esxi: add 'skip-cert-verification' option

following pve-esxi-import-tools's commits:
3ee5c3b ("esxi-folder-fuse: add --insecure option")
c292c67 ("listvms.py: add --insecure parameter, verify cert by
          default")
34c87be ("rename --insecure option to --skip-cert-verification")

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 [ TL: rename 'insecure' to 'skip-cert-verification' to better convey
   what it means ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/Storage/ESXiPlugin.pm b/src/PVE/Storage/ESXiPlugin.pm
index 1e02b10c1a0c985771fbd8ec18ccf3118dd5e029..5090a13b1e5eb26b3537dac25b799399d481a0e1 100644 (file)
--- a/src/PVE/Storage/ESXiPlugin.pm
+++ b/src/PVE/Storage/ESXiPlugin.pm
@@ -34,7 +34,13 @@ sub plugindata {
 }
 
 sub properties {
-    return {};
+    return {
+       'skip-cert-verification' => {
+           description => 'Disable TLS certificate verification, only enable on fully trusted networks!',
+           type => 'boolean',
+           default => 'false',
+       },
+    };
 }
 
 sub options {
@@ -47,6 +53,7 @@ sub options {
        server => {},
        username => {},
        password => { optional => 1},
+       'skip-cert-verification' => { optional => 1},
    };
 }
 
@@ -127,12 +134,14 @@ sub get_manifest : prototype($$$;$) {
 
     check_esxi_import_package();
 
+    my @extra_params;
+    push @extra_params, '--skip-cert-verification' if $scfg->{'skip-cert-verification'};
     my $host = $scfg->{server};
     my $user = $scfg->{username};
     my $pwfile = esxi_cred_file_name($storeid);
     my $json = '';
     run_command(
-       [$ESXI_LIST_VMS, $host, $user, $pwfile],
+       [$ESXI_LIST_VMS, @extra_params, $host, $user, $pwfile],
        outfunc => sub { $json .= $_[0] . "\n" },
     );
 
@@ -187,6 +196,9 @@ sub esxi_mount : prototype($$$;$) {
                "Proxmox VE FUSE mount for ESXi storage $storeid (server $host)",
            );
 
+           my @extra_params;
+           push @extra_params, '--skip-cert-verification' if $scfg->{'skip-cert-verification'};
+
            my $flags = fcntl($wr, F_GETFD, 0)
                // die "failed to get file descriptor flags: $!\n";
            fcntl($wr, F_SETFD, $flags & ~FD_CLOEXEC)
@@ -194,6 +206,7 @@ sub esxi_mount : prototype($$$;$) {
            # FIXME: use the user/group options!
            exec {$ESXI_FUSE_TOOL}
                $ESXI_FUSE_TOOL,
+               @extra_params,
                '-o', 'allow_other',
                '--ready-fd', fileno($wr),
                '--user', $user,