Merge pull request #14261 from kamsz/devel
Add validate_certs param to skip SSL verification in VMware
This commit is contained in:
commit
371c7315b0
1 changed files with 19 additions and 9 deletions
|
@ -21,6 +21,7 @@
|
||||||
try:
|
try:
|
||||||
import atexit
|
import atexit
|
||||||
import time
|
import time
|
||||||
|
import ssl
|
||||||
# requests is required for exception handling of the ConnectionError
|
# requests is required for exception handling of the ConnectionError
|
||||||
import requests
|
import requests
|
||||||
from pyVim import connect
|
from pyVim import connect
|
||||||
|
@ -104,6 +105,7 @@ def vmware_argument_spec():
|
||||||
hostname=dict(type='str', required=True),
|
hostname=dict(type='str', required=True),
|
||||||
username=dict(type='str', aliases=['user', 'admin'], required=True),
|
username=dict(type='str', aliases=['user', 'admin'], required=True),
|
||||||
password=dict(type='str', aliases=['pass', 'pwd'], required=True, no_log=True),
|
password=dict(type='str', aliases=['pass', 'pwd'], required=True, no_log=True),
|
||||||
|
validate_certs=dict(type='bool', required=False, default=True),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -112,21 +114,29 @@ def connect_to_api(module, disconnect_atexit=True):
|
||||||
hostname = module.params['hostname']
|
hostname = module.params['hostname']
|
||||||
username = module.params['username']
|
username = module.params['username']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
|
|
||||||
|
if validate_certs and not hasattr(ssl, 'SSLContext'):
|
||||||
|
module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update python or or use validate_certs=false')
|
||||||
|
|
||||||
try:
|
try:
|
||||||
service_instance = connect.SmartConnect(host=hostname, user=username, pwd=password)
|
service_instance = connect.SmartConnect(host=hostname, user=username, pwd=password)
|
||||||
|
|
||||||
# Disabling atexit should be used in special cases only.
|
|
||||||
# Such as IP change of the ESXi host which removes the connection anyway.
|
|
||||||
# Also removal significantly speeds up the return of the module
|
|
||||||
|
|
||||||
if disconnect_atexit:
|
|
||||||
atexit.register(connect.Disconnect, service_instance)
|
|
||||||
return service_instance.RetrieveContent()
|
|
||||||
except vim.fault.InvalidLogin, invalid_login:
|
except vim.fault.InvalidLogin, invalid_login:
|
||||||
module.fail_json(msg=invalid_login.msg, apierror=str(invalid_login))
|
module.fail_json(msg=invalid_login.msg, apierror=str(invalid_login))
|
||||||
except requests.ConnectionError, connection_error:
|
except requests.ConnectionError, connection_error:
|
||||||
module.fail_json(msg="Unable to connect to vCenter or ESXi API on TCP/443.", apierror=str(connection_error))
|
if '[SSL: CERTIFICATE_VERIFY_FAILED]' in str(connection_error) and not validate_certs:
|
||||||
|
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||||
|
context.verify_mode = ssl.CERT_NONE
|
||||||
|
service_instance = connect.SmartConnect(host=hostname, user=username, pwd=password, sslContext=context)
|
||||||
|
else:
|
||||||
|
module.fail_json(msg="Unable to connect to vCenter or ESXi API on TCP/443.", apierror=str(connection_error))
|
||||||
|
|
||||||
|
# Disabling atexit should be used in special cases only.
|
||||||
|
# Such as IP change of the ESXi host which removes the connection anyway.
|
||||||
|
# Also removal significantly speeds up the return of the module
|
||||||
|
if disconnect_atexit:
|
||||||
|
atexit.register(connect.Disconnect, service_instance)
|
||||||
|
return service_instance.RetrieveContent()
|
||||||
|
|
||||||
def get_all_objs(content, vimtype):
|
def get_all_objs(content, vimtype):
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue