yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

esxi: add 'skip-cert-verification' option

Browse Source 
following pve-esxi-import-tools's commits:
3ee5c3b ("esxi-folder-fuse: add --insecure option")
c292c67 ("listvms.py: add --insecure parameter, verify cert by
          default")
34c87be ("rename --insecure option to --skip-cert-verification")

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 [ TL: rename 'insecure' to 'skip-cert-verification' to better convey
   what it means ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Wolfgang Bumiller
2024-03-12 13:54:49 +01:00
committed by Thomas Lamprecht
parent 4f50a578f4
commit 2ff6f99c60
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/PVE/Storage/ESXiPlugin.pm
View File

@ -34,7 +34,13 @@ sub plugindata {
} }
sub properties { sub properties {
return {}; return {
'skip-cert-verification' => {
description => 'Disable TLS certificate verification, only enable on fully trusted networks!',
type => 'boolean',
default => 'false',
},
};
} }
sub options { sub options {
@ -47,6 +53,7 @@ sub options {
server => {}, server => {},
username => {}, username => {},
password => { optional => 1}, password => { optional => 1},
'skip-cert-verification' => { optional => 1},
}; };
} }
@ -127,12 +134,14 @@ sub get_manifest : prototype($$$;$) {
check_esxi_import_package(); check_esxi_import_package();
my @extra_params;
push @extra_params, '--skip-cert-verification' if $scfg->{'skip-cert-verification'};
my $host = $scfg->{server}; my $host = $scfg->{server};
my $user = $scfg->{username}; my $user = $scfg->{username};
my $pwfile = esxi_cred_file_name($storeid); my $pwfile = esxi_cred_file_name($storeid);
my $json = ''; my $json = '';
run_command( run_command(
[$ESXI_LIST_VMS, $host, $user, $pwfile], [$ESXI_LIST_VMS, @extra_params, $host, $user, $pwfile],
outfunc => sub { $json .= $_[0] . "\n" }, outfunc => sub { $json .= $_[0] . "\n" },
); );
@ -187,6 +196,9 @@ sub esxi_mount : prototype($$$;$) {
"Proxmox VE FUSE mount for ESXi storage $storeid (server $host)", "Proxmox VE FUSE mount for ESXi storage $storeid (server $host)",
); );
my @extra_params;
push @extra_params, '--skip-cert-verification' if $scfg->{'skip-cert-verification'};
my $flags = fcntl($wr, F_GETFD, 0) my $flags = fcntl($wr, F_GETFD, 0)
// die "failed to get file descriptor flags: $!\n"; // die "failed to get file descriptor flags: $!\n";
fcntl($wr, F_SETFD, $flags & ~FD_CLOEXEC) fcntl($wr, F_SETFD, $flags & ~FD_CLOEXEC)
@ -194,6 +206,7 @@ sub esxi_mount : prototype($$$;$) {
# FIXME: use the user/group options! # FIXME: use the user/group options!
exec {$ESXI_FUSE_TOOL} exec {$ESXI_FUSE_TOOL}
$ESXI_FUSE_TOOL, $ESXI_FUSE_TOOL,
@extra_params,
'-o', 'allow_other', '-o', 'allow_other',
'--ready-fd', fileno($wr), '--ready-fd', fileno($wr),
'--user', $user, '--user', $user,