw.id for l2gw in l2gws]))
|
"supported." % (len(l2gws), [l2gw.id for l2gw in l2gws]))
|
||||||
|
|
||||||
|
|
||||||
|
def _ensure_ca_file():
|
||||||
|
# Ensure CA file is used if /etc/ssl/certs/vcenter.pem exists
|
||||||
|
# otherwise secure connection to vcenter will fail
|
||||||
|
if not cfg.CONF.dvs.ca_file:
|
||||||
|
ca_file_default = "/etc/ssl/certs/vcenter.pem"
|
||||||
|
if os.path.isfile(ca_file_default):
|
||||||
|
LOG.info("ca_file for vCenter unset, defaulting to: %s",
|
||||||
|
ca_file_default)
|
||||||
|
cfg.CONF.set_override('ca_file', ca_file_default, 'dvs')
|
||||||
|
|
||||||
|
|
||||||
def _validate_config():
|
def _validate_config():
|
||||||
# General config options / per AZ which are unsupported
|
# General config options / per AZ which are unsupported
|
||||||
config.register_nsxv_azs(cfg.CONF, cfg.CONF.nsxv.availability_zones)
|
config.register_nsxv_azs(cfg.CONF, cfg.CONF.nsxv.availability_zones)
|
||||||
|
@ -537,15 +548,7 @@ def validate_config_for_migration(resource, event, trigger, **kwargs):
|
||||||
transit_networks = [transit_network]
|
transit_networks = [transit_network]
|
||||||
strict = bool(properties.get('strict', 'false').lower() == 'true')
|
strict = bool(properties.get('strict', 'false').lower() == 'true')
|
||||||
out_file = properties.get('summary-file-name')
|
out_file = properties.get('summary-file-name')
|
||||||
|
_ensure_ca_file()
|
||||||
# Ensure ca_file in DVS section is always set otherwise secure connection
|
|
||||||
# to vcenter will fail
|
|
||||||
if not cfg.CONF.dvs.ca_file:
|
|
||||||
ca_file_default = "/etc/ssl/certs/vcenter.pem"
|
|
||||||
if os.path.isfile(ca_file_default):
|
|
||||||
LOG.info("ca_file for vCenter unset, defaulting to: %s",
|
|
||||||
ca_file_default)
|
|
||||||
cfg.CONF.set_override('ca_file', ca_file_default, 'dvs')
|
|
||||||
LOG.info("Running migration config validation in %sstrict mode",
|
LOG.info("Running migration config validation in %sstrict mode",
|
||||||
'' if strict else 'non-')
|
'' if strict else 'non-')
|
||||||
|
|
||||||
|
@ -561,6 +564,7 @@ def validate_config_for_migration(resource, event, trigger, **kwargs):
|
||||||
admin_context = n_context.get_admin_context()
|
admin_context = n_context.get_admin_context()
|
||||||
|
|
||||||
_validate_config()
|
_validate_config()
|
||||||
|
_ensure_ca_file()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
with utils.NsxVPluginWrapper() as plugin:
|
with utils.NsxVPluginWrapper() as plugin:
|
||||||
|
@ -633,6 +637,7 @@ def list_ports_vif_ids(resource, event, trigger, **kwargs):
|
||||||
admin_context = n_context.get_admin_context()
|
admin_context = n_context.get_admin_context()
|
||||||
table_results = []
|
table_results = []
|
||||||
map_results = {}
|
map_results = {}
|
||||||
|
_ensure_ca_file()
|
||||||
|
|
||||||
with utils.NsxVPluginWrapper() as plugin:
|
with utils.NsxVPluginWrapper() as plugin:
|
||||||
neutron_ports = plugin.get_ports(admin_context)
|
neutron_ports = plugin.get_ports(admin_context)
|
||||||
|
|
Loading…
Reference in New Issue