Oved Ourfali has posted comments on this change.
Change subject: WIP Support foreman SSL provider
......................................................................
Patch Set 2: (3 inline comments)
Added some comment to clarify some things I did
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java
Line 131: if
(hostUrl.getProtocol().equalsIgnoreCase(HTTPS_PROTOCOL)) {
Line 132: URL trustStorePath = new URL(FILE_URL_PREFIX +
EngineLocalConfig.getInstance().getPKIExternalTrustStore());
Line 133: String trustStorePassword =
EngineLocalConfig.getInstance().getPKIExternalTrustStorePassword();
Line 134: boolean enableSniExtension =
EngineLocalConfig.getInstance().isEnableSniExtension();
Line 135: System.setProperty("jsse.enableSNIExtension",
String.valueOf(enableSniExtension));
Didn't find a way to make it work without setting this field. The configuration
for it is not part of the engine configuration.
Line 136: int hostPort = hostUrl.getPort();
Line 137: if (hostPort == -1) {
Line 138: hostPort = DEFAULT_SECURED_PORT;
Line 139: }
....................................................
File
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
Line 216:
Line 217: @Override
Line 218: public void executed(FrontendActionAsyncResult result) {
Line 219: VdcReturnValueBase res = result.getReturnValue();
Line 220: //getTestResult().setEntity(res != null &&
res.getSucceeded());
This code below will have to change.
I changed it for testing purposes.
Line 221: if (res == null || !res.getSucceeded()) {
Line 222: AsyncQuery getCertChainQuery = new AsyncQuery();
Line 223: getCertChainQuery.asyncCallback = new
INewAsyncCallback() {
Line 224: @Override
....................................................
File packaging/etc/pki/installCA.sh
Line 78: keytool -import -noprompt -trustcacerts -alias cacert -keypass "$PASS"
-file certs/ca.der -keystore ./.truststore -storepass "$PASS"
Line 79:
Line 80: # Generate the external truststore also trusting the CA certificate
Line 81: keytool -import -noprompt -trustcacerts -alias cacert -keypass "$PASS"
-file certs/ca.der -keystore ./.truststore_external -storepass "$PASS"
Line 82:
I currently did it here, as I need the same truststore anyway, trusting the CA
certificates that is created here (The engine logic uses only the external
trust store in the external provider use-case).
If there will be objections to put it here, then I'll move it to another file.
Line 83: echo " "
Line 84: echo "} Creating client certificates for oVirt..."
Line 85: enroll_certificate engine "$PASS"
"/C=${COUNTRY}/O=${ORG}/CN=${SUBJECT}"
Line 86: enroll_certificate apache "$PASS"
"/C=${COUNTRY}/O=${ORG}/CN=${SUBJECT}"
--
To view, visit http://gerrit.ovirt.org/15128
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I35343409d74a4f90aae726b46781f27ce08a981a
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Mike Kolesnik <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
