[Libguestfs] [PATCH v3] v2v: -o openstack: Allow -oo insecure (RHBZ#1651432).

Previously we allowed arbitrary flags to be passed through to the underlying openstack CLI command, provided they have the format ‘--key=value’. We want to pass the ‘--insecure’ flag through, but that doesn't have the key=value form. However a small modification to the matching rules would allow this. The effect of this change is that you can now use ‘virt-v2v -oo insecure’ to turn off SSL certificate validation. The default is to verify the server certificate (which is the default of the openstack command). --- v2v/output_openstack.ml | 11 +++++++---- v2v/test-v2v-o-openstack.sh | 2 ++ v2v/virt-v2v-output-openstack.pod | 7 +++++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/v2v/output_openstack.ml b/v2v/output_openstack.ml index 22fac69bd..76e269c85 100644 --- a/v2v/output_openstack.ml +++ b/v2v/output_openstack.ml @@ -110,11 +110,14 @@ let parse_output_options options = dev_disk_by_id := Some v | "guest-id", v -> guest_id := Some v + (* Accumulate any remaining/unknown -oo parameters + * into the authentication list, where they will be + * passed unmodified through to the openstack command. + *) + | k, "" -> + let opt = sprintf "--%s" k in + authentication := opt :: !authentication | k, v -> - (* Accumulate any remaining/unknown -oo parameters - * into the authentication list, where they will be - * pass unmodified through to the openstack command. - *) let opt = sprintf "--%s=%s" k v in authentication := opt :: !authentication ) options; diff --git a/v2v/test-v2v-o-openstack.sh b/v2v/test-v2v-o-openstack.sh index 3a10a5475..8b809a1aa 100755 --- a/v2v/test-v2v-o-openstack.sh +++ b/v2v/test-v2v-o-openstack.sh @@ -56,6 +56,7 @@ $VG virt-v2v --debug-gc \ -o openstack -on test \ -oo server-id=test \ -oo guest-id=guestid \ + -oo insecure \ -oo dev-disk-by-id=$d # Check the log of openstack commands to make sure they look reasonable. @@ -65,5 +66,6 @@ grep 'server add volume' $d/log grep 'volume set.*--bootable.*dummy-vol-id' $d/log grep 'volume set.*--property.*virt_v2v_guest_id=guestid' $d/log grep 'server remove volume' $d/log +grep -- '--insecure' $d/log rm -r $d diff --git a/v2v/virt-v2v-output-openstack.pod b/v2v/virt-v2v-output-openstack.pod index 7ea3bc75c..64c431b6c 100644 --- a/v2v/virt-v2v-output-openstack.pod +++ b/v2v/virt-v2v-output-openstack.pod @@ -124,6 +124,13 @@ This can be used to find disks associated with a guest, or to associate which disks are related to which guests when converting many guests. +=head2 OpenStack: Ignore server certificate + +Using I<virt-v2v -oo insecure> you can tell the openstack client to +ignore the server certificate when connecting to the OpenStack API +endpoints. This has the same effect as passing the I<--insecure> +option to the C<openstack> command. + =head2 OpenStack: Converting a guest The final command to convert the guest, running as root, will be: -- 2.19.0.rc0