Federico Simoncelli has posted comments on this change. Change subject: setup: move the certificate generation ......................................................................
Patch Set 2: > Maybe I don't understand... but if vdsm_create_cert fails, we have leftovers > from vdsm_create_key and vdsm_create_ca, where am I wrong? There's no benefit in removing the key and ca. No matter what, you need them all so even if you clean up leftovers vdsm wouldn't be usable (unless you intend to insert a kind of recovery, which is way exaggerated for an init script). During the next start you would skip the creation of things that are already present. > I thought the whole point of these keys are to serve environment without > engine, as in environments with engine we generate keys at bootstrap. Yes, *but* only for the local host (vdsClient 0), if you intend to use the client from a remote host then you have to commit in some way to a key/ca pair and move them across the hosts (this is basically a bootstrap and there's no automatic procedure other than the one provided by the engine at the moment). > If that indeed the purpose, for these environment running on ovirt-node we > need to persist the keys as no engine will do that for vdsm. Who cares, they'll be only for that instance. Anyway the discussed procedure (which is not even defined yet) is completely unrelated to the patch. What are the actions that ovirt-node takes for the ssh host keys? It should do the same for vdsm (in fact you don't ask openssh to persist them). -- To view, visit http://gerrit.ovirt.org/8368 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I40fa3d9a6a54e312e399af3f87ac67e843078360 Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Federico Simoncelli <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Barak Azulay <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]> Gerrit-Reviewer: Federico Simoncelli <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
