yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

esxi: add 'skip-cert-verification' option

Browse Source 
following pve-esxi-import-tools's commits:
3ee5c3b ("esxi-folder-fuse: add --insecure option")
c292c67 ("listvms.py: add --insecure parameter, verify cert by
          default")
34c87be ("rename --insecure option to --skip-cert-verification")

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 [ TL: rename 'insecure' to 'skip-cert-verification' to better convey
   what it means ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Wolfgang Bumiller
2024-03-12 13:54:49 +01:00
committed by Thomas Lamprecht
parent 4f50a578f4
commit 2ff6f99c60
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/PVE/Storage/ESXiPlugin.pm
View File

@ -34,7 +34,13 @@ sub plugindata {
}
sub properties {
return {};
return {
'skip-cert-verification' => {
description => 'Disable TLS certificate verification, only enable on fully trusted networks!',
type => 'boolean',
default => 'false',
},
};
}
sub options {
@ -47,6 +53,7 @@ sub options {
server => {},
username => {},
password => { optional => 1},
'skip-cert-verification' => { optional => 1},
};
}
@ -127,12 +134,14 @@ sub get_manifest : prototype($$$;$) {
check_esxi_import_package();
my @extra_params;
push @extra_params, '--skip-cert-verification' if $scfg->{'skip-cert-verification'};
my $host = $scfg->{server};
my $user = $scfg->{username};
my $pwfile = esxi_cred_file_name($storeid);
my $json = '';
run_command(
[$ESXI_LIST_VMS, $host, $user, $pwfile],
[$ESXI_LIST_VMS, @extra_params, $host, $user, $pwfile],
outfunc => sub { $json .= $_[0] . "\n" },
);
@ -187,6 +196,9 @@ sub esxi_mount : prototype($$$;$) {
"Proxmox VE FUSE mount for ESXi storage $storeid (server $host)",
);
my @extra_params;
push @extra_params, '--skip-cert-verification' if $scfg->{'skip-cert-verification'};
my $flags = fcntl($wr, F_GETFD, 0)
// die "failed to get file descriptor flags: $!\n";
fcntl($wr, F_SETFD, $flags & ~FD_CLOEXEC)
@ -194,6 +206,7 @@ sub esxi_mount : prototype($$$;$) {
# FIXME: use the user/group options!
exec {$ESXI_FUSE_TOOL}
$ESXI_FUSE_TOOL,
@extra_params,
'-o', 'allow_other',
'--ready-fd', fileno($wr),
'--user', $user,