[Libguestfs] [PATCH v3] v2v: -o openstack: Allow -oo insecure (RHBZ#1651432).

Richard W.M. Jones rjones at redhat.com
Tue Nov 20 10:25:10 UTC 2018 

Previously we allowed arbitrary flags to be passed through to the
underlying openstack CLI command, provided they have the format
‘--key=value’.  We want to pass the ‘--insecure’ flag through, but
that doesn't have the key=value form.  However a small modification to
the matching rules would allow this.

The effect of this change is that you can now use ‘virt-v2v -oo
insecure’ to turn off SSL certificate validation.  The default is to
verify the server certificate (which is the default of the openstack
command).
---
 v2v/output_openstack.ml           | 11 +++++++----
 v2v/test-v2v-o-openstack.sh       |  2 ++
 v2v/virt-v2v-output-openstack.pod |  7 +++++++
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/v2v/output_openstack.ml b/v2v/output_openstack.ml
index 22fac69bd..76e269c85 100644
--- a/v2v/output_openstack.ml
+++ b/v2v/output_openstack.ml
@@ -110,11 +110,14 @@ let parse_output_options options =
        dev_disk_by_id := Some v
     | "guest-id", v ->
        guest_id := Some v
+    (* Accumulate any remaining/unknown -oo parameters
+     * into the authentication list, where they will be
+     * passed unmodified through to the openstack command.
+     *)
+    | k, "" ->
+       let opt = sprintf "--%s" k in
+       authentication := opt :: !authentication
     | k, v ->
-       (* Accumulate any remaining/unknown -oo parameters
-        * into the authentication list, where they will be
-        * pass unmodified through to the openstack command.
-        *)
        let opt = sprintf "--%s=%s" k v in
        authentication := opt :: !authentication
   ) options;
diff --git a/v2v/test-v2v-o-openstack.sh b/v2v/test-v2v-o-openstack.sh
index 3a10a5475..8b809a1aa 100755
--- a/v2v/test-v2v-o-openstack.sh
+++ b/v2v/test-v2v-o-openstack.sh
@@ -56,6 +56,7 @@ $VG virt-v2v --debug-gc \
     -o openstack -on test \
     -oo server-id=test \
     -oo guest-id=guestid \
+    -oo insecure \
     -oo dev-disk-by-id=$d
 
 # Check the log of openstack commands to make sure they look reasonable.
@@ -65,5 +66,6 @@ grep 'server add volume' $d/log
 grep 'volume set.*--bootable.*dummy-vol-id' $d/log
 grep 'volume set.*--property.*virt_v2v_guest_id=guestid' $d/log
 grep 'server remove volume' $d/log
+grep -- '--insecure' $d/log
 
 rm -r $d
diff --git a/v2v/virt-v2v-output-openstack.pod b/v2v/virt-v2v-output-openstack.pod
index 7ea3bc75c..64c431b6c 100644
--- a/v2v/virt-v2v-output-openstack.pod
+++ b/v2v/virt-v2v-output-openstack.pod
@@ -124,6 +124,13 @@ This can be used to find disks associated with a guest, or to
 associate which disks are related to which guests when converting many
 guests.
 
+=head2 OpenStack: Ignore server certificate
+
+Using I<virt-v2v -oo insecure> you can tell the openstack client to
+ignore the server certificate when connecting to the OpenStack API
+endpoints.  This has the same effect as passing the I<--insecure>
+option to the C<openstack> command.
+
 =head2 OpenStack: Converting a guest
 
 The final command to convert the guest, running as root, will be:
-- 
2.19.0.rc0

More information about the Libguestfs mailing list