libguestfs/SOURCES/0039-v2v-o-rhv-upload-make-oo-rhv-cafile-optional.patch

88 lines
3.3 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 971f3c3239a9d6433fa351ceb983db9cce2ab4ac Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Fri, 27 Sep 2019 13:56:42 +0200
Subject: [PATCH] v2v: -o rhv-upload: make -oo rhv-cafile optional
It makes little sense to require the oVirt certificate, especially when
the verification of the connection (-oo rhv-verifypeer) is disabled by
default. The only work done with the certificate in that case is
checking that it is a valid certificate file.
Hence, make -oo rhv-cafile optional, requiring it only when
-oo rhv-verifypeer is enabled.
(cherry picked from commit 0a5eaad7db3c9b9a03fa88102a9e6142c855bfd1)
---
v2v/output_rhv_upload.ml | 16 +++++++++-------
v2v/virt-v2v-output-rhv.pod | 2 ++
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/v2v/output_rhv_upload.ml b/v2v/output_rhv_upload.ml
index 206657a2b..2c8c18732 100644
--- a/v2v/output_rhv_upload.ml
+++ b/v2v/output_rhv_upload.ml
@@ -28,7 +28,7 @@ open Types
open Utils
type rhv_options = {
- rhv_cafile : string;
+ rhv_cafile : string option;
rhv_cluster : string option;
rhv_direct : bool;
rhv_verifypeer : bool;
@@ -76,15 +76,13 @@ let parse_output_options options =
error (f_"-o rhv-upload: unknown output option -oo %s") k
) options;
- let rhv_cafile =
- match !rhv_cafile with
- | Some s -> s
- | None ->
- error (f_"-o rhv-upload: must use -oo rhv-cafile to supply the path to the oVirt or RHV users ca.pem file") in
+ let rhv_cafile = !rhv_cafile in
let rhv_cluster = !rhv_cluster in
let rhv_direct = !rhv_direct in
let rhv_verifypeer = !rhv_verifypeer in
let rhv_disk_uuids = Option.map List.rev !rhv_disk_uuids in
+ if rhv_verifypeer && rhv_cafile = None then
+ error (f_"-o rhv-upload: must use -oo rhv-cafile to supply the path to the oVirt or RHV users ca.pem file");
{ rhv_cafile; rhv_cluster; rhv_direct; rhv_verifypeer; rhv_disk_uuids }
@@ -92,6 +90,10 @@ let nbdkit_python_plugin = Config.virt_v2v_nbdkit_python_plugin
let pidfile_timeout = 30
let finalization_timeout = 5*60
+let json_optstring = function
+ | Some s -> JSON.String s
+ | None -> JSON.Null
+
class output_rhv_upload output_alloc output_conn
output_password output_storage
rhv_options =
@@ -200,7 +202,7 @@ See also the virt-v2v-output-rhv(1) manual.")
"output_sparse", JSON.Bool (match output_alloc with
| Sparse -> true
| Preallocated -> false);
- "rhv_cafile", JSON.String rhv_options.rhv_cafile;
+ "rhv_cafile", json_optstring rhv_options.rhv_cafile;
"rhv_cluster",
JSON.String (Option.default "Default" rhv_options.rhv_cluster);
"rhv_direct", JSON.Bool rhv_options.rhv_direct;
diff --git a/v2v/virt-v2v-output-rhv.pod b/v2v/virt-v2v-output-rhv.pod
index e840ca78d..04a894268 100644
--- a/v2v/virt-v2v-output-rhv.pod
+++ b/v2v/virt-v2v-output-rhv.pod
@@ -101,6 +101,8 @@ The storage domain.
The F<ca.pem> file (Certificate Authority), copied from
F</etc/pki/ovirt-engine/ca.pem> on the oVirt engine.
+This option must be specified if I<-oo rhv-verifypeer> is enabled.
+
=item I<-oo rhv-cluster=>C<CLUSTERNAME>
Set the RHV Cluster Name. If not given it uses C<Default>.
--
2.18.4