Merge pull request #2975 from ansible/vsphere-validate-older-pythons

Make validate_certs for vsphere_guest work with older python2
reviewable/pr18780/r1
Toshio Kuratomi 9 years ago
commit 2ec9f67282

@ -52,10 +52,15 @@ options:
aliases: [] aliases: []
validate_certs: validate_certs:
description: description:
- Validate SSL certs. - Validate SSL certs. Note, if running on python without SSLContext
support (typically, python < 2.7.9) you will have to set this to C(no)
as pysphere does not support validating certificates on older python.
Prior to 2.1, this module would always validate on python >= 2.7.9 and
never validate on python <= 2.7.8.
required: false required: false
default: yes default: yes
choices: ['yes', 'no'] choices: ['yes', 'no']
version_added: 2.1
guest: guest:
description: description:
- The virtual server name you wish to manage. - The virtual server name you wish to manage.
@ -1632,15 +1637,21 @@ def main():
# CONNECT TO THE SERVER # CONNECT TO THE SERVER
viserver = VIServer() viserver = VIServer()
if validate_certs and not hasattr(ssl, 'SSLContext') and not vcenter_hostname.startswith('http://'):
module.fail_json(msg='pysphere does not support verifying certificates with python < 2.7.9. Either update python or set validate_certs=False on the task')
try: try:
viserver.connect(vcenter_hostname, username, password) viserver.connect(vcenter_hostname, username, password)
except ssl.SSLError as sslerr: except ssl.SSLError as sslerr:
if '[SSL: CERTIFICATE_VERIFY_FAILED]' in sslerr.strerror and not validate_certs: if '[SSL: CERTIFICATE_VERIFY_FAILED]' in sslerr.strerror:
if not validate_certs:
default_context = ssl._create_default_https_context default_context = ssl._create_default_https_context
ssl._create_default_https_context = ssl._create_unverified_context ssl._create_default_https_context = ssl._create_unverified_context
viserver.connect(vcenter_hostname, username, password) viserver.connect(vcenter_hostname, username, password)
else: else:
raise Exception(sslerr) module.fail_json(msg='Unable to validate the certificate of the vcenter host %s' % vcenter_hostname)
else:
raise
except VIApiException, err: except VIApiException, err:
module.fail_json(msg="Cannot connect to %s: %s" % module.fail_json(msg="Cannot connect to %s: %s" %
(vcenter_hostname, err)) (vcenter_hostname, err))

Loading…
Cancel
Save