If ‘virt-v2v -oo insecure’ is used then ‘openstack --insecure’ flag is
added whenever we invoke the openstack command. This turns of SSL
certificate validation.
---
v2v/output_openstack.ml | 14 +++++++++++++-
v2v/virt-v2v-output-openstack.pod | 1 +
v2v/virt-v2v.pod | 7 +++++++
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/v2v/output_openstack.ml b/v2v/output_openstack.ml
index b901ab262..b5bbc9195 100644
--- a/v2v/output_openstack.ml
+++ b/v2v/output_openstack.ml
@@ -53,6 +53,11 @@ type os_options = {
*)
authentication : string list;
+ (* Add the [openstack --insecure] switch (turns off SSL cert
+ * validation).
+ *)
+ insecure : bool;
+
(* Optional guest_id which, if present, is saved as
* Cinder volume property virt_v2v_guest_id on every disk
* associated with this guest.
@@ -97,6 +102,7 @@ The os-* parameters and environment variables are optional.
let parse_output_options options =
let server_id = ref None in
let dev_disk_by_id = ref None in
+ let insecure = ref false in
let guest_id = ref None in
let authentication = ref [] in
List.iter (
@@ -105,6 +111,10 @@ let parse_output_options options =
server_id := Some v
| "dev-disk-by-id", v ->
dev_disk_by_id := Some v
+ | "insecure", "" ->
+ insecure := true
+ | "insecure", v ->
+ insecure := bool_of_string v
| "guest-id", v ->
guest_id := Some v
| k, v ->
@@ -117,9 +127,10 @@ let parse_output_options options =
) options;
let server_id = !server_id in
let authentication = List.rev !authentication in
+ let insecure = !insecure in
let guest_id = !guest_id in
let dev_disk_by_id = !dev_disk_by_id in
- { server_id; authentication; guest_id; dev_disk_by_id }
+ { server_id; authentication; insecure; guest_id; dev_disk_by_id }
(* UTC conversion time. *)
let iso_time =
@@ -137,6 +148,7 @@ class output_openstack output_conn output_password output_storage
let args = ref os_options.authentication in
Option.may (fun oc -> List.push_back args (sprintf "--os-auth-url=%s"
oc))
output_conn;
+ if os_options.insecure then List.push_back args "--insecure";
!args in
(* The server ID (the name or UUID of the conversion appliance) can
diff --git a/v2v/virt-v2v-output-openstack.pod b/v2v/virt-v2v-output-openstack.pod
index 7ea3bc75c..25c7ab627 100644
--- a/v2v/virt-v2v-output-openstack.pod
+++ b/v2v/virt-v2v-output-openstack.pod
@@ -7,6 +7,7 @@ virt-v2v-output-openstack - Using virt-v2v to convert guests to OpenStack
virt-v2v [-i* options] -o openstack
[-oo server-id=SERVER]
[-oo guest-id=GUEST]
+ [-oo insecure]
[-oo os-username=admin] [-oo os-*=*]
virt-v2v [-i* options] -o glance
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
index 3f0620bc6..b9155cb87 100644
--- a/v2v/virt-v2v.pod
+++ b/v2v/virt-v2v.pod
@@ -555,6 +555,13 @@ For I<-o openstack> (L<virt-v2v-output-openstack(1)>)
only, set a guest ID
which is saved on each Cinder volume in the C<virt_v2v_guest_id>
volume property.
+=item B<-oo insecure>
+
+=item B<-oo insecure=>C<true|false>
+
+For I<-o openstack> (L<virt-v2v-output-openstack(1)>) only, this
+disables SSL certification validation when connecting to OpenStack.
+
=item B<-oo os->*B<=>*
For I<-o openstack> (L<virt-v2v-output-openstack(1)>) only, set optional
--
2.19.0.rc0
Show replies by date
On Monday, 19 November 2018 20:09:19 CET Richard W.M. Jones wrote:
If ‘virt-v2v -oo insecure’ is used then ‘openstack --insecure’ flag
is
added whenever we invoke the openstack command. This turns of SSL
certificate validation.
While I understand that this passes the --insecure option to the
openstack client, maybe a slightly less generic name (e.g.
--ssl-verify=true/false, or so) IMHO would be better.
--
Pino Toscano