thr3ads.net - Libguestfs - [Libguestfs] [PATCH] v2v: -o openstack: Option to add --insecure flag to openstack command. [Nov 2018]

If this information is useful, please help other people find it:
Share via:

Richard W.M. Jones

2018-Nov-19 19:09 UTC

[Libguestfs] [PATCH] v2v: -o openstack: Option to add --insecure flag to openstack command.

If ‘virt-v2v -oo insecure’ is used then ‘openstack --insecure’ flag is
added whenever we invoke the openstack command.  This turns of SSL
certificate validation.
---
 v2v/output_openstack.ml           | 14 +++++++++++++-
 v2v/virt-v2v-output-openstack.pod |  1 +
 v2v/virt-v2v.pod                  |  7 +++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/v2v/output_openstack.ml b/v2v/output_openstack.ml
index b901ab262..b5bbc9195 100644
--- a/v2v/output_openstack.ml
+++ b/v2v/output_openstack.ml
@@ -53,6 +53,11 @@ type os_options = {
    *)
   authentication : string list;
 
+  (* Add the [openstack --insecure] switch (turns off SSL cert
+   * validation).
+   *)
+  insecure : bool;
+
   (* Optional guest_id which, if present, is saved as
    * Cinder volume property virt_v2v_guest_id on every disk
    * associated with this guest.
@@ -97,6 +102,7 @@ The os-* parameters and environment variables are optional.
 let parse_output_options options    let server_id = ref None in
   let dev_disk_by_id = ref None in
+  let insecure = ref false in
   let guest_id = ref None in
   let authentication = ref [] in
   List.iter (
@@ -105,6 +111,10 @@ let parse_output_options options         server_id := Some
v
     | "dev-disk-by-id", v ->
        dev_disk_by_id := Some v
+    | "insecure", "" ->
+       insecure := true
+    | "insecure", v ->
+       insecure := bool_of_string v
     | "guest-id", v ->
        guest_id := Some v
     | k, v ->
@@ -117,9 +127,10 @@ let parse_output_options options    ) options;
   let server_id = !server_id in
   let authentication = List.rev !authentication in
+  let insecure = !insecure in
   let guest_id = !guest_id in
   let dev_disk_by_id = !dev_disk_by_id in
-  { server_id; authentication; guest_id; dev_disk_by_id }
+  { server_id; authentication; insecure; guest_id; dev_disk_by_id }
 
 (* UTC conversion time. *)
 let iso_time @@ -137,6 +148,7 @@ class output_openstack output_conn
output_password output_storage
     let args = ref os_options.authentication in
     Option.may (fun oc -> List.push_back args (sprintf
"--os-auth-url=%s" oc))
                output_conn;
+    if os_options.insecure then List.push_back args "--insecure";
     !args in
 
   (* The server ID (the name or UUID of the conversion appliance) can
diff --git a/v2v/virt-v2v-output-openstack.pod
b/v2v/virt-v2v-output-openstack.pod
index 7ea3bc75c..25c7ab627 100644
--- a/v2v/virt-v2v-output-openstack.pod
+++ b/v2v/virt-v2v-output-openstack.pod
@@ -7,6 +7,7 @@ virt-v2v-output-openstack - Using virt-v2v to convert guests to
OpenStack
  virt-v2v [-i* options] -o openstack
                         [-oo server-id=SERVER]
                         [-oo guest-id=GUEST]
+                        [-oo insecure]
                         [-oo os-username=admin] [-oo os-*=*]
 
  virt-v2v [-i* options] -o glance
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
index 3f0620bc6..b9155cb87 100644
--- a/v2v/virt-v2v.pod
+++ b/v2v/virt-v2v.pod
@@ -555,6 +555,13 @@ For I<-o openstack>
(L<virt-v2v-output-openstack(1)>) only, set a guest ID
 which is saved on each Cinder volume in the C<virt_v2v_guest_id>
 volume property.
 
+=item B<-oo insecure>
+
+=item B<-oo insecure=>C<true|false>
+
+For I<-o openstack> (L<virt-v2v-output-openstack(1)>) only, this
+disables SSL certification validation when connecting to OpenStack.
+
 =item B<-oo os->*B<=>*
 
 For I<-o openstack> (L<virt-v2v-output-openstack(1)>) only, set
optional
-- 
2.19.0.rc0

Pino Toscano

2018-Nov-20 09:12 UTC

head link

Re: [Libguestfs] [PATCH] v2v: -o openstack: Option to add --insecure flag to openstack command.

On Monday, 19 November 2018 20:09:19 CET Richard W.M. Jones
wrote:> If ‘virt-v2v -oo insecure’ is used then ‘openstack --insecure’ flag is
> added whenever we invoke the openstack command.  This turns of SSL
> certificate validation.
While I understand that this passes the --insecure option to the
openstack client, maybe a slightly less generic name (e.g.
--ssl-verify=true/false, or so) IMHO would be better.

-- 
Pino Toscano

Reasonably Related Threads

Search for more maybe matching threads

Libguestfs - Nov 2018 - [PATCH] v2v: -o openstack: Option to add --insecure flag to openstack command.

[Libguestfs] [PATCH] v2v: -o openstack: Option to add --insecure flag to openstack command.

Re: [Libguestfs] [PATCH] v2v: -o openstack: Option to add --insecure flag to openstack command.

Reasonably Related Threads