Change in vdsm[master]: BZ#856167 - Store engine CA cert in enginecacert.pem

Mon, 24 Sep 2012 08:24:34 -0700 

Dan Kenigsberg has posted comments on this change.

Change subject: BZ#856167 - Store engine CA cert in enginecacert.pem
......................................................................


Patch Set 2: (1 inline comment)

....................................................
File vdsm_reg/deployUtil.py.in
Line 1468:             ovirtfunctions.ovirt_safe_delete_config(CACERT)
Line 1469:         if os.path.exists(ENGINECACERT):
Line 1470:             ovirtfunctions.ovirt_safe_delete_config(ENGINECACERT)
Line 1471: 
Line 1472: def getRhevmCert(IP, port):
ok,,, recently, upstream added a feature for stand-alone installation of vdsm, 
where a self-signed vdsmcert.pem and its cacert.pem are generated on vdsm.rpm 
installation.

They are intended to be overwritten by the bootstrap process, as they have no 
value for Engine-controlled installation. (note to self/Alon - there's wasted 
time here, of needless key generation).

Since the .iso is generated by means of installing rpms, these files are 
shipped on the image. But I believe this is an unfortunate coincidence. Vdsm 
should not be running before registration.

I would suggest to somehow drop the default key/certs from the shipped 
ovirt-node image.
Line 1473: 
Line 1474:     dontcare, VDSMCERT, ENGINECACERT = certPaths('')
Line 1475:     RHEVM_CERT_FILE = "/ca.crt"
Line 1476:     rhevmCert = getRemoteFile(str(IP), str(port), RHEVM_CERT_FILE)


--
To view, visit http://gerrit.ovirt.org/8038
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I127bf44cbcde90f7dae26a3bd3127f3eac2ca53c
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Doron Fediuck <[email protected]>
Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Michael Burns <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to