Keith Robertson has uploaded a new change for review.
Change subject: tools: support mandatory verify(BZ854703) SDK changed to
force clients to send either 'insecure' flag or supply a CA.
......................................................................
tools: support mandatory verify(BZ854703)
SDK changed to force clients to send either 'insecure' flag
or supply a CA.
Change-Id: Ia3b787e86550af587d387db9754f70ea49164c34
Signed-off-by: Keith Robertson <[email protected]>
---
M src/rhev/helper/hypervisors.py
M src/rhev/logcollector.py
2 files changed, 24 insertions(+), 7 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-log-collector
refs/changes/71/7771/1
diff --git a/src/rhev/helper/hypervisors.py b/src/rhev/helper/hypervisors.py
index 918d268..8e96110 100644
--- a/src/rhev/helper/hypervisors.py
+++ b/src/rhev/helper/hypervisors.py
@@ -6,7 +6,7 @@
import gettext
from ovirtsdk.api import API
from ovirtsdk.xml import params
-from ovirtsdk.infrastructure.errors import RequestError, ConnectionError
+from ovirtsdk.infrastructure.errors import RequestError, ConnectionError,
NoCertificatesError
t = gettext.translation('hypervisors', fallback=True)
_ = t.ugettext
@@ -109,14 +109,16 @@
for host in cluster.hosts]
-def _initialize_api(hostname, username, password):
+def _initialize_api(hostname, username, password, ca, insecure):
"""
Initialize the oVirt RESTful API
"""
url = "https://"; + hostname + "/api"
api = API(url=url,
username=username,
- password=password)
+ password=password,
+ ca_file=ca,
+ insecure=insecure)
try:
pi = api.get_product_info()
if pi is not None:
@@ -130,19 +132,22 @@
logging.error(_("Unable to connect to REST API. Reason: %s") %
re.reason)
return None
except ConnectionError:
- logging.error(_("Problem connecting to the REST API. Is the service
available?"))
+ logging.error(_("Problem connecting to the REST API. Is the service
available and does the CA certificate exist?"))
+ return None
+ except NoCertificatesError:
+ logging.error(_("Problem connecting to the REST API. The CA is
invalid. To override use the \'insecure\' option."))
return None
except Exception, e:
logging.error(_("Unable to connect to REST API. Message: %s") % e)
return None
return api
-def get_all(hostname, username, password):
+def get_all(hostname, username, password, ca, insecure=False):
tree = ENGINETree()
try:
- api = _initialize_api(hostname, username, password)
+ api = _initialize_api(hostname, username, password, ca, insecure)
if api is not None:
for dc in api.datacenters.list():
tree.add_datacenter(dc)
diff --git a/src/rhev/logcollector.py b/src/rhev/logcollector.py
index cfed76c..4bf0477 100644
--- a/src/rhev/logcollector.py
+++ b/src/rhev/logcollector.py
@@ -641,7 +641,9 @@
try:
return hypervisors.get_all(self.conf.get("engine"),
self.conf.get("user"),
- self.conf.get("passwd"))
+ self.conf.get("passwd"),
+ self.conf.get("engine_ca"),
+ self.conf.get("insecure"))
except Exception, e:
ExitCodes.exit_code=ExitCodes.WARN
logging.error("_get_hypervisors_from_api: %s" % e)
@@ -866,6 +868,16 @@
metavar="PATH",
default=DEFAULT_LOG_FILE)
+ parser.add_option("", "--engine-ca", dest="engine_ca",
+ help="The CA certificate used to validate the engine.
(default=/etc/pki/ovirt-engine/ca.pem)",
+ metavar="/etc/pki/ovirt-engine/ca.pem",
+ default="/etc/pki/ovirt-engine/ca.pem")
+
+ parser.add_option("", "--insecure", dest="insecure",
+ help="Do not make an attempt to verify the engine.",
+ action="store_true",
+ default=False)
+
parser.add_option("-v", "--verbose", dest="verbose",
action="store_true", default=False)
--
To view, visit http://gerrit.ovirt.org/7771
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia3b787e86550af587d387db9754f70ea49164c34
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-log-collector
Gerrit-Branch: master
Gerrit-Owner: Keith Robertson <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
